
Problem
Since its inception more than 70 percent of pharmacies are able to receive prescriptions for controlled substances electronically. Additionally, EPCS is increasingly prolific, now legal in all 50 states and the District of Columbia. New York was the first state to require that all prescriptions be sent electronically via its I-STOP Act (Internet System for Tracking Over-Prescribing). More recently, Maine passed a law which similarly requires all opiod prescriptions be sent electronically from July 1, 2017.
To satisfy these emerging EPCS regulations, healthcare practitioners must undergo in-person or remote identity proofing before they can receive a two-factor authentication token.
The authentication token must be a FIPS 140-2 certified hardware token or software token with a FIPS 140-2 certified cryptographic module.
Additionally, authentication credentials must be SEPARATE from the device used to access the e-prescribing app. So if you’re prescribing from a mobile device, and you’re using a software authenticator on that device, you are NOT in compliance.