Protecting Electronic Prescriptions

In 2010 the US Drug Enforcement Agency, responding to an alarming increase in drug abuse, finalized a rule that requires the electronic prescribing of controlled substances (EPCS). Among its requirements: that all software programs used to produce and process EPCS orders need to be certified as DEA-compliant, including the software used by pharmacies to which EPCS requests are sent. In parallel, EPCS serves as a means to improve physician workflow, without having to find a prescription form, fill it out, sign it and then hand it off to their patient.

In the UK, the Electronic Prescription Service (EPS) enables prescribers — such as general practitioners and practice nurses — to send prescriptions electronically to a dispenser (such as a pharmacy) of the patient's choice. This makes the prescribing and dispensing process more efficient and convenient for patients and staff.

AuthenicateElectronicPrescripsImage

Problem

Since its inception more than 70 percent of pharmacies are able to receive prescriptions for controlled substances electronically. Additionally, EPCS is increasingly prolific, now legal in all 50 states and the District of Columbia. New York was the first state to require that all prescriptions be sent electronically via its I-STOP Act (Internet System for Tracking Over-Prescribing). More recently, Maine passed a law which similarly requires all opiod prescriptions be sent electronically from July 1, 2017.

To satisfy these emerging EPCS regulations, healthcare practitioners must undergo in-person or remote identity proofing before they can receive a two-factor authentication token.

The authentication token must be a FIPS 140-2 certified hardware token or software token with a FIPS 140-2 certified cryptographic module.

Additionally, authentication credentials must be SEPARATE from the device used to access the e-prescribing app. So if you’re prescribing from a mobile device, and you’re using a software authenticator on that device, you are NOT in compliance.
DIGIPASS for Mobile - OTP - 580x573 -

Solutions

VASCO solutions enable healthcare providers and healthcare software vendors to rapidly implement EPCS with improved compliance and greater efficiency.

Solution options include:


emptyDIGIPASS GO 7:
  • FIPS 140-2 Level 2 certified
  • Easy to use (one touch button device)
  • Fully supported by VACMAN and IDENTIKEY products

emptyDIGIPASS for Mobile:
  • Frictionless, authentication and e-signing experience for mobile users
  • Integrated with VASCO's patented CRONTO technology and Open QR codes

DIGIPASS for Apps:
  • Comprehensive SDK that natively integrates application security, two-factor authentication and transaction signing into mobile applications
  • Drives new levels of interconnected mobile app security and intelligence without performance lags or customer visibility
  • Easy to use
    - Biometric authentication (selfie, fingerprint)
    - Support for push notification

MYDIGIPASS for Healthcare:
  • Certified as full-service Credential Service Provider (CSP) at NIST SP 800-63 Level of Assurance 3 under the SAFE-BioPharma FICAM Trust Framework
  • One-stop shop for EHR vendors and hospitals that includes: identity proofing, credential issuance and delivery

Cybersecurity across the US Health Landscape

Michael Magrath, Director of Healthcare Business Development, North America VASCO and Chairman of the HIMSS Identity Management and Task Force discusses the implications of identity management and multi-factor authentication on EPCS, HIPAA, NSTIC, SAFE-BioPharma and more.

Source: Cybersecuritytv.net

Related Content

White paper: The Evolution of the Digital Identity in Healthcare
White Paper

Healthcare + Passwords = Playing with Fire

If your healthcare organization still relies on static unsecure usernames and passwords, read this white paper to understand why this risky practice should no longer be acceptable.

Download
Securing Data Access
Solution Brief

Six Best Practices to Bulletproof Patient Data

Cybercriminals covet healthcare-related data. Learn the six areas within healthcare that require strong authentication to protect patient data.

DOWNLOAD
MYDIGIPASS for Healthcare-ccImage
White Paper

Five Steps to EPCS Compliance

MYDIGIPASS for Healthcare offers unified ID proofing and authentication that can be used by healthcare organizations as well as HIT providers.

DOWNLOAD
epcs-cerner-img
White Paper

EPCS Compliance using 2FA

DEA regulations mandate the use of two-factor authentication when a prescription for a controlled substance is submitted electronically.

DOWNLOAD

Related Products

DIGIPASS GO 7

DIGIPASS GO 7 is a FIPS 140-2 Level 2 Certified one-time password (OTP) hardware authentication device that boosts security, provides unmatched user acceptance and also supports VASCO’s Multi OTP technology. DIGIPASS GO 7 offers enhanced security for organizations that need to secure multiple applications with a single device including banks, healthcare providers and enterprises. 

Read More
DIGIPASS GO 7 - 260 x 225

DIGIPASS for Apps

Mobile applications are changing the way business is done, offering instant access to services for your users. Unfortunately, attackers are taking advantage of the many complexities created by the mobile ecosystem to exploit vulnerabilities, resulting in sophisticated fraud schemes and theft of sensitive data.

DIGIPASS for Apps Animation Still Play

Read More

Related Products

DIGIPASS for Mobile

DIGIPASS for Mobile is a user-friendly and secure mobile authenticator that can easily be tailored to meet the needs of any authentication process. It can be customized and deployed rapidly without extensive technical support ensuring strong security with a compelling value.

Read More
DIGIPASS-for-mobile-265x220-24png

This website uses cookies to improve user experience, functionality and performance. If you continue browsing the site, you consent to the use of cookies on this website. Note that you can change your browser/cookie settings at any time. To learn more about the use of cookies and how to adjust your settings, please read our cookie policy.