E-Prescribing of Controlled Substances
One efficient workflow for all prescriptions
- Reduced fraud and abuse
- Secure electronic records
- Improved safety and patient care
Legal in 44 States and Counting
For healthcare communities, State regulatory approval is just one of the required milestones for enabling electronic prescribing of controlled substances (EPCS). Pharmacy system and physician EHR software companies must take additional security and technology steps to comply with The Drug Enforcement Administration's Interim Final Rule (IFR). Once these systems receive approved DEA audits, Surescripts certifies and connects pharmacy and prescriber applications for EPCS through the largest, most trusted national health information network.
Working together to coordinate these steps allows the healthcare community to experience the added security and efficiency of electronic prescribing of controlled substances. For a closer look at EPCS regulatory status by State, click on the EPCS Regulatory Status Map. To see pharmacy readiness by state or to search for EPCS-enabled pharmacies in your area, view our Pharmacy Enablement Map.
To learn more about the collaborative steps needed to enable EPCS transactions, select a menu item below or download our EPCS Overview Sheet.
Collaborating with Pharmacies and Software
Surescripts is committed to enabling and optimizing the EPCS process for pharmacies, software vendors and prescribers. We have gained valued and necessary experience to support the industry's efforts to move forward with EPCS. Surescripts continues to monitor the EPCS process to assure quality, security and safety across our national network. Surescripts invites pharmacies and prescriber software vendors to join network participants who have already become enabled for EPCS.
Commitment to Quality
Surescripts provides a safe and secure EPCS experience. To help assure consistent and reliable service, both pharmacy and prescriber software applications must be certified and complete a DEA required third-party audit prior to exchanging EPCS transactions through the Surescripts network.
Through collaboration with pharmacies and software vendors,
Surescripts has laid a foundation for network support that will
optimize the EPCS experience. In order to send controlled substance
prescriptions electronically, pharmacy software vendors, pharmacies
and prescriber software vendors must take steps to meet DEA
Steps for Pharmacy and Prescriber Software:
- Update e-prescribing software to meet all requirements specified in the IFR and SCRIPT messaging that supports EPCS
- Undergo a third-party audit to ensure the software meets all DEA EPCS requirements
- Achieve Surescripts Certification for EPCS
- Make audit results available to Surescripts along with a completed Surescripts EPCS Audit Attestation Form
If your prescriber or pharmacy software is already certified by Surescripts for e-prescribing, simply contact your Surescripts Account Representative to discuss a plan for EPCS certification. New software application vendors and pharmacies not currently certified by Surescripts for core e-prescribing services must have contracts in place with Surescripts before certification can begin. Click here to be contacted about Surescripts certification.
Healthcare providers who wish to send prescriptions for controlled substances electronically should take the following steps:
- Verify EPCS is legal in your state*
- Ensure that your e-prescribing software is Surescripts certified for EPCS
- Receive an audit report generated by your software vendor indicating compliance with the DEA IFR
- Adhere to ID verification procedures and access controls: ID Proofing, Two Factor Authentication, Digital Signing
*Disclaimer: This does not constitute legal advice. Prescribers should consult an attorney to ensure that EPCS is permitted in their state.
Click here to search for prescriber software vendors that have achieved Surescripts certification and completed their third-party audits for e-prescribing of controlled substances.
The following pharmacies and pharmacy software vendors have completed Surescripts certification and their third-party audits for e-prescribing of controlled substances:
- Cerner Etreby
- Express Scripts
- FrameworkLTC by SoftWriters
- H E B Pharmacy
- Health Business Systems
- McKesson Pharmacy Systems (EnterpriseRx, PharmacyRx, Zadall)
- Micro Merchant Systems
- QS/1 Data Systems
- Rite Aid
- Transaction Data Systems
To see pharmacy readiness by state or to search for EPCS-enabled pharmacies in your area, view our Pharmacy Enablement Map.
E-Prescribing of Controlled Substances in the United States must conform to two different sets of regulations:
- DEA regulations as stated in the Interim Final Rule (IFR) 21 CFR
- The state board of pharmacy regulations
DEA: Interim Final Rule: The Electronic
Prescriptions for Controlled Substances
Published March, 2010
The rule outlines requirements that are descriptive of the outcomes that the DEA wants to achieve. This is not a technical implementation specification. They have been very prescriptive around security requirements, but leave the actual implementation up to the applications and the auditors to determine how to be compliant, and meet their user needs.
DEA: Electronic Prescriptions for Controlled Substances Clarification about Audits
Published October, 2011
The DEA published clarification on the Third Party Audits
DEA: Questions and Answers for Providers of Electronic Prescription Applications, Pharmacy Applications, and Intermediaries
The information on this webpage is not intended to convey specific information about every aspect of the rule, nor is it a substitute for the regulations themselves.
DEA: EPCS Interim Final Rule - Questions and Answers for Pharmacies
DEA: EPCS Interim Final Rule - Questions and Answers for Prescribing Practitioners
After EPCS software has met regulatory requirements, been audited, certified and set up with two-factor authentication technology, the last step is identity proofing for the prescriber. The DEA allows identity proofing to be done by any federally approved Credential Service Provider (CSP) or certificate authority (CA) that is Level of Assurance 3 or higher. Prescribers must register their authentication credentials before they are enabled to send electronic prescriptions for controlled substances.
HELPFUL IDENTITY PROOFING LINKS
Individual Practitioners Q & A: Getting Started With Prescriber Identity Proofing
National Institute of Standards and Technology (NIST) Electronic Authentication Guideline
Federal Identity, Credential and Access Management Trust Framework Provider Credential Services,
This is not an exhaustive list. Any provider that is NIST 800-63 LOA 3 is allowed. Providers may be approved by the Federal Bridge Certificate Authority, universities and educational bridges related to these CAs and Trust Frameworks.
Entities Cross-Certified with the Federal Bridge