DEA e-prescription regulations released June 27 2008
The highlights:
1) Prescriber in-person identity proofing (fortunately this can be done at a DEA-registered hospital)
2)Authentication protocol would have to be two-factor
3)Pharmacies would have to regularly check on the prescriber's status
4)Both the electronic prescription service provider and the pharmacy system provider would need to obtain annual third-party audits for security and processing integrity. 3rd party audits
Here is an abridged version of the 62 page document.
Public comment is strongly recommended. SV
DEA considered and is proposing two options:
Electronically signed prescriptions with security controls. Under this alternative, practitioners would be required to undergo in-person identity proofing and submit documentation of that to a service provider. The identity proofing would be conducted by a DEA-registered hospital, a State licensing board, or State or local law enforcement agency. The service provider would be required to check the validity of the DEA registration and State license before issuing an authentication protocol to be used to sign controlled substance prescriptions. The authentication protocol would have to be two-factor, with one factor stored on a hard token (e.g., a PDA, a multifactor one-time-use password token, a thumb drive, a smart card). DEA would also impose certain system requirements related to the prescription elements and their presentation; most existing systems may already meet these requirements. The prescription would have to be transmitted immediately upon being signed and the service provider would have to digitally sign and archive the record before transmitting the plain text prescription to the intermediaries. The pharmacy would have to digitally sign and archive the prescription as received. The pharmacy system would need an internal audit trail to record any attempts to alter a record and conduct internal checks for such attempts. Both the electronic prescription service provider and the pharmacy system provider would need to obtain annual third-party audits for security and processing integrity. The service provider would have to generate a monthly log, which practitioners would be required to check for obvious anomalies. The rationale for each of the requirements is presented under the discussion of the proposed rule below.
Modified digitally signed prescriptions. Due to the current use of
digital signatures by Federal health care systems, and the added security afforded by such signatures, DEA is proposing to allow practitioners that prescribe controlled substances at Federal health care facilities (e.g., Department of Veterans Affairs, Department of Defense) the additional option of using digital certificates, issued by such Federal agencies, to sign controlled substance prescriptions issued in the course of their official duties within those facilities. These Federal agencies would need to determine that the practitioner is authorized and registered, or exempted from the requirement of registration, to prescribe controlled substances. The private key would be required to be stored on a hard token. Federal agencies will already be meeting this requirement in issuing Personal Identification Verification (PIV) cards under Federal Information Processing Standard 201. Most of the system requirements would be the same as in the previous option except that the Federal agency could elect to allow the practitioner to digitally sign and archive the prescription once the DEA-required elements are complete and transmit later when other information has been added (e.g., retail pharmacy URL). The Federal agency would not have to digitally sign the record as transmitted. The pharmacy requirements would be the same. The digital signature would not be transmitted to the pharmacy; the pharmacy would not have to validate the record. However, if a Federal agency wished to include the digital signature as part of the transmission, DEA is permitting this alternative. In that case, the pharmacy would be required to validate the digital signature, but would not be required to digitally sign the prescription as received. Because a Certification Authority would issue the digital certificate and because record integrity is more assured with a digital signature, DEA would not require a check of a monthly log or third-party audits for security. The rationale for each of the requirements is presented under the discussion of the proposed rule below.
National Register
A place to discuss ideas and experiences with Electronic Health Records, Personal Health Records, Patient Portals,Patient Centered Medical Home and Meaningful Use topics
Would you use or provide dual identity phones?Which OS would you prefer?
About Me
- Salvatore Volpe MD FAAP FACP CHCQM
- MSSNY HIT Committee Chairman, HIMSS NY President(2009-2011), HIMSS Chapter Leader of the Year 2010, First Solo PCMH practice in USA 2011, First Solo PCMH practice in NYS 2009, IPRO Quality Award Winner 2007, Telephone:718.351.2222 Please post questions here
Patient Centered Medical Home
Posts
Electronic Health Record Consultants
Epocrates
HIT LINKS
- AAFP
- AAP
- ACOG
- ACP
- AHRQ
- AMA
- AMIA
- CMS State Medicaid Information
- HEALTHIT HHS GOV
- HHS Live Video Link
- HIMSS NYS
- HIMSS State HIT Dashboard
- HIMSS Topics
- NCQA
- NY eHealth Collaborative
- NYC DOHMH PCIP
- NYC Reach
- Office of Health Information Technology Transformation
- ONC Certified HIT Product List
- OneTheRecord HIT networking site
- Patient Centered Primary Care Collaborative
- Regional Extesion Center List
My Blog List
HIT Users Forum
Medical reference sites
Blog Archive
American Medical News - BUSINESS
News from healthcareitnews.com
Labels
- 10 (2)
- 17 (1)
- 2007 (1)
- AAFP (1)
- acer (1)
- ACO (9)
- ACP (4)
- active (1)
- activehealth (2)
- activehealth management (1)
- adam bosworth (1)
- Aetna (4)
- AHIMA (2)
- AHRQ (5)
- Alaska (1)
- ALLINA (1)
- Allscripts (8)
- AMA (19)
- AMBULATORY (2)
- Answer (2)
- Archives of Internal Medicine (1)
- ARRA (14)
- ATT (1)
- Attest (1)
- Availity (1)
- Axolotl (1)
- Baltimore (1)
- batteries (2)
- BCBS (6)
- Beacon (1)
- BHIX (2)
- biden (1)
- Block (1)
- Bloomberg (1)
- Blumenthal (2)
- Blunt (1)
- bonus (1)
- BRIDGES (1)
- BRIDGES TO EXCELLENCE (3)
- broadband (1)
- Bronx (2)
- Brookings (1)
- BROOKLYN (2)
- call in session (1)
- CalRHIO (2)
- Canada (5)
- Canadian (4)
- CapMed (1)
- carbontite (1)
- Carolina (3)
- CCHIT (17)
- CDA (1)
- CDC (1)
- CDPHP (3)
- cell (1)
- cell phone (2)
- certification (2)
- Charleston Retirement (1)
- CIGNA (1)
- city (1)
- Cleveland (1)
- Cleveland Clinic (1)
- CLIA (1)
- Clinical (1)
- Cloud (1)
- CME (4)
- CMS (66)
- collaborative (1)
- Commission (1)
- Community (2)
- computer (1)
- conference (3)
- continuity of care (1)
- controlled (2)
- COPD (1)
- corsair (1)
- Covisint (2)
- CPOE (1)
- CRM (1)
- cv (1)
- Dakota (1)
- daschle (1)
- database (1)
- Davie (1)
- Davies (1)
- dea (3)
- DELL (1)
- demo (1)
- Dennis Moore (1)
- DocSite (1)
- Document (1)
- DoD (1)
- DOQ-IT (1)
- Dossia (3)
- DrFirst (3)
- Drug (2)
- e-health corporation (1)
- e-health europe (1)
- e-prescribing (19)
- e-visit (1)
- eclinicalworks (17)
- Eclipsys (4)
- eCW (9)
- EDS (1)
- ehealth.johnwsharp (1)
- EHR (81)
- EHR-S (1)
- email (2)
- emergency (1)
- EMR (3)
- Ensign (1)
- Epic (1)
- epocrates (1)
- eprescribing (17)
- Erickson Retirement Communities (2)
- eRX (7)
- eRx Now (1)
- extension (15)
- Eytan (3)
- Farzad (3)
- Father (1)
- FDA (4)
- FIRSTGATEWAYS (1)
- flash (1)
- Florida (1)
- Flu (2)
- Fox (1)
- FQHC (1)
- fujitsu (1)
- Galvanon (2)
- GAO (3)
- GE (4)
- Geisinger (1)
- GHI (1)
- Global (1)
- Global Care Solutions (1)
- google (6)
- Governor Fletcher (1)
- grant (6)
- Green (1)
- Greenway (2)
- group (2)
- H.R. (1)
- H.R. 2991 (1)
- H.R. 6331 (1)
- H1N1 (2)
- Haig (1)
- Hall (1)
- Harvard (1)
- Hawaii (1)
- HEAL 5 (3)
- HEAL NY (6)
- Health plan (2)
- health records (1)
- health savings accounts (1)
- HealtheLink (1)
- Healthvault (9)
- HHS (9)
- HIE (13)
- high (1)
- highmark (1)
- HIMSS (34)
- HIMSSNYS (1)
- HIP (1)
- HIPAA (2)
- HIT (15)
- HITECH (4)
- HITSP (1)
- HIXNY (1)
- HL7 (3)
- Home Health.Tele (1)
- Horizon (1)
- hospital (2)
- Hudson Valley (1)
- Hudson Valley Health Information Exchange (1)
- HVHIE (1)
- IBM (3)
- ICD (2)
- iHealth Record (2)
- Illinois (1)
- iMedica (1)
- IMH (1)
- Incentive (9)
- Indivo (1)
- Ingenix (1)
- Initiate (1)
- Initiate Systems (1)
- innovation (1)
- inpatient (2)
- Instant Medical History (1)
- Internet (1)
- Intuit (1)
- ipa (1)
- ipad (2)
- iphone (3)
- IPRO (1)
- IRS (1)
- Joe (1)
- John W Sharp (1)
- Johnson and Johnson (1)
- Kaiser (7)
- Kentucky (2)
- Kerry (1)
- kiosk (1)
- Kryptiq (1)
- LEAP (1)
- LEAPFROG (1)
- Legistlation (1)
- lifebook (1)
- MAEHC (1)
- MAIMONIDES (1)
- Maine (1)
- Management (1)
- manager (1)
- markle (1)
- Maryland (1)
- Mass (2)
- Mayo Clinic (1)
- mayor (1)
- McKesson (2)
- MD (1)
- MDLAND (1)
- meaninful (26)
- meaning (2)
- meaningful (6)
- Medem (2)
- Medent (1)
- Medfusion (1)
- Media (1)
- medicaid (18)
- medical economics (2)
- medical home (10)
- Medical Mutual of Ohio (1)
- Medical Records Institute (1)
- Medical Society of the State of NY (1)
- medicare (20)
- Medicity (1)
- Medikiosk (1)
- Medinotes (1)
- Medline (2)
- Medlink (1)
- Medplexus (1)
- MEDPLUS (1)
- Medscape (1)
- memory (1)
- Mental (2)
- MGMA (1)
- Microlife (1)
- microsoft (7)
- Minnesota (3)
- Minnesota Health Exchange (1)
- Missouri (1)
- Misys (3)
- Misys Connect (1)
- MITRE (1)
- Mostahari (2)
- Mostashari (1)
- MRI (1)
- MSSNY (13)
- my health manager (1)
- myPHR (1)
- NAHIT (1)
- NaviNet (1)
- NCHEX (1)
- NCQA (7)
- NCQA.PCMH (3)
- NEPSI (1)
- network (1)
- network magic (1)
- New York eHealth Collaborative (2)
- NextGen (2)
- nga (2)
- NHIN (5)
- NJ (5)
- North (3)
- notebook (1)
- NPHO (1)
- NPRM (1)
- NSLIJ (3)
- Nurse (2)
- Nursing (2)
- NY (8)
- NY DOH (9)
- NYC (22)
- NYCDOH (10)
- NYCDOHMH (3)
- NYCLIX (1)
- NYeC (9)
- NYeHealth (5)
- NYS (34)
- obama (2)
- OHIC (1)
- oklahoma (1)
- Omron (1)
- ONCHIT (18)
- Open (1)
- Open Source (1)
- OPTUM (1)
- Oregan (1)
- P4P (4)
- padlock (1)
- PaEHI (1)
- Panasonic (1)
- Panel (1)
- Partner (1)
- pass (1)
- Patient Centered Medical Home (5)
- Patient Portal (4)
- Pay for performance (2)
- PCHIT (2)
- PCHR (1)
- PCIP (18)
- PCMH (32)
- PCP (5)
- PCPCC (1)
- pda (1)
- PDR (8)
- PECOS (3)
- Pennsylvania (1)
- Permanente (1)
- personal health record (4)
- personal health records (1)
- Pfizer (1)
- Pharmacy (10)
- Phase 5 (1)
- PHIX (1)
- PHR (28)
- PHR iHealth (1)
- PHR-S (1)
- Physician Portal (1)
- PIER (1)
- pocketscript (1)
- podcast (2)
- Point of Care POC (1)
- Polar (1)
- PQRI (17)
- Practice (2)
- Prematics (2)
- preventative service (1)
- privacy (1)
- ProInfoNet (1)
- Quest (3)
- Quest Diagnostics (2)
- Question (2)
- Rachel (1)
- REACH (14)
- regional (14)
- Registry (1)
- Relay (1)
- RelayHealth (2)
- reminder (1)
- Rendell (1)
- Rep. (1)
- RHIO (9)
- RHITEC (4)
- Rhode Island (2)
- room (1)
- routing (1)
- rural (1)
- safe harbor (1)
- Safety (2)
- self-serve medicine (1)
- Seminar (2)
- Senator (1)
- Skyscape (1)
- smoke (1)
- smoking (1)
- Snowe (1)
- software (1)
- South (1)
- Spanish (1)
- St Agnes (1)
- Stabenow (1)
- standard (1)
- state alliance for e-health (2)
- staten (1)
- staten island (1)
- substances (1)
- summit (8)
- surcharge (1)
- surescripts (6)
- survey (1)
- Swine (2)
- tablet (2)
- taconic (1)
- taconic ipa (1)
- tax (1)
- Ted (1)
- Telemedicine (3)
- TEPR (2)
- text (1)
- The Doctors Company (1)
- Thincm Hudson (1)
- Town (1)
- Tweet (1)
- Twitter (1)
- uhc (4)
- unitedhealth (3)
- UPMC (1)
- URAC (1)
- usb (1)
- use (31)
- user (4)
- VA (2)
- Vendor Advisory Council (1)
- VERIZON (1)
- Vermont (2)
- VITL (1)
- Vostro (1)
- Walmart (2)
- Water (1)
- Waterfront (1)
- Webinar (9)
- WebMD.PHR (1)
- Well (1)
- Wellpoint (2)
- Westchester (1)
- Westchester County (1)
- Westchester County Medical Society (1)
- word (1)
- Xebra (1)
- ZIX (2)
Epocrates MedSearch
Google Check Out
Disclaimer
Use of any medical references is at your own risk. The author accepts no responsibility for clinical outcomes based on the contents of any medical websites or medical references mentioned on this site.
No comments:
Post a Comment