Surescripts Ready For Controlled Substance E-Prescriptions
The e-prescribing intermediary now meets strict DEA security requirements, but pharmacies, vendors, and state laws still need to catch up.
(click image for larger view)
Slideshow: 12 Advances In Medical Robotics
Surescripts says its electronic prescribing conduit now meets stringent Drug Enforcement Administration (DEA) security requirements for e-prescribing of federally designated controlled substances and has begun a limited deployment of its technology in three states. This development removes one of the last remaining technical barriers to wider physician adoption of e-prescribing.
Surescripts said in a statement that it has begun certification of e-prescribing software and of pharmacy information systems to ensure that those products follow DEA requirements. A company spokesman said a rollout has begun in Texas, California, and Virginia, but would not comment further for this story.
The DEA, an arm of the U.S. Department of Justice, set the bar high because its law-enforcement constituency is concerned about illegal diversion of prescription narcotics and other controlled drugs. An interim final DEA rule that took effect June 1, 2010, requires prescribers of controlled substances to have two security credentials from the following three categories: something you know, something you have, and something you are. A password is adequate for the first part, but the second factor has to be biometric, a hard token, or a one-time password generated by a device other than the computer used for prescribing.
Beyond identity verification, prescribers and pharmacies alike must prove their identities to the federal National Institute of Standards and Technology (NIST) and use an application certified to adhere to DEA requirements. Intermediaries like Surescripts must be able to communicate with e-prescribing and pharmacy information systems, and state law has to permit e-prescribing of controlled substances, per the DEA rule.
Though the DEA approved e-prescribing of controlled substances nearly a year and a half ago, few physicians who have already embraced electronic prescribing have been able to take advantage of the change in the law. A federally funded pilot project in Berkshire County, Mass., has been underway since September 2009, thanks to a DEA waiver, but adoption has been virtually nonexistent elsewhere.
With the Surescripts network upgrade, that is starting to change. Last week, grocery chain Supervalu announced that its Shoppers Pharmacy and Farm Fresh Pharmacy affiliates in Virginia and Albertsons Sav-On Pharmacy locations in Southern California have begun accepting electronic scripts for controlled drugs. All Supervalu pharmacies, many under the Osco or Shop 'N Save brand names, will come online within weeks, as long as state law permits, the Eden Prairie, Minn.-based company said.
Supervalu claims to be the first company in the United States to meet the DEA requirements for filling electronic prescriptions for controlled substances.
On the vendor side, Rockville, Md.-based DrFirst, maker of Rcopia e-prescribing software, said in late July that it had released a version of its EPCS Gold e-prescribing software that meets all DEA, NIST, and Surescripts requirements. An earlier version of EPCS Gold is in use for the Massachusetts pilot.
Despite these developments, it is unlikely that e-prescribing of controlled substances will take off until next year. Pharmacies, pharmacy benefit managers, e-prescribing software vendors, and intermediaries all need to update and test their systems for compliance with the National Council for Prescription Drug Programs version D.0 standards for pharmacy claims by Jan. 1, 2012.
Find out how health IT leaders are dealing with the industry's pain points, from allowing unfettered patient data access to sharing electronic records. Also in the new, all-digital issue of InformationWeek Healthcare: There needs to be better e-communication between technologists and clinicians. Download the issue now. (Free registration required.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.