The Drug Enforcement Administration (DEA) has issued an interim final rule (IFR) that will allow healthcare providers and pharmacies to use electronic prescriptions with controlled substances (EPCS). The EPCS Rule's requirements are very detailed and include strict requirements that must be implemented by software vendors and service providers. Several requirements deal with implementation of encryption within the organization as well as management of the DEA registration information. The requirements address all three phases of the electronic prescription's process:
- Origination - Where a provider prescribes the medication
- Transmittal - For anyone that transmits or routes scripts, even if conducted internally and without use of third-party exchange networks
- Fulfillment - Pharmacies involved with validating prescriptions and dispensing medication
Building on NetSPI's extensive experience both with healthcare and application security, NetSPI was one of the first professional services firms to develop program compliance guides that have proven instrumental in working with other complex regulatory requirements. These guidelines break down the regulatory requirements into technical controls, which are then tied to specific audit requirements and can help make the process of undergoing an audit easier and more successful.
DEA EPCS Readiness Assessment. Ensuring an appropriate level of understanding of requirements at the design stage of a software development initiative is one of the best ways of ensuring passing the audit on the first try. NetSPI will work with your software development and product management teams to provide the necessary guidance or validation of the application's features dealing with EPCS. Additionally, NetSPI can provide a readiness assessment dealing with individual aspects of EPCS, such as documentation and development of the implementation guide.
DEA EPCS Certification. Our experience with PCI PA-DSS has allowed NetSPI to develop a mature application audit methodology, which we can apply towards providing a DEA EPCS Certification. Our consultants have experience with software development, so rather than depending on check-lists, NetSPI consultants will work with your development and product management teams in order to gather sufficient information to validate requirements. Once all requirements have been validated, NetSPI will issue a report that highlights the state of compliance, which can then be freely distributed to any client or third party.