EPCS and 2FA: Authentication on the Frontlines of the Opioid Crisis

Guest Blogger
May 6, 2019
Topic: Healthcare

Authored by guest blogger Tim Goodwin, Vice President of Overseas Business and Operations | CERTIFY Global

 

As we all know, the long, national nightmare known as the opioid crisis continues to drag on across the U.S. According to a recent American Psychiatric Association poll, nearly one of three Americans knows someone addicted to some form of opioid. And, according to the CDC, on average, 130 Americans die every day from an opioid overdose.

Tightening Access
In its search for ways to improve the management of opioids, the healthcare industry is leveraging Electronic Prescribing of Controlled Substances, or ECPS, as a solution for curtailing prescription fraud. Eliminating paper prescriptions with EPCS can help circumvent prescription fraud when patients alter their physicians’ prescriptions or steal prescription pads from provider offices to forge prescriptions. (The estimated black-market street value of a prescription pad can be as much as $150,000 and demonstrates the significance of the problem.)

By adding electronic prescriptions to the Prescription Drug Monitoring Program databases managed by many states and combined with electronic health records (EHRs), EPCS also helps prevent “doctor shopping”—a practice used by some patients to fraudulently obtain prescriptions from multiple providers. EPCS provides greater control and safety for everyone—including patients, clinicians, and pharmacies.

Evolving Regulations
The Drug Enforcement Administration (DEA) interim final rule for EPCS was published in 2010 and gave practitioners in all states the option of issuing electronic prescriptions in lieu of paper prescriptions. Many healthcare organizations have adopted EPCS and, to date, 14 states have mandated the use of EPCS. While this represents some progress, much work remains. Last year, the SUPPORT Act, which shed new light on the urgency of the need to combat misuse of opioids and other prescription drugs, included a mandate for healthcare providers to use EPCS by 2021.

To enable EPCS, providers must comply with the DEA’s rules. In addition to the regular authentication process that providers use to access their EHR system, the DEA rule also requires a separate two-factor authentication when prescribing a controlled substance. That authentication requires providers use two of three factors:

  1. Something only the provider knows: username and password or PIN.
  2. Something only the provider has: credential, cryptographic device or token
  3. Something only the provider is: biometric element such as a fingerprint

The two-factor authentication technologies accepted by the DEA for providing secure online signatures include biometrics, tokens, and smart cards. At CERTIFY Global, we offer a solution that provides two-factor authentication for EPCS that includes biometric authentication (something the provider is) and, when enabled with RF IDeas pcProx® and pcProx BLE readers, we authenticate username and password (something the provider knows) or credential, device or token (something the provider has). The RF IDeas products read proximity, contactless smartcards and Bluetooth-enabled devices in one reader.

Together, CERTIFY and RF IDeas integrated solution promises to ease the process of EPCS by bringing DEA compliance to every provider’s fingertips. With our multifactor authentication solutions, we enable seamless DEA-compliant identity proofing, enrollment of credentials, two-factor authentication, auditing, and reporting to give physicians multiple pathways to a fast and efficient EPCS workflow.

For more on the CERTIFY and RF IDeas solutions, visit www.certifyglobal.com/

 

About CERTIFY Global
CERTIFY Global enables companies and organizations around the globe to accurately authenticate patients, users and employees. As a cloud-based platform, the platform is scalable, supports all biometric modalities, and can be seamlessly integrated. CERTIFY Global is an RF IDeas solution partner.