Last week, the Drug Enforcement Administration released its long awaited Interim Final Rule on e-Prescribing of Controlled Substances.
It’s 334 pages long, but the most important portion is section § 1311.115 which describes the need for two factor authentication when prescribing controlled substances. Here’s the detail
(a) To sign a controlled substance prescription, the electronic prescription application must require the practitioner to authenticate to the application using an authentication protocol that uses two of the following three factors:
Enhanced Direct Enrollment: Georgia Access and the Power of Partnership
Across the nation, state-based health insurance exchanges are searching for ways to better serve their communities while making enrollment easier, more personal, and more accessible for everyone.
(1) Something only the practitioner knows, such as a password or response to a challenge question.
(2) Something the practitioner is, biometric data such as a fingerprint or iris scan.
(3) Something the practitioner has, a device (hard token) separate from the computer to which the practitioner is gaining access.
(b) If one factor is a hard token, it must be separate from the computer to which it is gaining access and must meet at least the criteria of FIPS 140-2 Security Level 1, as incorporated by reference in § 1311.08, for cryptographic modules or one-time-password devices.
Integrating GLP-1s: How Berry Street is Redefining Nutrition Care
Richard Fu details the company's approach to nutrition therapy and strategy for patients using GLP-1s.
(c) If one factor is a biometric, the biometric subsystem must comply with the requirements of § 1311.116.
In a previous blog, I wrote about the many technologies which support strong authentication.
For e-Prescribing of controlled substances BIDMC will investigate 3 approaches
*The use of fingerprint biometrics using web-based software from Bio-Key as described in my cool technology blog.
*The use of hard tokens such as those provided by RSA.
*The use of cell phones as a two factor authentication device such as sending a PIN number via SMS after each e-prescribing session. Anakam has a complete suite of tools to implement this workflow.
Although there will be some burden/inconvenience imposed on clinicians through the use of two factor authentication, I believe it will ultimately save time. Why?
Today’s e-prescribing workflow is fractured. I can write for Lipitor with fully electronic NCPDP 8.1 formatted, vocabulary controlled, end to end secure transactions. However I write for Oxycontin with a pen and paper. I have to split my time between a screen and a pen for the same encounter with the same patient depending on the drug I’m writing for. In the Emergency department, approximately 30% of all prescriptions are for controlled substances (i.e. pain control after trauma).
With fully electronic workflows, I can write for all meeds, digitally sign the enter order set, get a PIN sent to my cell phone in 2 seconds and then send the transactions to the pharmacy of the patient’s choice without a pen, paper or hassle.
I look forward to our controlled substance e-prescribing pilots. Ultimately it will be a win/win/win for patients, providers, and pharmacies.
Dr. John D. Halamka is chief information officer and dean for technology at Harvard Medical School who writes at Life as a Healthcare CIO.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.