Skip to main content
Image
purple hex pattern

Comply with Electronic Prescriptions for Controlled Substances (EPCS) requirements

EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.

Entrust can help prepare organizations to meet these regulations through:

  • FIPS-certified protection of private keys;
  • Industry-leading experience in designing and implementing PKI solutions;
  • A secure execution environment for running sensitive cryptographic processes.

Regulation

The DEA's EPCS Regulation

"Electronic Prescriptions for Controlled Substances" revises DEA's regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically. The regulations will also permit pharmacies to receive, dispense, and archive electronic prescriptions.

The DEA’s requirements for EPCS include:

(16) The digital signature functionality must meet the following requirements:
(i) The cryptographic module used to digitally sign the data elements required by part 1306 of this chapter must be at least FIPS 140–2 Security Level 1 validated. FIPS 140–2 is incorporated by reference in Section 1311.08.
....
(iii) The electronic prescription application's private key must be stored encrypted on a FIPS 140–2 Security Level 1 or higher validated cryptographic module using a FIPS-approved encryption algorithm. FIPS 140–2 is incorporated by reference in Section 1311.08.

In addition, in “§1311.205 Pharmacy application requirements” in the same DEA publication, the section states:

(b) The pharmacy application must meet the following requirements:
(4) For pharmacy applications that digitally sign prescription records upon receipt, the digital signature functionality must meet the following requirements:
(i) The cryptographic module used to digitally sign the data elements required by part 1306 of this chapter must be at least FIPS 140–2 Security Level 1 validated. FIPS 140–2 is incorporated by reference in Section 1311.08.
....
(iii) The pharmacy application's private key must be stored encrypted on a FIPS 140–2 Security Level 1 or higher validated cryptographic module using a FIPS-approved encryption algorithm. FIPS 140–2 is incorporated by reference in Section 1311.08.

Compliance

Strong Key Management

Entrust nShield® hardware security modules (HSMs) are FIPS 140-2 certified, tamper-resistant devices that protect practitioners’ private signing keys.

Protection of Digital Signature Functionality

In addition to protecting your sensitive keys, nShield HSMs also provide a secure environment for running proprietary applications. The CodeSafe option lets you develop and execute digital signature functionality within nShield's FIPS 140-2 Level 3 boundaries, as required by the EPCS regulation.

Authorized User Controls

Establish a secure and scalable PKI that helps securely authenticate users and devices to participate in the prescription network. Using nShield HSMs to help secure the process of issuing certificates and proactively manage signing keys creates a high-assurance foundation for digital security.

Resources

Brochures: Entrust nShield HSM Family Brochure

Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, Entrust nShield HSMs support a variety of deployment scenarios.

Entrust nShield HSM Family Brochure

Related Products