A Quick Guide to EPCS. What You Need to Know to Implement Electronic Prescriptions for Controlled Substances
|
|
- Arleen Walsh
- 5 years ago
- Views:
Transcription
1 A Quick Guide to EPCS What You Need to Know to Implement Electronic Prescriptions for Controlled Substances
2 Many healthcare providers have delayed implementing electronic prescriptions for controlled substances (EPCS). Some may be waiting for the regulatory dust to settle, as the US Drug Enforcement Agency (DEA) ruling is titled Interim. Others may be deterred by the length and complexity of the document. Despite the temporary title of the DEA s ruling, EPCS is here to stay. With each passing month, the reasons for implementing EPCS become more compelling. We are reaching a point at which the downsides of implementing changes are vastly outweighed by the benefits of moving forward with EPCS. The good news for healthcare providers is that EPCS isn t as complex as the lengthy DEA document makes it seem. Most of the requirements need to be built into the EPCS system itself and are the responsibility of the EPCS solution vendor. Institutions, medical practices, and practitioners are primarily responsible for finding, and working with, an appropriate, compliant vendor. They are also responsible for creating the appropriate internal roles and processes within their organization, to maintain compliance with the DEA regulations. This paper outlines the general responsibilities of healthcare providers who need to meet federal requirements for EPCS, including: What to look for from your solution vendors How identity proofing works The roles and processes you need to define This paper s aim is to help healthcare practitioners plan their EPCS efforts and start taking action. This paper does not replace the need for legal advice. To ensure full compliance, be sure to consult with the relevant state Board of Pharmacy to identify any additional state requirements. Why the Time is Right to Take Action If you need a reason to adopt EPCS, look no further than regulatory compliance. EPCS can be instrumental in meeting Meaningful Use requirements for electronic prescriptions: Stage 1: 40% of prescriptions transmitted electronically Stage 2: 50% of prescriptions transmitted electronically
3 Meeting the Stage 1 40% requirements may have been easy, but many organizations are finding it difficult to achieve the 50% requirement in Stage 2 without including controlled substances. Even if controlled substances don t make up a large percentage of prescriptions, practitioners need to manage two distinct workflows for patients with both types of prescriptions. Physicians pressed for time are likely to simplify things for themselves and their patients by writing all prescriptions on paper. For this reason, adding controlled substances to the e-prescribing program can improve the adoption of e-prescribing for non-controlled substances. At the state level, EPCS plays a growing role as well. A great majority of states maintain an active Prescription Monitoring Program (PMP) for controlled substances. The National Association of Boards of Pharmacy has created a PMP Interconnect to provide visibility across state boundaries. More than half of the states are currently participating, including Ohio, Connecticut, New Jersey, Virginia, and Illinois. Many states mandate PMP checking prior to prescribing controlled substances. Maintaining a database of prescriptions offers better visibility into providers prescribing habits. Providers are becoming more sensitive to fraud and they want a secure way to e-prescribe controlled substances. Paper prescriptions can be altered, and they include providers DEA numbers the public circulation of which can expose providers to fraud risks. Check with your state about the availability of a PMP, any mandates, and access to your PMP Interconnect. Beyond regulatory compliance, there are societal reasons for moving to EPCS. Electronic prescriptions feed the drug databases and PMPs, which create critical visibility needed to cut down on the addiction and deaths due to prescription drug diversion and abuse. Ask the Right Questions of Vendors Many of the DEA requirements outlined in the Interim Rule must be built into the EPCS system itself. Unless you re writing your own EPCS solution (an undertaking we won t cover here), much of the burden of compliance falls on your solution vendor. Healthcare providers should know what to look for in an EPCS solution. (See the sidebar for the list of system requirements.) You also need to create processes and roles to work with those solutions. System requirements To meet federal requirements, an EPCS system and processes must include the following: A method for ID proofing Ability to assign different access levels A method for ensuring that only authorized DEA registrants sign prescriptions (two-factor authentication) Controls on prescription orders: Once a prescription is signed, it cannot be changed. Once transmitted successfully, any printed prescription orders must be marked as copies, so they cannot be filled redundantly. If a transmission fails, the prescription can be printed but the failure must be documented and verified. Ongoing audit trail for all activities from identity proofing to signing Auditing and reporting for all discrepancies (such as unauthorized access attempts) The solution vendor must have the system audited regularly for compliance with DEA requirements: Before implementation After each significant upgrade or alternation At least every two years
4 The two-factor authentication credentials currently approved for EPCS include: Biometrics (fingerprint readers need to be FIPS 201-compliant) One Time Password tokens Smart cards A number of different independent organizations can perform the audit, including a certified Information Systems Auditor that regularly performs compliance audits or a qualified SysTrust, WebTrust, or SAS 70 auditor. The audit itself must be specific to the DEA requirements. A standard SysTrust audit, for example, does not confirm compliance with the DEA Interim Rule. When engaging with a vendor for an EPCS solution, ask the right questions about compliance, including: Have you been successfully audited for DEA compliance? Was the auditor a qualified audit provider? Can I have a copy of the report or an audit certificate? What authentication methods do you support? Do you support more than one method for two-factor authentication? Understand Identity Proofing Requirements Identity proofing is the process of confirming that the person signing a prescription is eligible to do so, according to the DEA. In an EPCS qualified system, identity proofing must occur before individuals are issued with credentials to digitally sign prescriptions for controlled substances. For individual practitioners or practices, identity proofing involves working with a federally approved Credential Services Provider to receive a prescribing credential. (Both Verizon and Symantec can fill the CSP role.) But most hospitals, large clinics, and some long-term care facilities are considered to be institutional practitioner registrants by the DEA. As a result, they can conduct identity proofing and issue EPCS credentials for the providers that prescribe within their practices. In a hospital, for example, the hospital credentialing office can be responsible for identity proofing and assigning EPCS credentials for two-factor authentication. This document focuses primarily on the institutional case. Some physicians fall into both categories. For example, a physician may receive EPCS credentials through the system of the hospital in which she practices. But, in order to sign prescriptions for controlled substances within her own private practice she needs to use a credential from an authorized CSP. (See the section below on the differences for individual practices.) Assign the Institutional Roles Related to EPCS First, you will need to identify those individuals within your organization who can sign for controlled substance prescriptions. In a large clinic or hospital, this list may be extensive.
5 Next, you need to identify the people who manage the EPCS controls and compliance. Maintaining compliance will require multiple people in distinct and specific roles. The general aim of the Interim Rule is to increase security by distributing responsibility. As a result, the Interim Rule dictates the following Separation of identity Proofing (determining the actual identity of the DEA registrant) and logical access controls (defining who has access to what capabilities in the software.) Within each role, at least two people must participate to authorize a change. Optionally, to strengthen control and oversight, you might choose individuals reporting to different departments or managers. If you qualify as an institutional practitioner registrant (an institution registered with the DEA that does its own identity proofing), you ll need to identify at least four people for EPCS-related roles, in addition to those individuals who can sign the controlled substances prescriptions. These roles manage the following processes: The DEA recognized two-factor authentication technologies including biometrics, tokens and smart cards as valid ways of providing secure online signatures. Identity proofing: At least two people need to approve the list of individuals authorized to sign prescriptions for controlled substances. The identity proofing roles must confirm that prescribers have DEA credentials by name. Many hospitals have one person who creates the list and another person who approved it (typically from the credentialing office). Logical access controls: Working from the approved list of prescribers, two different people are responsible for entering and assigning access controls in the EPCS system. For example, one person might enter the controls in the system and the other person might approve them. You may have more than four people, but you need at least two in each function. You also need to keep careful records of who fills each role and audit all of their activities related to their role. Two-factor Authentication The DEA recognized two-factor authentication technologies including biometrics, tokens, and smart cards as valid ways of providing secure online signatures. When creating access controls, institutions need to issue twofactor authentication credentials for their authorized EPCS prescribers. A solution partner or consultant may help with the technical part of issuing credentials (such as ensuring that fingerprint scans are read correctly during the fingerprint enrollment process). But the institution will need to confirm that the individuals are approved, and will need to sign-off on those credentials.
6 You need to establish and demonstrate a chain of trust from initial identity proofing all the way to prescription signing. Some hospitals perform the enrollment when training staff on the technology. Again, it is important to not only approve the credentials, but to track who performs these approvals, and keep records of the entire process. Maintaining an Audit Trail Demonstrating and proving compliance is a critical part of the overall process. For EPCS, you need to establish and demonstrate a chain of trust from initial identity proofing all the way to prescription signing. To do this, you need to audit and document every step of the process: Document who is performing each role and track any change to the roles. Keep a time-stamped audit trail of all logical access and permission changes for e-prescribing. Maintain an audit log of all two-factor credential issuances and changes. Maintain an audit log of all signed e-prescriptions and transmissions, including failed transmissions. Keep all electronic records for at least two years (individual states may require longer retention periods.) Processes to Support EPCS In the initial roll-out of EPCS, you need to train people on their roles and enroll practitioners with two-factor authentication for the system. Once initial training and setup is done, you need to implement ongoing practices to maintain compliance: Maintain access controls Always revoke EPCS access to practitioners in the following situations: When an individual s two-factor credential is lost or compromised. When a practitioner loses DEA registration. When a practitioner leaves or otherwise loses access rights. Maintain vendor compliance Verify that the vendor has passed an independent audit after every system upgrade, or after two years have passed since their last audit. If you find a problem with your EPCS system, report it to your vendor. If you suspect a compliance problem, cease using EPCS. Individuals and Individual Practices There are several differences in implementation for individual DEA registrants or small private practices. (These rules may also apply if an institution decides to have providers get credentials individually.)
7 First, individual practices require fewer people in EPCS-related roles, because a CSP fills the identity-proofing role. Individual practice must designate at least two people to manage logical access controls one of which must be a DEA registrant that has gone through the identity proofing process and received a two-factor authentication credential. DEA and state approvals must be current and in good standing. The process of adding approvers looks like this: 1. One person enters the access controls into the EPCS system. 2. An identity-proofed DEA registrant authenticates those controls using the CSP-provided two-factor authentication to approve access. In an individual or small practice, the DEA registrant should be the first person enrolled in the EPCS system, as they will have the necessary credentials for approving everyone else s access levels. In an EPCS qualified system, identity proofing must take place before individuals are issued with credentials to digitally sign prescriptions for controlled substances. Additional Considerations This document covers the broad strokes of EPCS compliance from the DEA perspective. However, your specific State Board of Pharmacy must authorize electronic prescriptions for controlled substances, and the precise rules and definitions vary between states. Consult your own State Board of Pharmacy for details. (SureScripts offers a state-by-state listing of EPCS status here.) The DEA requires that pharmacies are also certified to accept EPCS. Before undertaking an EPCS program, identify the pharmacies that will participate. Sample EPCS roles for institutions and individual practices: Institutions (Hospitals, LTCF, Clinics) Individuals or Individual Practices Identity Proofing Logical Access Controls Create/verify approved e-prescribers for controlled substances Create an approved list of e-prescribers Enter access controls into your system for your list of approved e-prescribers Approve access controls and issue two-factor authentication credential [Performed by CSP] Enter access controls into your system Approve access controls (must be DEA registrant)
8 About Imprivata Imprivata is a leading provider of authentication and access management solutions for the healthcare industry. Imprivata s single sign-on, authentication management, and secure communications solutions enable fast, secure, and more efficient access to healthcare information technology systems to address multiple security challenges and improve provider productivity for better focus on patient care. Over 2 million care providers in more than 1,000 healthcare organizations worldwide rely on Imprivata solutions. Imprivata is the category leader in the 2012 and 2013 Best in KLAS Software & Services Report for SSO, and SSO market share leader according to HIMSS Analytics. For further information please contact us at: or visit us online at Offices in: Lexington, MA USA Santa Cruz, CA USA Uxbridge, UK Paris, France Nuremberg, Germany Den Haag, Netherlands Copyright 2014 Imprivata, Inc. All rights reserved. Imprivata, OneSign, No Click Access, OneSign Anywhere and OneSign Secure Walk-Away are registered trademarks of Imprivata, Inc. in the U.S. and other countries. All other trademarks are the property of their respective owners. WP-Quick Guide EPCS-Ver2-1114
Choosing the right two-factor authentication solution for healthcare
Choosing the right two-factor authentication solution for healthcare The healthcare industry s transition from paper to electronic records has introduced significant security risk from hackers around the
More informationPrepared by. On behalf of The California HealthCare Foundation. Nov. 24, Sujansky & Associates, LLC 1
Guidelines for the Electronic Prescribing of Controlled Substances: Identity Proofing, Issuing Authentication Credentials, and Configuring Logical Access Controls Prepared by Sujansky & Associates, LLC
More informationEPCS in the State of New York
EPCS in the State of New York Medical Society of the State of New York November 20, 2014 Ken Majkowski Vice President Partner Development EPCS Adoption Status as of October 19, 2014 Over 1.3 million New
More informationUSER MANUAL ID PROOFING AND TWO-FACTOR AUTHENTICATION THROUGH FALCON PHYSICIAN TABLE OF CONTENTS
FALCON PHYSICIAN in partnership with SYMANTEC and SURESCRIPTS USER MANUAL ID PROOFING AND TWO-FACTOR AUTHENTICATION THROUGH FALCON PHYSICIAN TABLE OF CONTENTS Quick Overview PG. ii What You ll Need PG.
More informationYOUR GUIDE TO I-STOP COMPLIANCE AND EPCS
YOUR GUIDE TO I-STOP COMPLIANCE AND EPCS Q: I prescribe medication in New York. Why does EPCS matter to me? A: Beginning March 2015, paper prescriptions will no longer be accepted. Beginning March 27,
More informationTen ways Imprivata Cortext adds HIPAA compliance to text messaging
Ten ways Imprivata Cortext adds HIPAA compliance to text messaging Healthcare is not immune to the consumerization of IT that s happening in other industries. Physicians, laboratory technicians, nurses
More informationThe Benefits of EPCS Beyond Compliance August 15, 2016
The Trusted Source for Secure Identity Solutions The Benefits of EPCS Beyond Compliance August 15, 2016 Presenters Sheila Loy Director Healthcare Solutions HID Global Joe Summanen Technical Architect Nemours
More informationEnabling E-Prescribing In Your Practice with Rcopia and EPCS Gold from DrFirst. A Quick Tip Guide
Enabling E-Prescribing In Your Practice with Rcopia and EPCS Gold from DrFirst A Quick Tip Guide Enabling E-Prescribing in your practice with Rcopia and EPCS Gold from DrFirst u New York s I-STOP Law Benefits
More informationEPCS Setup and Workflow
EPCS Setup and Workflow E-PRESCRIBING OF CONTROLLED SUBSTANCES Footer - Arial 10 1 STEP 1: ASSIGN PERMISSIONS Assign permission to each staff member and provider who will be accessing the EPCS Module (either
More informationEPCS. Setup and workflow
EPCS Setup and workflow STEP 1: ASSIGN PERMISSIONS ASSIGN PERMISSIONS TO EACH STAFF MEMBER AND PROVIDER WHO WILL BE ACCESSING THE EPCS MODULE (EITHER TO CREATE CONTROLLED MEDICATIONS WITHIN THE NOTE, OR
More informationChARM EPCS. User Guide for Washington
ChARM EPCS User Guide for Washington Table of Contents 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Abbreviations Symbols & Definitions ChARM EPCS Users and Roles Top Level Task Flow - How it works?
More informationElectronic Prescribing of Controlled Substances (EPCS)
Electronic Prescribing of Controlled Substances (EPCS) This document, as well as the software described in it, is provided under a software license agreement with STI Computer Services, Inc. Use of this
More informationWescom Solutions, Inc. Practitioner Engagement Android Version CFR EPCS Certification Report
Wescom Solutions, Inc. Practitioner Engagement Android Version 1.0 21 CFR EPCS Certification Report April 27, 2017 Prepared by Drummond Group drummondgroup.com Page 1 of 5 Certification Summary Overview
More informationAdobe Sign and 21 CFR Part 11
Adobe Sign and 21 CFR Part 11 Today, organizations of all sizes are transforming manual paper-based processes into end-to-end digital experiences speeding signature processes by 500% with legal, trusted
More informationImprivata 2014 Desktop Virtualisation Trends in Europe Report
Imprivata 2014 Desktop Virtualisation Trends in Europe Report Glossary of Terms The Imprivata 2014 Desktop Virtualisation Trends in Europe report focuses on desktop virtualisation adoption and associated
More informationDigitalPersona for Healthcare Organizations
DigitalPersona for Healthcare Organizations RAPID, SECURE AUTHENTICATION FOR MEDICAL PROVIDERS AND STAFF Secure Access to Electronic Health Records Streamline Clinical Workflow Reduce Cybersecurity Costs
More informationA HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage
A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION Establish Create Use Manage SIMPLE. SECURE. SMART. ALL FROM A SINGLE SOURCE. As the ways to access your organization and its sensitive data increase,
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationMay 28, Michelle M. Leonhart Acting Administrator Drug Enforcement Administration 8701 Morrissette Drive Springfield, VA 22152
230 E. Ohio Street, Suite 500 Chicago, IL 60611-3269 Tel 312 664 4467 Fax 312 664 6143 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
More informationSeptember 22, Re: (DEA-218P) Dear Administrator Leonhart:
September 22, 2008 Michele Leonhart Acting Administrator Drug Enforcement Administration Attention: DEA Federal Register Representative/ODL 8701 Morrisette Drive Springfield, VA 22152 Re: (DEA-218P) Dear
More informationHow to Align Information Security and Safety in Healthcare
How to Align Information Security and Safety in Healthcare Executive Overview Today s healthcare providers must contend with a difficult combination of tightening regulations, decreasing reimbursement
More informationMassachusetts Health Data Consortium CAQH CORE - NEHEN - VeriSign/Symantec Pilot. September 2010
Massachusetts Health Data Consortium CAQH CORE - NEHEN - VeriSign/Symantec Pilot September 2010 Agenda CAQH status CORE UPD Pilot overview Q&A 2 HR 3590 Patient Protection and Affordable Care Act: Section
More informationUse of Controlled Substances in Research
Use of Controlled Substances in Research A Tutorial on Regulatory Requirements and the Emory University Policy 7.25 Research Use of Controlled Substances Emory University, Office of Compliance Tutorial
More informationSparta Systems Stratas Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationComplianceQuest Support of Compliance to FDA 21 CFR Part 11Requirements WHITE PAPER. ComplianceQuest In-Depth Analysis and Review
ComplianceQuest Support of Compliance to FDA 21 CFR Part 11 WHITE PAPER ComplianceQuest In-Depth Analysis and Review ComplianceQuest Support of Compliance to FDA is the FDA guideline that defines the criteria
More informationCOMPLIANCE. associates VALIDATOR WHITE PAPER. Addressing 21 cfr Part 11
VALIDATOR WHITE PAPER Addressing 21 cfr Part 11 Compliance Associates 1 1 INTRODUCTION 21 CFR Part 11 has been become a very large concern in the pharmaceutical industry as of late due to pressure from
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationElectronic Signature Guidance
National Council for Prescription Drug Programs White Paper Electronic Signature Guidance Version 1.0 February 2014 This document provides clarification and guidance to the industry for the use of electronic
More informationElectronic and digital signatures in Adobe Sign for government.
Electronic and digital signatures in Adobe Sign for government. Adobe Sign lets you comply with local and international regulations using one scalable signature solution. A White Paper September 2017 TABLE
More informationSparta Systems TrackWise Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationAppriss Health Information Solutions. NARxCheck/Gateway Overview June 2016 Provided by Clay Rogers
Appriss Health Information Solutions NARxCheck/Gateway Overview June 2016 Provided by Clay Rogers Multi-Layered Solution 2 PMP InterConnect: A Nationwide PMP Data Sharing Platform In 2011 Appriss launched
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationWHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help
WHITE PAPER The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help ii Contents Personal Data Defined... 1 Why the GDPR Is Such a Big Deal... 2 Are You Ready?...
More informationSECURITY THAT FOLLOWS YOUR FILES ANYWHERE
SECURITY THAT FOLLOWS YOUR FILES ANYWHERE SOLUTIONS FOR EVERY INDUSTRY VERA FOR FINANCIAL SERVICES Financial services firms are more likely to be targeted in a cyberattack than other organizations. Changes
More informationFive Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer
Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer INTRODUCTION Meeting HIPAA and HITECH security and compliance requirements is a formidable challenge.
More informationTraining Guide for Arkansas Law Enforcement Officers and Licensing Board Representatives
Training Guide for Arkansas Law Enforcement Officers and Licensing Board Representatives Arkansas Department of Health Prescription Monitoring Program March 2016 Contents Contents 1 Document Overview...
More informationTraining Guide for Practitioners
Training Guide for Practitioners Washington State Department of Health Washington State Prescription Monitoring Program July 2014 RxSentry is a proprietary system for prescription monitoring provided by
More informationFDA 21 CFR Part 11 Compliance by Metrohm Raman
FDA 21 CFR Part 11 Compliance by Metrohm Raman Norms and Standards 21 CFR Part 11 is the FDA rule relating to the use of electronic records and electronic signatures. Recognizing the increasing pact of
More informationSDA COMPLIANCE SOFTWARE For Agilent ICP-MS MassHunter Software
SDA COMPLIANCE SOFTWARE For Agilent ICP-MS MassHunter Software Part 11 in Title 21 of the US Code of Federal Regulations (commonly referred to as 21 CFR Part 11) governs food and drugs in the US, and includes
More informationTraining Guide for Practitioners. Washington State Department of Health Washington State Prescription Monitoring Program
Training Guide for Practitioners Washington State Department of Health Washington State Prescription Monitoring Program April 2017 Training Guide for Practitioners Contents Contents 1 Document Overview...
More informationIntegration of Agilent UV-Visible ChemStation with OpenLAB ECM
Integration of Agilent UV-Visible ChemStation with OpenLAB ECM Compliance with Introduction in Title 21 of the Code of Federal Regulations includes the US Federal guidelines for storing and protecting
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationTraining Guide for Arkansas Practitioners and Pharmacists. Arkansas Department of Health Prescription Monitoring Program
Training Guide for Arkansas Practitioners and Pharmacists Arkansas Department of Health Prescription Monitoring Program May 2013 Contents Contents 1 Document Overview... 1 Purpose and Contents... 1 2 System
More informationMaximize your move to Microsoft in the cloud
Citrix and Microsoft 365: Maximize your move to Microsoft in the cloud 3 reasons to manage Office 365 with Citrix Workspace Pg. 2 Pg. 4 Citrix.com e-book Maximize your Citrix Workspace 1 Content Introduction...3
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationNucleoCounter NC-200, NucleoView NC-200 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11)
NucleoCounter NC-200, NucleoView NC-200 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11) A ChemoMetec A/S White Paper March 2014 ChemoMetec
More informationElectronic Prescribing for Controlled Substances EPCS with NewCrop e-prescribing
1 Electronic Prescribing for Controlled Substances EPCS with NewCrop e-prescribing 2 TABLE OF CONTENTS 1. DOCUMENT MANAGEMENT... 3 1.1 COPYRIGHT... 3 1.2 CONFIDENTIALITY... 3 1.3 REVISION HISTORY... 3
More informationSample Security Risk Analysis ASP Meaningful Use Core Set Measure 15
Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15 Risk Analysis with EHR Questions Example Answers/Help: Status What new electronic health information has been introduced into my practice
More informationEPCS stands for Electronic Prescribing of Controlled Substances.
This EPCS training Webinar contains instructions on how doctors, who use VISUAL EMR, can purchase a token to enable them to sign orders for controlled substances. EPCS stands for Electronic Prescribing
More informationOpenLAB ELN Supporting 21 CFR Part 11 Compliance
OpenLAB ELN Supporting 21 CFR Part 11 Compliance White Paper Overview Part 11 in Title 21 of the Code of Federal Regulations includes the US Federal guidelines for storing and protecting electronic records
More informationChromQuest 5.0. Tools to Aid in 21 CFR Part 11 Compliance. Introduction. General Overview. General Considerations
ChromQuest 5.0 Tools to Aid in 21 CFR Part 11 Compliance Introduction Thermo Scientific, Inc. is pleased to offer the ChromQuest chromatography data system (CDS) as a solution for chromatography labs seeking
More informationNext Generation Authentication
Next Generation Authentication Bring Your Own security impact Dominique Dessy Sr. Technology Consultant 1 2012 DIGITAL UNIVERSE 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 2 $ 3 4 Threat Landscape 60%
More informationDEPARTMENT OF JUSTICE Drug Enforcement Administration 21 CFR Parts 1300, 1304, 1306 and 1311 [Docket No. DEA-360]
Billing code 4410-09-P DEPARTMENT OF JUSTICE Drug Enforcement Administration 21 CFR Parts 1300, 1304, 1306 and 1311 [Docket No. DEA-360] Electronic Prescriptions for Controlled Substances Clarification
More informationChapter 6 Data Entry. Tasks in Data Entry. Window Elements in Data Entry
Chapter 6 Data Entry Tasks in Data Entry Starting Data Entry Searching for a Prescriber in Data Entry Searching for a Product in Data Entry Using the Generic Substitution Window Entering Data Entry Detail
More informationCLINICAL DIRECT MESSAGING FREQUENTLY ASKED QUESTIONS
Surescripts has the experience to handle all of your direct messaging needs. Serving the nation with the single most trusted and capable health information network since 2001, we seamlessly connect the
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationExhibitor Software and 21 CFR Part 11
Exhibitor Software and 21 CFR Part 11 Subpart B Electronic Records 15 Columbia Drive Amherst, New Hampshire 03031-2334 No. 11.10 11.10(a) Controls for Closed Systems Validation of systems to ensure accuracy,
More informationVAM. Epic epcs Value-Added Module (VAM) Deployment Guide
VAM Epic epcs Value-Added Module (VAM) Deployment Guide Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances, and other products
More informationCompliance Matrix for 21 CFR Part 11: Electronic Records
Compliance Matrix for 21 CFR Part 11: Electronic Records Philip E. Plantz, PhD, Applications Manager David Kremer, Senior Software Engineer Application Note SL-AN-27 Revision B Provided By: Microtrac,
More informationFive Reasons It s Time For Secure Single Sign-On
Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide
More informationSECURING PATIENT DATA
Duo Security s Guide to SECURING PATIENT DATA Breach Prevention Doesn t Have to Be Brain Surgery 1 Information Security and the Healthcare Industry The healthcare industry is a notoriously easy target
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationSOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK
RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK KEY BENEFITS AT A GLANCE Ensure your journey to the cloud is secure and convenient, without compromising either. Drive business agility
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationIntegration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11
OpenLAB CDS Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11 Technical Note Introduction Part 11 in Title 21 of the Code of Federal Regulations includes
More informationVerizon Registration Process:
All controlled substances will require the prescriber to electronically sign the prescription prior to transmitting it to the pharmacy. Emdeon has partnered with Verizon to provide the digital signing
More informationVersion Control of Study Specific Documents
SOP Title Version Control of Study Specific Documents SOP No. SOP 10 Author Consulted Departments Lead Manager Sign and Print Name Julia Farmery Revision V2.0: Sarah Fahy Lincolnshire Clinical Research
More informationARCHIVE ESSENTIALS
EMAIL ARCHIVE ESSENTIALS KEY CONSIDERATIONS WHEN MOVING TO OFFICE 365 DISCUSSION PAPER PREFACE The last few years have seen significant changes in the way that organisations conduct business. There has
More informationSingle Secure Credential to Access Facilities and IT Resources
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
More informationARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER
EMAIL ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER preface The last few years have seen significant changes in the way organisations conduct business. There has been
More informationThe security challenge in a mobile world
The security challenge in a mobile world Contents Executive summary 2 Executive summary 3 Controlling devices and data from the cloud 4 Managing mobile devices - Overview - How it works with MDM - Scenario
More informationCompliance of Shimadzu Total Organic Carbon (TOC) Analyzer with FDA 21 CFR Part 11 Regulations on Electronic Records and Electronic Signatures
NT1D-1275 Compliance of Shimadzu Total Organic Carbon (TOC) Analyzer with FDA 21 CFR Part 11 Regulations on Electronic Records and Electronic Signatures TOC-Control L Ver.1 / LabSolutions DB/CS Ver.6 Part
More information21 CFR PART 11 COMPLIANCE
21 CFR PART 11 COMPLIANCE PRODUCT OVERVIEW ADD-ONS & INDIVIDUAL SOLUTIONS PLA SUPPORT CONTRACT TRAINING CONSULTING 21 CFR PART 11 COMPLIANCE PLA 3.0 Software For Biostatistical Analysis PLA 3.0 21 CFR
More informationRHS EPCS Webinar 1 of 3
RHS EPCS Webinar 1 of 3 1 How to obtain a USB Token and a Token Passcode Who should attend? Doctors at your facility who prescribe controlled substances. 2 New York State Department of Health (DOH) Please
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationAgilent ICP-MS ChemStation Complying with 21 CFR Part 11. Application Note. Overview
Agilent ICP-MS ChemStation Complying with 21 CFR Part 11 Application Note Overview Part 11 in Title 21 of the Code of Federal Regulations includes the US Federal guidelines for storing and protecting electronic
More informationMapping BeyondTrust Solutions to
TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) Table of Contents Introduction 03 Who is affected by PCI DSS? 05 Why should my organization comply 06 with PCI DSS? Email security requirements 08
More informationGDPR Workflow White Paper
White Paper The European Union is implementing new legislation with the objective of protecting personal data of citizens within the EU and giving them more control over how their data is used. Hefty fines
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is
More informationLegally-Binding Electronic Signatures with OnTask
Legally-Binding Electronic Signatures with OnTask Accusoft Corporation. All rights reserved. With the passage of the ESIGN (Electronic Signatures in Global and National Commerce) Act in 2000, Congress
More informationRelayHealth Legal Notices
Page 1 of 7 RelayHealth Legal Notices PRIVACY POLICY Revised August 2010 This policy only applies to those RelayHealth services for which you also must accept RelayHealth s Terms of Use. RelayHealth respects
More informationDEPARTMENT OF JUSTICE. Drug Enforcement Administration. 21 CFR Parts 1300, 1304, 1306, [Docket No. DEA-218I] RIN 1117-AA61
Billing code 4410-09-P DEPARTMENT OF JUSTICE Drug Enforcement Administration 21 CFR Parts 1300, 1304, 1306, 1311 [Docket No. DEA-218I] RIN 1117-AA61 Electronic Prescriptions for Controlled Substances AGENCY:
More informationElectronic Prescribing of Controlled Substance (EPCS) Registration Single Provider Process
Allscripts eprescribe Electronic Prescribing of Controlled Substance (EPCS) Registration Single Provider Process Copyright 2013 Allscripts Healthcare, LLC. www.allscripts.com Single Provider Registration
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationSurvey Guide: Businesses Should Begin Preparing for the Death of the Password
Survey Guide: Businesses Should Begin Preparing for the Death of the Password Survey Guide: Businesses Should Begin Preparing for the Death of the Password The way digital enterprises connect with their
More informationChapter 35 ehealth Saskatchewan Sharing Patient Data 1.0 MAIN POINTS
ehealth Saskatchewan Sharing Patient Data 1.0 MAIN POINTS Since 1997, Saskatchewan has been developing a provincial electronic health records system for patients (called the provincial EHR) to allow for
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice
More informationOverview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview
PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card
More informationFine-Grained Access Control
Secure your sensitive information Fine-Grained Access Control 2 Serving financial institutions, federal agencies, pharmaceutical companies, payment service providers, insurers, broadcasting companies,
More informationAuthentication and Fraud Detection Buyer s Guide
Entrust, Inc. North America Sales: 1-888-690-2424 entrust@entrust.com EMEA Sales: +44 (0) 118 953 3000 emea.sales@entrust.com November 2008 Copyright 2008 Entrust. All rights reserved. Entrust is a registered
More informationCertDigital Certification Services Policy
CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationVerizon Registration Process:
All controlled substances will require the prescriber to electronically sign the prescription prior to transmitting it to the pharmacy. Emdeon has partnered with Verizon to provide the digital signing
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationThe Impact of 21 CFR Part 11 on Product Development
The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical
More information