FDA/DEA EPCS Regulation
Comply with Electronic Prescriptions for Controlled Substances (EPCS) requirements
EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.
Entrust can help prepare organizations to meet these regulations through:
- FIPS-certified protection of private keys;
- Industry-leading experience in designing and implementing PKI solutions;
- A secure execution environment for running sensitive cryptographic processes.
- Click to select...
Regulation
The DEA's EPCS Regulation
"Electronic Prescriptions for Controlled Substances" revises DEA's regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically. The regulations will also permit pharmacies to receive, dispense, and archive electronic prescriptions.
The DEA’s requirements for EPCS include:
(16) The digital signature functionality must meet the following requirements:
(i) The cryptographic module used to digitally sign the data elements required by part 1306 of this chapter must be at least FIPS 140–2 Security Level 1 validated. FIPS 140–2 is incorporated by reference in Section 1311.08.
....
(iii) The electronic prescription application's private key must be stored encrypted on a FIPS 140–2 Security Level 1 or higher validated cryptographic module using a FIPS-approved encryption algorithm. FIPS 140–2 is incorporated by reference in Section 1311.08.
In addition, in “§1311.205 Pharmacy application requirements” in the same DEA publication, the section states:
(b) The pharmacy application must meet the following requirements:
(4) For pharmacy applications that digitally sign prescription records upon receipt, the digital signature functionality must meet the following requirements:
(i) The cryptographic module used to digitally sign the data elements required by part 1306 of this chapter must be at least FIPS 140–2 Security Level 1 validated. FIPS 140–2 is incorporated by reference in Section 1311.08.
....
(iii) The pharmacy application's private key must be stored encrypted on a FIPS 140–2 Security Level 1 or higher validated cryptographic module using a FIPS-approved encryption algorithm. FIPS 140–2 is incorporated by reference in Section 1311.08.
Compliance
Strong Key Management
Entrust nShield® hardware security modules (HSMs) are FIPS 140-2 certified, tamper-resistant devices that protect practitioners’ private signing keys.
Protection of Digital Signature Functionality
In addition to protecting your sensitive keys, nShield HSMs also provide a secure environment for running proprietary applications. The CodeSafe option lets you develop and execute digital signature functionality within nShield's FIPS 140-2 Level 3 boundaries, as required by the EPCS regulation.
Authorized User Controls
Establish a secure and scalable PKI that helps securely authenticate users and devices to participate in the prescription network. Using nShield HSMs to help secure the process of issuing certificates and proactively manage signing keys creates a high-assurance foundation for digital security.
Resources
Brochures: Entrust nShield HSM Family Brochure
Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, Entrust nShield HSMs support a variety of deployment scenarios.
Related Solutions
For electronic health information security and the timely disclosure of data breaches
Related Products
Hardened, tamper-resistant environments for secure cryptographic processing and key management.
Networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.