DEA's electronic signature rules for controlled substances outlined
Pharmacies will be able to verify electronic prescriptions for controlled substances with a minimum of hassle under an interim rule being proposed by the Drug Enforcement Administration.
In formulating its proposed interim rule on electronic prescriptions for controlled substances, DEA had dual goals. One was making sure such scripts are secure during transmission, and the second was minimizing the impact on the pharmacies on the receiving end of those scripts, according to Vickie Seeger, R.Ph. She works in the liaison and policy section of the DEA office of diversion control.
Speaking at the recent annual meeting of the National Association of Boards of Pharmacy in Seattle, Seeger said that the proposed rule does not mandate that prescribers have to write or that pharmacies have to accept e-Rxs for controlled substances. Nor does the rule require that any particular e-Rx transmission software application be used by prescribers or pharmacists.
The basis of DEA's approach to e-prescriptions is the use of public key infrastructure (PKI), the technology that encrypts and decrypts messages using algorithms to produce very large random numbers. In simple terms, if the message containing the number received in the pharmacy matches the number representing the prescriber's Rx, the prescription is valid.
In the case of e-scripts, PKI will require that DEA-registered prescribers apply to a Certificate Authority (CA), which will verify their status and issue a digital certificate. That certificate is their authorization to write controlled substance e-scripts. DEA will be the overall CA but will validate subordinate CAs, which may include commercial firms, associations, and state governments.
Pharmacies and pharmacists will not have to apply for digital certificates in order to receive electronic prescriptions, Seeger said. Such e-scripts will have to be verified in the pharmacy, but that function will be done in the background by the software application. She added that the software will have to undergo a compliance audit, which will not be conducted at the individual pharmacy level.
"Once the software the pharmacy is using has been approved as being in compliance with what we're asking for, all the pharmacy has to do is maintain some kind of document stating that it is compliant," said Seeger. "Only when major changes have been made to the PKI portion of the software will there have to be a follow-up audit. But if you're just changing the clinical portion or drug database, there won't have to be another audit."
While DEA is concerned with making electronic prescriptions secure, the agency will not mandate the standard for how those Rxs are actually transmitted, Seeger added. That job will be left up to organizations already in the business of setting standards, such as the National Council for Prescription Drug Programs or Health Level 7. "Whatever they choose to come up with is fine as long as it meets our minimum requirements," she added.
Additional proposed DEA regulations affecting pharmacies accepting electronic prescriptions for controlled substances include the following:
Seeger said DEA is still seeking input on the e-Rx rule. She added, "Nothing is set in stone at this point. We can change our regulations if we find out they are too stringent and nobody can adhere to them."
Carol Ukens. DEA proposes rule to verify e-scripts of controlled drugs. Drug Topics 2001;11:60.