FDA/DEA Regulatory Compliance: EPCS

map
Regulation | Active Now

EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.

Thales can help prepare organizations to meet these regulations through:

Two-factor authentication
Hardware- and software-based EPCS-compliant tokens

Regulation
Compliance

The DEA's EPCS Regulation

"Electronic Prescriptions for Controlled Substances" revises DEA's regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically. The regulations will also permit pharmacies to receive, dispense, and archive electronic prescriptions.

EPCS requires medical practitioners to use two-factor authentication to sign prescriptions for medical narcotics issued in digital form.

To comply with EPCS and enable the issuing of e-prescriptions for controlled substances, hospitals and healthcare institutions must instate EPCS-compliant processes certified by an independent third party, including the use of two-factor authentication (2FA) when signing e-prescriptions for controlled substances.

Thales’ SafeNet two-factor authentication solutions let hospitals and Critical Access Hospitals (CAHs) embrace EPCS quickly, without changing their current infrastructure.

Offering both hardware and software-based EPCS-compliant tokens, Thales provides frictionless authentication for practitioners and frictionless management for IT staff through fully automated workflows.

Other key data protection and security regulations

GDPR

Regulation

Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.

Learn More

PCI DSS

Mandate

Active Now

Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Learn More

Data Breach Notification Laws

Regulation

Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.

Learn More

Data Residency

There are more than 100 national data privacy laws on the books. Global enterprise, SaaS vendors and cloud-solution providers need to be aware how to meet data residency requirements in their environment.

Learn More

HIPAA

The HIPAA Security Rule requires healthcare organizations to use appropriate safeguards to ensure that electronic protected health information (ePHI) remains secure while the HITECH Act requires the timely disclosure of data breaches.