Default banner

FDA/DEA Regulatory Compliance: EPCS

Complying with Electronic Prescriptions for Controlled Substances (EPCS) Requirements

FDA/DEA Regulatory Compliance: EPCS

Regulation | Active Now

EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.

Thales can help prepare organizations to meet these regulations through:

  • Two-factor authentication
  • Hardware- and software-based EPCS-compliant tokens
  • Regulation
  • Compliance

The DEA's EPCS Regulation

"Electronic Prescriptions for Controlled Substances" revises DEA's regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically. The regulations will also permit pharmacies to receive, dispense, and archive electronic prescriptions.

EPCS requires medical practitioners to use two-factor authentication to sign prescriptions for medical narcotics issued in digital form.

To comply with EPCS and enable the issuing of e-prescriptions for controlled substances, hospitals and healthcare institutions must instate EPCS-compliant processes certified by an independent third party, including the use of two-factor authentication (2FA) when signing e-prescriptions for controlled substances.

Thales’ SafeNet two-factor authentication solutions let hospitals and Critical Access Hospitals (CAHs) embrace EPCS quickly, without changing their current infrastructure.

Offering both hardware and software-based EPCS-compliant tokens, Thales provides frictionless authentication for practitioners and frictionless management for IT staff through fully automated workflows.

Other key data protection and security regulations


Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.


Active Now

Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.