Dea post dating prescriptions
Because the record will be digitally signed and archived at that point, the proposed requirement for a lock-out period is not needed and is not part of the interim final rule. Yes, the interim final rule allows any practitioner to use his own digital certificate to sign electronic prescriptions for controlled substances.If the practitioner and his application provider wish to do so, the two-factor authentication credential can be a digital certificate specific to the practitioner that the practitioner obtains from a Certification Authority that is cross-certified with the Federal Bridge Certification Authority at the basic assurance level. No, the application must include, on the prescription review screen, a statement that the use of the two-factor credential is the legal equivalent of a signature, but no keystroke is required to acknowledge the statement. Is it permissible to have a staff person in the practitioner's office complete all of the required information for a controlled substance prescription and then have the practitioner sign and authorize the transmission of the prescription? Yes, however, if an agent of the practitioner enters information at the practitioner's direction prior to the practitioner reviewing and approving the information, the practitioner is responsible in the event the prescription does not conform in all essential respects to the law and regulations. Yes, the electronic prescription application may print copies of the transmitted prescription(s) if they are clearly labeled: "Copy only – not valid for dispensing." Data on the prescription may be electronically transferred to medical records, and a list of prescriptions transmitted may be printed for patients if the list indicates that it is for informational purposes only and not for dispensing. If an electronic prescription is printed prior to attempted transmission, the electronic prescription application must not allow it to be transmitted. A practitioner is not permitted to issue prescriptions for multiple patients with a single signature.However, a practitioner is allowed to sign multiple prescriptions for a single patient at one time.Each controlled substance prescription will have to be indicated as ready for signing, but a single execution of the two-factor authentication protocol can then sign all prescriptions for a given patient that the practitioner has indicated as being ready to be signed. No, signing and transmitting an electronic controlled substance prescription are two distinct actions.The hard token, if used, must be a cryptographic device or a one-time-password device that meets Federal Information Processing Standard 140-2 Security Level 1. The practitioner will use the two-factor credential to sign the prescription; that is, using the two-factor credential will constitute the legal signature of the DEA-registered prescribing practitioner.
Institutional practitioners will have the option to conduct in-person identity proofing in-house as part of their routine credentialing process. Under the interim final rule, DEA is allowing the use of two of the following – something you know (a knowledge factor), something you have (a hard token stored separately from the computer being accessed), and something you are (biometric information).This series of five clinical vignettes focuses on common concerns of clinicians and illustrates the relationship between the Drug Enforcement Administration (DEA) and health professionals, noting that the DEA can help explain federal regulations on legally prescribing controlled substances to patients. The primary objective of Federal and state regulations may be identical, but frequently, the laws contradict one another.However, a physician should acknowledge this fact and understand which law he or she is obliged to follow.The pharmacy may continue to use its pharmacy application to store and process information from paper or oral controlled substances prescriptions it receives, but the paper records must be retained. Individual practitioners will be required to apply to certain Federally approved credential service providers (CSPs) or certification authorities (CAs) to obtain their two-factor authentication credential or digital certificates.The CSP or CA will be required to conduct identity proofing that meets National Institute of Standards and Technology Special Publication 800-63-1 Assurance Level 3.