FDA/DEA Regulatory Compliance: EPCS

Complying with Electronic Prescriptions for Controlled Substances (EPCS) Requirements

Americas Map

Regulation

Active now

FDA/DEA Regulatory Compliance: EPCS

EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.

Thales eSecurity can help prepare organizations to meet these regulations through:

  • FIPS-certified protection of private keys;
  • Industry-leading experience in designing and implementing PKI solutions;
  • A secure execution environment for running sensitive cryptographic processes.
FDA/DEA Regulatory Compliance: EPCS
The DEA's EPCS Regulation

"Electronic Prescriptions for Controlled Substances" revises DEA's regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically. The regulations will also permit pharmacies to receive, dispense, and archive electronic prescriptions.

The DEA’s requirements for EPCS include:

  • (16) The digital signature functionality must meet the following requirements:
  • (i) The cryptographic module used to digitally sign the data elements required by part 1306 of this chapter must be at least FIPS 140–2 Security Level 1 validated. FIPS 140–2 is incorporated by reference in Section 1311.08.
  • ....
  • (iii) The electronic prescription application's private key must be stored encrypted on a FIPS 140–2 Security Level 1 or higher validated cryptographic module using a FIPS-approved encryption algorithm. FIPS 140–2 is incorporated by reference in Section 1311.08.

In addition, in “§1311.205 Pharmacy application requirements” in the same DEA publication, the section states:

  • (b) The pharmacy application must meet the following requirements:
  • (4) For pharmacy applications that digitally sign prescription records upon receipt, the digital signature functionality must meet the following requirements:
  • (i) The cryptographic module used to digitally sign the data elements required by part 1306 of this chapter must be at least FIPS 140–2 Security Level 1 validated. FIPS 140–2 is incorporated by reference in Section 1311.08.
  • ....
  • (iii) The pharmacy application's private key must be stored encrypted on a FIPS 140–2 Security Level 1 or higher validated cryptographic module using a FIPS-approved encryption algorithm. FIPS 140–2 is incorporated by reference in Section 1311.08.
Encryption and Key Management

Make your data unreadable to others through strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.

Access Policies and Privileged User Controls

Restrict access to encrypted data through access policies and user controls that permit data to be decrypted only for authorized users and applications, while allowing privileged users to perform IT operations without the ability to see protected information.

Security Intelligence

Logs that capture access attempts to protected data provide high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for compliance reporting.

Data Sheets : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management...

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More

SOX

Americas Map Thumbnail

Regulation

Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
コンプライアンスの専門家に相談する 問い合わせ
GDPRに対応できていますか タレスによる対応状況評価を今すぐ受ける
コンプライアンスおよび規制に関するソリューションハンドブックを読む eBookを読む

Related Solutions

HIPAA/HITECH

The HIPAA Security Rule requires healthcare organizations to use appropriate safeguards to ensure that electronic protected health information (ePHI) remains secure while the HITECH Act requires the timely disclosure of data breaches.

Learn More

Data Residency

There are more than 100 national data privacy laws on the books. Global enterprise, SaaS vendors and cloud-solution providers need to be aware how to meet data residency requirements in their environment.

Learn More
Thales eSecurity is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Thales eSecurity. Damian McDonaldVice President of Global Information Security, Becton, Dickinson and Company
My concern with encryption was the overhead on user and application performance. With Thales eSecurity, people have no idea it’s even running. Karl MudraCIO
Delta Dental of Missouri
インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ