On March 31 the DEA published a proposal to allow electronic prescriptions for narcotics (Docket No. DEA-218I).
The effective date for this is June 1, 2010 pending congressional review. The RFC section gives insight into how they plan to implement (bold text added by yours truly): Identity proofing, access control, authentication, biometric subsystems and testing of those subsystems, internal audit trails for electronic prescription applications, and third-party auditors and certification organizations.
It looks like there will be a requirement to be “certified” to perform electronic fill of narcotic prescriptions, but is that really enough (think Heartland)?
There are several really interesting tidbits that can be derived from this document that I did not realize:
1. “The responsibility for the proper prescribing and dispensing of controlled substances is upon the prescribing practitioner, but a corresponding responsibility rests with the pharmacist who fills the prescription.” – This makes sense, but also indicates that they will likely follow a path where the responsible parties determine the means by which they accomplish an outline of requirements surrounding security related to narcotics prescription. Ask yourself this: Did HIPAA end internal patient record theft?
2. “[M]ost electronic prescriptions are routed from the electronic prescription or EHR application through intermediaries, at least one of which determines whether the prescription file needs to be converted from one software version to another so that the receiving pharmacy application can correctly import the data. There are generally three to five intermediaries that route prescriptions between practitioners and pharmacies.” – This points to the lack of standards, potential for screw ups and also multiple points of potential abuse.
I am still reviewing the text document (it is long) but I am also preparing and educating myself in this area – I feel some cases coming.
Original Federal Register Text: