Skip navigation

Frictionless E-Prescribing & EPCS in Healthcare

Addressing one of the most common types of medical errors, e-prescribing medication has provided great improvements in quality, errors and cost reduction since its inception. So even with government incentives pushing electronic prescribing, why don’t all physicians and clinics perform electronic prescribing?

The simple answer is friction.

Physicians, nurse practitioners, nurse anesthetists, etc. that prescribe anything from simple antibiotics to controlled substances can have extremely busy schedules and their daily activities can be very hectic and fast-paced. As such, any added steps injected by IT teams or security teams that delay activities they perform causes slow-downs in their processes, creating resistance, or “friction.”

From a business perspective, and certainly from a healthcare provider perspective, friction can be the enemy of progress and innovation. Friction can destroy value and friction can destroy trust in the processes, technologies and the leadership of the organization. “Frictionless” solutions drive value by being integrated, by not introducing delays and by leveraging ubiquitous technology to drive value.

Sometimes friction is caused by technology that was implemented to meet compliance requirements. Electronic Prescriptions for Controlled Substances (EPCS) is a great example of this. EPCS has strict requirements for verifying the identity of the practitioner and goes further to recommend two-factor authentication (2FA) to provide a high degree of assurance that the person prescribing the medication is actually the practitioner.

In fact, some states like New York, Maine and Minnesota are now requiring two-factor authentication for EPCS. The identity proofing requirement for EPCS has typically involved physicians traveling to a specific location to verify their identity in-person (still required for institutional providers), which caused them to take time out of their busy schedule - thus creating friction.

Frictionless EPCS with Duo and Identity.com

I’m happy to say that technology has evolved and the identity proofing and two-factor processes required for EPCS can now be “frictionless.” With the latest offering from Duo Security and Identity.com, a federally-approved credential service provider, the process for individual practitioners can be done completely remotely. The practitioner needs no badges or tokens to complete the process - just their smartphone. The process is so streamlined and effective that any practitioner can complete the process in less than five minutes via the web.

Here’s how simple the enrollment process is for providers new to EPCS:

  • The individual practitioner would receive an enrollment email with a link to enroll
  • Following the link, they would:
    • Provide the required personal information
    • Validate their identity via questions from a credit bureau
    • Validate their address information via a utility company or financial provider
    • Enroll their smartphone for two-factor authentication
    • Authenticate via the Duo Mobile app

That’s it! In less than five minutes and from anywhere, an individual practitioner can be setup to electronically prescribe controlled substances (caveat: they must be using an approved and compliant EHR application for e-prescribing).

“Duo has enabled us to use EPCS with a secure, easy-to-use, second factor of authentication.

— Kimberly Sucy, Supervisor, IAM, Rochester Regional Health System (Source: TechValidate. TVID: 419-ABF-AEA)

Being a veteran of the healthcare industry, I understand how important it is that technology and security solutions be streamlined, integrated and “frictionless.” I certainly anticipate that solutions like these will greatly increase adoption of electronic prescribing for individual practitioners. Although technology may not have solved for frictionless requirements for all aspects of a medical practitioner’s job yet, I’m very happy to see it solved for EPCS and electronic prescribing in general, as it’s such an important contributor to driving better outcomes in healthcare today.

Learn how to get started with Electronic Prescribing of Controlled Substances (EPCS) with guidelines from the DEA, and get more information on Duo’s EPCS offering by visiting Duo for Healthcare.

Doug Copley

Principal Security Strategist

Doug Copley is a Principal Security Strategist with Duo Security. A former CISO in Healthcare and Chief Privacy Officer in Financial Services, Doug is a 25 years veteran of IT, information security and data privacy. Doug is a passionate advocate and evangelist for effective information security and data privacy risk management for both organizations and individuals. Doug is the co-founder and past Chairman of the Michigan Healthcare Cybersecurity Council and remains active in various industry activities and workgroups. Doug can frequently be found speaking or blogging on information security, data privacy and leadership topics for everyone’s benefit.