Electronic Prescribing of Controlled Substances: The Physician s Perspective



Similar documents
2015 Annual Convention

Electronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006

E-Signature. The Pharmacy Perspective

E-Prescribing of Controlled Substances (EPCS) New York State Board for Podiatry

Why should I report issues directly through my pharmacy management system vendor and not Surescripts?

Office of the National Coordinator for Health Information Technology

E-PRESCRIBING OF CONTROLLED SUBSTANCES

Identity: The Key to the Future of Healthcare

A Planning Guide for Electronic Prescriptions for Controlled Substances (EPCS)

Recommendations from Past Reports: E Prescribing Standards

Electronic Prescriptions for Controlled Substances (EPCS)

Electronic Prescribing In New York State

DEA's New Proposed Regulations For E-Prescribing

VASCO: Compliant Digital Identity Protection for Healthcare

Newborn Screening and Health Information Technology

E-Prescribing FAQ s for Independent Pharmacies Table of Contents

September 25, Dear Acting Administrator Leonhart:

How do I work with my pharmacy management system vendor to enable my pharmacy for e-prescribing via the Surescripts network?

Innovations in Digital Signature. Rethinking Digital Signatures

McKesson Practice Choice TM Electronic Prescribing of Controlled Substances (EPCS) Frequently Asked Questions

Faculty Disclosure. Pharmacist Learning Objectives. Pharmacy e-hit: The Future of Pharmacy and Patient Care

Patient Controlled Health Records Standards and Technical Track

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

U. S. Department of Justice Information Technology Strategic Plan. Appendix E. Public Key Infrastructure at the Department of Justice.

FREQUENTLY ASKED QUESTIONS FOR ELECTRONIC PRESCRIBING OF CONTROLLED SUBSTANCES

Electronic Prescribing of Controlled Substances

Georgia Immunization Registry (GRITS)

PrivateServer HSM Integration with Microsoft IIS

BEYOND IDENTITY PROOFING: How EHRs Can Become More Than Just Vendors

IQS Identity and Access Management

Electronic Prescribing System (EPCS)

Newborn Screening Interoperability Specification

The Evolving Landscape for Electronic Prescribing of Controlled Substances (EPCS) An Industry Briefing

Copyright Telerad Tech RADSpa. HIPAA Compliance

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Electronic Prescribing (erx) Incentive Program

FREQUENTLY ASKED QUESTIONS FOR ELECTRONIC PRESCRIBING OF CONTROLLED SUBSTANCES

Web Services Security Standards Forum. Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.

Four Goals of Certification

To: CHIME Members From: CHIME Public Policy Staff Re: Summary - Interoperability Section (Sec. 3001) of the 21 st Century Cures Legislation

Appendix F: HISPC ASP Use Case Policy Requirements Templates

FMH Benefit Services, Inc.

Eligible Professional s Checklist 2015 Modified Stage 2 Meaningful Use

An Introduction to HIPAA and how it relates to docstar

Preparing for the Medicare Part D Requirements for e-prescribing in Long-Term Care

Re: Docket No. DEA-218, Electronic Prescriptions for Controlled Substances

What Are They, and What Are They Doing in My Browser?

Fourth Annual Florida 2010 Electronic Prescribing Report

NCPDP Electronic Prescribing Standards

HEALTHCARE IDENTITY Management and HEALTH Information in the PALM of your HAND.

May 21, Docket No. DEA-218. Dear Drug Enforcement Administration;


Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

FLORIDA CENTER FOR HEALTH INFORMATION AND POLICY ANALYSIS AGENCY FOR HEALTH CARE ADMINISTRATION

Health Information Technology (HIT) and the Medicaid/CHIP Health Information Exchange (HIE) Advisory Committee

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Certification and Meaningful Use: EHR Product Certification

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Unique Challenges in Architecting a Healthcare PKI that Spans Public and Private Sectors

Hospital Certified Electronic Health Record (EHR) Technology Questionnaire

DEPARTMENT OF JUSTICE. Drug Enforcement Administration. 21 CFR Parts 1305, [Docket No. DEA-217F] RIN 1117-AA60

STATE OF NEBRASKA STATUTES RELATING TO NEBRASKA TELEHEALTH ACT

Security Characteristics of Cryptographic Mobility Solutions

Recommendation for Complete Electronic Health Records and Patient Privacy Protection in the Stimulus Bill. January 15, 2009

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

White Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

EHR Glossary of Terms

PRIME IDENTITY MANAGEMENT CORE

County Director. Chief Information Officer. County Director

Department of Justice

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

November 2009 Special Edition

How To Help Your Health Care Provider With A Health Care Information Technology Bill

PKI Smart Card Usage for Business-Partners Features and Requirements. Version 1.4 / August 2013

IBM Security Access Manager for Enterprise Single Sign-On V8.2 Implementation Exam.

Meaningful Use for Eligible Providers. Session One: ARRA Meaningful Use Overview

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Health Reform and the AAP: What the New Law Means for Children and Pediatricians

Concept Series Paper on Electronic Prescribing

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

The Continuity of Care Document. Changing the Landscape of Healthcare Information Exchange

Thank you for choosing Rcopia, the award-winning e-prescribing system from DrFirst! This packet contains all the registration forms needed to get

Electronic Health Records: You will join the Borg

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Electronic Signature Guidance

DRAFT Standard Statement Encryption


How To Help Your Health Care System With Ehr

Business Issues in the implementation of Digital signatures

How Real-Time Data Integration is Changing the Face of Healthcare IT

Frequently Asked Questions (FAQs)

National Information Management Conference and Exposition Thursday, April 23, 2009

The Benefits of an Industry Standard Platform for Enterprise Sign-On

NASA PIV smartcards at Headquarters Frequently Asked Questions (FAQ s)

Spreed Keeps Online Meetings Secure. Online meeting controls and security mechanism.

dermatologists to provide teledermatology services to their patients utilizing a web-based

SAML for EPCS (Electronic Prescription of Controlled Substances)

To: From: Date: Subject: Proposed Rule on Meaningful Use Requirements Stage 2 Measures, Payment Penalties, Hardship Exceptions and Appeals

Transcription:

Electronic Prescribing of Controlled Substances: The Physician s Perspective Alan E Zuckerman MD FAAP American Academy of Pediatrics Georgetown University Medical Center aez@georgetown.edu July 11, 2006 1

AAP represents 60,000 primary care pediatricians, pediatric medical sub-specialists, and pediatric surgical specialists who are dedicated to the health, safety, and well being of infants, children, adolescents, and young adults AAP cares about EPCS because of the importance of EPCS to children with ADHD this is about Ritalin not Oxycontin AAP cares about electronic prescribing AAP wants to reduce the barriers to the increased use of health information technology AAP is participating in HL7, ASTM, CCHIT and HITSP Dr Zuckerman is a practicing academic pediatrician who is a member of NCPDP, CCHIT IOWG, and HITSP CE-TC July 11, 2006 2

EPCS: Overview of Physician Issues There is an urgent need for EPCS to drive erx What security measures will physicians tolerate to get EPCS? Attractiveness of smartcards and PKI Unanswered questions about PKI Comparing provider level PKI and vendor level PKI Making DEA registration as easy as possible Linkage to the NHIN A phased roadmap to PKI July 11, 2006 3

Urgent Need for Electronic Prescribing of Controlled Substances The greatest risk for electronic prescribing is that people will not use it! Not having EPCS is a hardship to physicians using erx Not having EPCS is a barrier to getting more physicians to use erx Patients are being deprived of important quality and safety benefits of erx decision support and calculators The risks of fraud and abuse are greater in the paper system than in erx today July 11, 2006 4

What Will Physicians Tolerate For the Sake of Having EPCS? Physicians who currently use erx would tolerate small increases in cost to get the benefits of EPCS Physicians who do not use erx today want to keep the cost low CCHIT will begin certifying erx as part of ambulatory EHR in May 2007 so EHR may become more important than erx alone Physicians do not want separate systems for EPCS and noncontrolled substances Physician will carry a smartcard, but not several different ones for different purposes Physicians will not tolerate biometrics or secure ID changing passwords because of the time factor Physicians do not like sole source vendor lock they want multiple vendor options Enrollment and identification must be quick and easy July 11, 2006 5

Attractiveness of Smartcards and PKI PKI adds 3 key features to electronic signatures Third party user authentication Document integrity checking Non-repudiation A smartcard cannot be duplicated All critical processing takes place on the card Smartcards can be revoked remotely if lost or stolen Smartcards provide two factor strong authentication when used with the application password Smartcards now come in many form factors including USB smartcards and SD cards PKI can be used to protect the DEA number by encrypting the DEA number with the physician s public key July 11, 2006 6

Unanswered Questions About PKI Use by Physicians Can we enroll large numbers of physicians and manage a large PKI outside of one enterprise? Limited experience with SAFE Can physicians really understand and accept PKI? A face to face identification step is necessary, but who will handle this function? Web Access and enrollment are essential Citrix Metaframe is used for some EHR and some use ASP Cell Phone / PDA will require SD cards Macintosh and Palm OS Will PKI middleware or drivers be in conflict with local HIPAA and other security systems Physicians will lose or forget their smartcards some of the time One solution is to move the PKI from the provider to the vendor July 11, 2006 7

Comparing Provider Level PKI and Vendor Level PKI Smartcard Local or Web EHR or erx Secure Internet Computer Provider Local EHR or erx or Web Smartcard Pharmacy Provider Computer Secure Internet Pharmacy July 11, 2006 8

Consider the Differences Between Provider and Vendor PKI Every provider must have their own smartcard Every provider must PKI enroll with the DEA The smartcard must be presented every time a prescription is signed Each provider has a secure digital identity and nonrepudiation If the smartcard is not available, no prescriptions can be written Every EHR system and erx system must have their own smartcard The EHR vendor or the erx vendor must PKI enroll with the DEA The smartcard must remain in the system every time a prescription is transmitted Login to the EHR or erx system is not changed from current practices Two factor authentication is optional, one smartcard can server many providers July 11, 2006 9

Making PKI and Smartcards Easier for Physicians to Use Enroll only once every three years as part of DEA registration One fee plus the cost of the smartcard today some hospitals provide smartcards for remote access Allow one smartcard to be used for many other purposes Instant web enrollment following the example of GeoTrust E-Mail certificates Choice of multiple smartcard vendors, form factors, and certificate authorities Basic cryptography that does not raise the cost 1024 bit keys, RSA, SHA-1 not 2048 bit keys or SHA- 256 Self installing portable middleware and web applications July 11, 2006 10

Critical Need to Coordinate With the Nationwide Health Information Network NHIN We must not allow two separate systems for physician digital identity and signature to operate side by side EPCS and NHIN Electronic documents will require electronic or digital signatures on the NHIN including erx The DEA could provide key services to the NHIN creating a national network of trust The NHIN could provide key security services for EPCS Today erx is handled by separate networks and switches, in the future erx should be part of the NHIN architecture EPCS and erx issues must be part of the NCVHS hearings on NHIN functions scheduled for July 26-27, 2007 July 11, 2006 11

A Phased Roadmap to PKI for EPCS Pilots are Essential Allow EPCS with same technology as erx As soon as possible, must resolve State Laws Require vendor PKI, node authentication and signed messages Within 1 year Conduct real-world pilot studies of physician use of PKI and smartcards Complete pilots within 2 years Harmonize EPCS with the NHIN Within 3 years, only one identity for all purposes Set national standards for optional use of PKI digital signature Within 4 years Revise interim standards for EPCS Within 5 years, allow interim to become final if not revised July 11, 2006 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information