Healthcare IT executives are still digesting the Drug Enforcement Administration's lengthy proposal to allow the e-prescribing of controlled substances, but their initial reaction appears to be generally positive.
DEA last week unveiled an interim final rule that aims to close a gap in physicians' ability to handle prescriptions electronically.
Current regulations prohibit doctors from e-prescribing controlled substances. The interim rule, subject to a 60-day comment period, lifts the ban but imposes security measures.
"Based on a limited initial review, we applaud the DEA for taking a positive step in the right direction toward eliminating the final barrier to electronic prescribing with this new rule, and listening to the comments they received regarding the Notice of Proposed Rulemaking (NPRM) last fall," said Dr. Peter N. Kaufman, chief medical officer for DrFirst Inc., an e-prescribing management systems vendor.
Some of the comments submitted on the proposed rule expressed concern with the two-factor authentication requirement. DEA's interim rule retains that requirement, but expands the range of acceptable authentication methods.
"Upon our cursory review it appears the DEA will be requiring controlled substances to be signed and authenticated using 2-factor authentication but they will allow one of those factors to be either a biometric or a hard token," Kaufman said in a statement.
"They are also expanding the methods of identity proofing, including remote secure methods," he added.
In that regard, the DEA's earlier 2008 notice of proposed rulemaking called for in-person identify proofing for practitioners seeking to electronically sign prescriptions for controlled substances. The prescriber was to obtain in-person proofing at a hospital or law enforcement agency, for example.
In the just-released interim rule, DEA acknowledged criticism of the earlier identify proofing requirements. According to the interim rule, commenters, "doubted that hospitals or law enforcement agencies would be willing to conduct the checks ..."
In addition, state pharmacy boards said they lacked the resources to conduct identity proofing.
In view of the comments, DEA has replaced those other parties with existing certification authorities (CA's) and credential service providers (CSP's). Prescribers in private practice, for instance, can use CAs and CSPs approved by a federal authority, the rule stated.
How the prescribing community takes to the new rule remains to be seen, however.
"Only time will tell if the system is burdensome to physicians and pharmacists," said Del Konnor, president of DEA Solutions Group, a consulting firm that advises health care organizations on complying with laws and regulations related to controlled substances. "Only time will tell if prescription medication errors will be reduced."
Konnor said he hopes DEA investigators will use the rule as a "teaching aid initially to help physicians and pharmacists better understand the intent of the new regulation rather than begin to use it to seek out technical violations. Of course, if fraud and abuse are uncovered each must be addressed legally and to the extent of the law."
E-prescribing vendors, meanwhile, continue to look over the new rule.
Surescripts, which operates the nation's largest e-prescribing network, said in a statement that the company plans to work closely with "members of the nation's pharmacies, pharmacy benefit managers, health plans, software vendors and prescribers to analyze and act on the DEA's requirements."
The company said the DEA rule "may impose particular challenges for prescribers and pharmacies," but added that it plans to collaborate on solutions that let the prescribing community comply with the regulation's standards and protocols.
According to a Surescripts report, 18 percent of eligible prescriptions were prescribed electronically by the end of 2009. That compares with 6.6 percent at the end of 2008.
