SecureAuth Named a Leader in KuppingerCole Leadership Compass Report for Customer Identity and Access Management

SecureAuth DEA Compliant Solutions for Electronic Prescriptions for Controlled Substances (EPCS)

DEA Compliant Solutions
Jeff Hickman
January 31, 2017

Get the latest from the SecureAuth Blog

SecureAuth DEA Compliant Solutions for Electronic Prescriptions for Controlled Substances (EPCS)

In March of 2010, the Drug Enforcement Administration (DEA) ruled on permitting the electronic prescriptions for controlled substances (EPCS) which allows providers and pharmacies the option of sending and receiving prescriptions for controlled substances electronically. As expected, the DEA imposed some strict rules on implementing and supporting EPCS, in part due to the widespread abuse of controlled substances. Part of the restrictions for EPCS is requiring two-factor authentication on the part of the prescribing physicians.

Why SecureAuth for EPCS?

SecureAuth’s flexible authentication framework allows providers to deploy DEA compliant 2-factor authentication in ways that are not intrusive on physicians; and in many casesSecureAuth can actually optimize workflows by reducing clicks. Its aim is to provide the quickest way to ensure that the accessing physician is the one authorized to approve the prescription, per DEA standards.


  • Multiple authentication methods that not only meet DEA regulation but make 2-factor authentication easy for physicians – such as push-to-accept, fingerprint biometric, and other DEA compliant methods
  • Flexible authentication platform that allows providers to select the 2FA method which best conforms to workflow requirements for e-prescribing
  • Seamless integration into major Electronic Medical Record (EMR) software.

2-Factor Authentication for Epic Hyperspace

One of the most widely used EMR platforms is Epic Hyperspace. SecureAuth provides a two-factor authentication module specifically for native integration into Epic. This value-added module (VAM) allows physicians to use either a Time-based One-Time Passcode (TOTP) or Mobile Login Request (Push to Accept). Both methods are FIPS 140-2 certified and accepted methods for use in EPCS. SecureAuth has found wide adoption from physicians in allowing them to provide two-factor authentication in a way that is convenient and easy for them to do.


Additional Benefits of SecureAuth:

  • Holistic/centralized/consolidated solution for all access control across on-premises, cloud, mobile, homegrown, and VPN resources allowing you to purge multiple disparate solutions that raise costs while providing a consistent user experience. Options to deploy on-premises, in the cloud, or hybrid of the two.
  • Passwordless Authentication means users don’t have to create, strengthen, change, or inadvertently share, or call the helpdesk to reset passwords.
  • Audit log visualization (dashboard) and data sharing with SIEMs/SOCs to more quickly identify authentication anomalies and correlate with other security information for accelerated remediation.

Contact us today to explore and learn more about SecureAuth

Related Stories

Pin It on Pinterest

Share This