How EHR can ensure compliance on regulations of substances

Recent statistics from the CDC, the Agency for Healthcare Research and Quality, and the United States (US) Department of Health and Human Services indicate that U.S. health care providers wrote more than 214 million prescriptions for opioid pain medication-a rate of 66.5 prescriptions per 100 people. Data collected by these same agencies reveal that as many as 1 in 5 people being treated for long-term noncancer pain in primary care settings are prescribed opioids painkillers.

Given the high rate of use of highly addictive opioid painkillers in the treatment of pain, it reasons that the rate of prescription opioid abuse would also be high. The most recent CDC data also shows that more than 11 million people abused prescription opioids in 2016 with more than 1,000 people being treated in emergency departments for misusing prescription opioids and more than 40% of all US opioid overdose deaths in 2016 involved a prescription opioid.

Regardless of the public health risk narcotic pain medication presents, practices which treat patients requiring pain management in many cases must prescribe narcotic painkillers in a limited and safe fashion as part of providing care.  In this capacity, EHR technology can offer a useful tool in combatting the risks presented by electronic prescriptions for controlled substances (EPCS) such as narcotic painkillers. Before selecting an EHR, it is important to understand the compliance issues surrounding the topic.  

EHR substance regulation

For prescription medications that are regulated by the DEA, yet still possess medical value such as Schedule II opioid painkillers, medical providers using e-prescribing features in their EHR can write and forward prescriptions for these drugs subject to a set of strict regulations to deter abuse and misuse of these medications.

To use EPCS schedule, II-V controlled substances, organizations and their EHR must comply with the requirements outlined in the Drug Enforcement Agency (DEA) Interim Final Rule (IFR).

The IFR was put in place to the goal of which is to ensure the integrity, authentication, and non-repudiation for controlled substance prescriptions to reduce the potential for diversion, and subsequent abuse, of controlled substances. The IFR outlines a series of requirements that healthcare delivery organizations, providers, pharmacies, and technology vendors must meet.

The overall focus of the rule rests on authentication and credentialing to ensure that only verified providers can order electronic prescriptions such as:

• A method to identify prescribers.
• Two-factor authentication for signatures required for a prescription.
• Controls to prevent signed orders from being changed, altered or duplicated.
• A method of creating and storing an ongoing audit trail for all prescribing activities.
• Auditing and reporting for all discrepancies

Effectively an organization must adopt internal controls contained in the final rule and also use software which also meets the IFR’s technical requirements in order to EPCS.

Maintaining compliance with EHR controlled substance prescribing regulations not only is a requirement to be mindful of from a compliance perspective, but it also represents best practices for upholding the health of the community by reducing the risk that highly addictive prescription painkillers will end up in the hands of individuals who may abuse them.