The Definitive Guide to Electronic Prescription Compliance for Pharmacies

Pharmacies are Subject to Extensive Electronic Prescription Regulations that are Enforced by the U.S Drug Enforcement Administration (DEA). Failure to Consistently Comply with These Regulations Can Result in Loss of DEA Registration, Fines, and Other Penalties.

Contact Lynette directly

In today’s world, processing electronic prescriptions is a routine task for most pharmacies. But, while a typical pharmacy may process tens or hundreds of electronic prescriptions on a day-to-day basis, in our experience few pharmacists and pharmacy owners have a comprehensive understanding of the federal regulations that apply.

Part 1311 of Title 21 of the Federal Code of Regulations (CFR) is entitled “Requirements for Electronic Orders and Prescriptions.” Subpart C consists of twenty-one Sections that each address different aspects of federal electronic prescription compliance. While several of these Sections apply specifically to prescribing physicians: (i) some apply specifically to pharmacies; (ii) some are more general in nature; and, (iii) under the Controlled Substances Act (CSA), pharmacists have a “corresponding responsibility” to ensure that the prescriptions they fill comply with federal law.

Understanding Pharmacies’ Federal Electronic Prescription Compliance Obligations

So, what do pharmacists and pharmacy owners need to know about electronic prescription compliance? The following is an overview of some of the key terms and compliance mandates for pharmacies under 21 CFR 1311 Subpart C:

Section 1311.100. General.

Section 1311.100 states that the federal electronic prescription compliance regulations apply to prescriptions for all Schedule II, III, IV, and V controlled substances. It also states that any electronic prescription issued in violation of 21 CFR 1311 Subpart C is not a “valid prescription.”

If a prescription is deemed invalid due to a violation of the electronic prescription regulations, this means that is not considered to be, “issued for a legitimate medical purpose . . . in the usual course of the [prescribing physician’s] professional practice.” Filling an invalid prescription that is deemed not to have a legitimate medical purpose can be prosecuted as prescription drug fraud under the CSA and other federal statutes.

Section 1311.100 also outlines the basic requirements for registered pharmacies to be eligible to process electronic prescriptions. These are:

• “[Using] a pharmacy [electronic prescription] application that meets all of the applicable requirements of [Subpart C]; and
• “[Ensuring each] prescription is . . . in conformity with the requirements of the [CSA] and [21 CFR 1311].”

Section 1311.170. Transmission Requirements.

Section 1311.170 establishes the requirements for the electronic prescription applications used to transmit prescriptions between physicians and pharmacies. Among other provisions, part (e) states:

“The contents of the prescription . . . must not be altered during transmission between the practitioner and pharmacy. Any change to the content during transmission, including truncation or removal of data, will render the electronic prescription invalid[ however, t]he electronic prescription data may be converted from one software version to another between the electronic prescription application and the pharmacy application . . . .”

Section 1311.170 also places significant limitations on pharmacies’ and third-party service providers’ conversion of electronic prescriptions into print, fax, and other formats.

Section 1311.200. Pharmacy Responsibilities.

Sections 1311.200 outlines a number of specific obligations for pharmacies regarding electronic prescription compliance. These obligations include:

• “Before initially using a pharmacy application to process controlled substance prescriptions, the pharmacy must determine that the third-party auditor or certification organization has found that the pharmacy application . . . accurately and consistently,” imports, stores, and displays all required information and signatures.
• If a pharmacy application provider concludes that the application does not meet all federal requirements, then the pharmacy must stop using the application immediately.
• Pharmacies, “must determine which employees are authorized to enter information regarding the dispensing of controlled substance prescriptions and annotate or alter records of these prescriptions . . .[and] ensure that logical access controls in the pharmacy application are set so that only such employees are granted access to perform these functions.”
• If filling a prescription would require annotation of the prescription were it issued on paper, then the same annotation must be made on the electronic prescription, and the pharmacy must, “retain the annotation electronically in the prescription record or in linked files.”
• “When a prescription is received electronically, the prescription and all required annotations must be retained electronically.”
• “When a pharmacist receives a paper or oral prescription that indicates that it was originally transmitted electronically to the pharmacy, the pharmacist must check its records to ensure that the electronic version was not received and the prescription dispensed. If both prescriptions were received, the pharmacist must mark one as void.”
• “When a pharmacist receives a paper or oral prescription that indicates that it was originally transmitted electronically to another pharmacy, the pharmacist must check with that pharmacy to determine whether the prescription was received and dispensed. If the pharmacy that received the original electronic prescription had not dispensed the prescription, that pharmacy must mark the electronic version as void or canceled. If the pharmacy that received the original electronic prescription dispensed the prescription, the pharmacy with the paper version must not dispense the paper prescription and must mark the prescription as void.”

Section 1311.205. Pharmacy Application Requirements.

Section 1311.205 includes additional specifications for pharmacies’ electronic prescription applications. This includes specifications regarding access, digital signatures, signature verifications, DEA number verifications, information storage and retrieval, and backups and archives. Some of the core requirements for pharmacy electronic prescription applications are:

• The application must facilitate the use of logical access controls that limit who can annotate, alter, and delete prescription information. Logical access controls must be set by “individual user name or role” and must only be capable of creation or modification by authorized personnel.
• The application must utilize digital signatures and be capable of either (i) digitally signing and archiving prescriptions “on receipt,” or (ii) receiving and archiving digitally-signed prescriptions.
• Pharmacy applications that utilize digital signatures must meet various technical requirements, including FIPS 140–2 Security Level 1 validation.
• Applications that receive digitally-signed prescriptions must have a mechanism for verifying the practitioner’s digital signature.
• If the pharmacy receives an electronic prescription that does not include a digital signature, “the pharmacy application must either: (i) [v]erify that the practitioner signed the prescription by checking the data field that indicates the prescription was signed; or (ii) [d]isplay the field for the pharmacist’s verification.”
• The application must “read and retain” the DEA number of the individual physician who writes each prescription (not the DEA number of the hospital, clinic, or other facility with which the physician is affiliated.
• When an electronic prescription is filled, the application must “add[] or link[]” the following information to the prescription: (i) number of units or volume of drug dispensed, (ii) date dispensed, and (iii) identification of the individual who dispensed the drug.
• The application must be able to locate electronic prescriptions, “by practitioner name, patient name, drug name, and date dispensed,” and, “allow downloading of prescription data into a database or spreadsheet that is readable and sortable.”
• The application must “maintain an audit trail” of receipts, annotations, alterations, deletions, logical access control permissions, and other “auditable events.”
• The application must, “protect stored audit records from unauthorized deletion,” “back up . . . prescription records daily,” and “retain all archived records electronically for at least two years.”

Section 1311.305. Recordkeeping.

Once a prescription is initiated in electronic format, then under Section 1311.305, “all records related to that prescription must be retained electronically.” Section 1311.305 also states that, “[r]ecords regarding . . . prescriptions must be readily retrievable from all other records . . . [and] be easily readable or easily rendered into a format that a person can read.”

All records required to be kept under 21 CFR 1311 Subpart C must also be made available to the DEA, “upon request.”

Put our highly experienced team on your side

Dr. Nick Oberheiden

Founder

Attorney-at-Law

John W. Sellers

Former Senior Trial Attorney
U.S. Department of Justice

Local Counsel

Joanne Fine DeLena

Former Assistant U.S. Attorney

Local Counsel

Joe Brown

Former U.S. Attorney & Former District Attorney

Local Trial & Defense Counsel

Amanda Marshall

Former U.S. Attorney

Local Counsel

Aaron L. Wiley

Former Federal Prosecutor

Local Counsel

Roger Bach

Former Special Agent (OIG)

Michael Koslow

Former Supervisory Special Agent (FBI)

Chris Quick

Former Special Agent (FBI & IRS-CI)

Kevin M. Sheridan

Former Special Agent (FBI)

Ray Yuen

Former Supervisory Special Agent (FBI)

Timothy Allen

Former Senior Special Agent

Developing a Comprehensive Electronic Prescription Compliance Program

While companies that sell electronic prescription applications may certify that their applications are fully compliant with 21 CFR 1311, pharmacies cannot afford to blindly rely on these companies’ representations. If the DEA finds that your pharmacy is non-compliant, stating that you put your trust in a third party is not going to save you from prosecution. Pharmacies have an affirmative obligation to comply with the federal electronic prescription regulations, and this obligation cannot be delegated or avoided by any means.

With this in mind, pharmacies must place appropriate emphasis on compliance. They must adopt comprehensive policies and procedures that are custom-tailored to the unique aspects of their practice – including their chosen electronic prescription application. There are many other aspects to pharmacy compliance as well, and an effective compliance program will address all relevant areas of documentation, training, monitoring, reporting, and enforcement.

Speak with a Federal Pharmacy Compliance Lawyer at Oberheiden, P.C.

If you have questions or concerns about your pharmacy’s electronic prescription compliance efforts, we invite you to contact us for a complimentary compliance assessment. Our attorneys are highly-experienced in all aspects of pharmacy compliance, and we can help you gain a clear understanding of your pharmacy’s legal needs. To schedule an appointment with a federal pharmacy compliance lawyer at Oberheiden, P.C. as soon as possible, call us at 888-680-1745 or inquire online today.