Pharmacy applications enabled for Electronic Prescription of Controlled Substances (EPCS) must meet strict U.S. Drug Enforcement Agency (DEA) requirements.

Applications must be verified by a third-party auditor to follow a DEA mandated process, which includes the verification of digital signatures and certificate validations. These are being performed in compliance with National Institute of Standards and Technologies (NIST) requirements.

On receipt of a digitally signed EPCS message, the digital signature and associated certificate must be validated by the pharmacy.

Digitally signed EPCS message

Receipt at the

Signature and certificate validation

On receipt of an EPCS message that is not digitally signed, the pharmacy must immediately digitally sign on receipt.

Non-digitally signed EPCS message

Receipt at the

Pharmacy applies digital signature

IdenTrust Healthcare Solutions

IdenTrust solutions fully meet identity related DEA requirements for pharmacy applications.
IdenTrust cross-certified Device Certificates are ideal for digitally signing incoming EPCS messages. Digital signatures created with IdenTrust certificates can be fully relied upon by U.S. Federal agencies.

  • Fully DEA EPCS compliant
  • Cross-certified with U.S. Federal Bridge Certification Authority
  • Easy application process, similar to SSL certificates
  • LOA3 identity proofing
  • Affordable
  • World-class customer service

The IdenTrust Cloud Validation Service (ICVS) provides pharmacy applications with a simple cloud-based service that performs digital signature and certificate validations in a manner that meets DEA and NIST requirements. Validations are accomplished with a simple web services call.

Application Requesting Signature Validation Application passes object to ICVS for certificate validation via SOAP web-service IdenTrust Cloud Validation Service (ICVS) ICVS authenticates requester, verifies certificate assurance level, performs full path discovery, and sends certificate validation requests to all Certification Authorities in chain Certification Authority Qualified Certification Authority Qualified Certification Authority The Certification Authority validates and returns validity responses to ICVS CRL / OCSP OCSP

Application Provider Benefits

Enabling applications for EPCS processing is simple with IdenTrust Healthcare and offers a range of benefits:

  • Simplifies and accelerates application development
  • Ensures DEA compliance
  • Supports Surescripts® EPCS message format
  • Proven for EPCS
  • Trusted by auditors
  • Free IdenTrust EPCS and digital signing expert guidance

Please visit our Learn page, or contact IdenTrust IGC Sales for a free web meeting to learn about DEA EPCS requirements for pharmacy applications and IdenTrust solutions.