Surescripts is leveraging our depth of experience in e-prescribing to support the industry's transition to a streamlined process for EPCS. Surescripts enables and optimizes the EPCS process for pharmacies, software vendors and prescribers while assuring quality, security and safety across our network.
- Reduced fraud and abuse
- Secure electronic records
- Improved safety and patient care
Legal in 49 States
For healthcare communities, State regulatory approval is just one of the required milestones for enabling electronic prescribing of controlled substances (EPCS). Pharmacy system and physician EHR software companies must take additional security and technology steps to comply with The Drug Enforcement Administration's Interim Final Rule (IFR). Once these systems receive approved DEA audits, Surescripts certifies and connects pharmacy and prescriber applications for EPCS through the largest, most trusted national health information network.
Working together to coordinate these steps allows the healthcare community to experience the added security and efficiency of electronic prescribing of controlled substances. For a closer look at EPCS regulatory status by State, click on the EPCS Regulatory Status Map. To see pharmacy readiness by state or to search for EPCS-enabled pharmacies in your area, view our Pharmacy Enablement Map.
Certified Pharmacies and Software Vendors
Click here to search for prescriber software vendors that have achieved Surescripts certification and completed their third-party audits for e-prescribing of controlled substances.
Pharmacies and Pharmacy Software
The following pharmacies and pharmacy software vendors have completed Surescripts certification and their third-party audits for e-prescribing of controlled substances:
- AdvanceNet Health Solutions
- Cerner Etreby
- Digital Business Solutions
- Express Scripts
- FrameworkLTC by SoftWriters
- Foundation Systems
- H E B Pharmacy
- Health Business Systems
- Lagniappe Pharmacy Services (Alpha, InteRx, OpusRx, PPC, Visual)
- McKesson Pharmacy Systems (Condor, EnterpriseRx, PharmacyRx, Pharmaserv, Zadall)
- Micro Merchant Systems
- Pharmacy Systems, Inc
- QS/1 Data Systems
- Rite Aid
- ScriptPro USA
- Transaction Data Systems
- VIP Computer Systems
To see pharmacy readiness by state or to search for EPCS-enabled pharmacies in your area, view our Pharmacy Enablement Map.
State Regulations & Pharmacy Enablement
Regulatory Status by State
Rollover the states below to review the regulatory status* of e-prescribing of controlled substances in your state.
Map current through July 1, 2014
State EPCS Status:
EPCS Pharmacy Enablement by State
Rollover the states below to see the % of pharmacies enabled for e-prescribing of controlled substances in your state.
Mail order pharmacy EPCS enablement includes Express Scripts Home Delivery
% of Pharmacies Enabled for E-Prescribing of Controlled Substances
Steps for Pharmacy and Prescriber Software:
- Update e-prescribing software to meet all requirements specified in the IFR and SCRIPT messaging that supports EPCS
- Undergo a third-party audit to ensure the software meets all DEA EPCS requirements
- Achieve Surescripts Certification for EPCS
- Make audit results available to Surescripts along with a completed Surescripts EPCS Audit Attestation Form
If your prescriber or pharmacy software is already certified by Surescripts for core e-prescribing services, contact your Surescripts Account Representative to discuss a plan for EPCS certification. New software application vendors and pharmacies not currently certified by Surescripts for core e-prescribing services must have contracts in place with Surescripts before certification can begin. Click here to be contacted about Surescripts certification.
Steps for Healthcare Providers:
Healthcare providers who wish to send prescriptions for controlled substances electronically should take the following steps*:
- Ensure that your e-prescribing software is Surescripts certified for EPCS
- Receive an audit report generated by your software vendor indicating compliance with the DEA IFR
- Adhere to ID verification procedures and access controls: ID Proofing, Two Factor Authentication, Digital Signing
*EPCS is legal in all states except Montana. Please refer to the Readiness by State tab for more information.
DEA: Interim Final Rule: The Electronic Prescriptions for Controlled Substances
Published March, 2010
The rule outlines requirements that are descriptive of the outcomes that the DEA wants to achieve. This is not a technical implementation specification. They have been very prescriptive around security requirements, but leave the actual implementation up to the applications and the auditors to determine how to be compliant, and meet their user needs.
DEA: Electronic Prescriptions for Controlled Substances Clarification about Audits
Published October, 2011
The DEA published clarification on the Third Party Audits
DEA: Questions and Answers for Providers of Electronic Prescription Applications, Pharmacy Applications, and Intermediaries
The information on this webpage is not intended to convey specific information about every aspect of the rule, nor is it a substitute for the regulations themselves.
DEA: EPCS Interim Final Rule - Questions and Answers for Pharmacies
DEA: EPCS Interim Final Rule - Questions and Answers for Prescribing Practitioners
National Association of Boards of Pharmacy (NABP) - Find your state board of pharmacy
After EPCS software has met regulatory requirements, been audited, certified and set up with two-factor authentication technology, the last step is identity proofing for the prescriber. The DEA allows identity proofing to be done by any federally approved Credential Service Provider (CSP) or certificate authority (CA) that is Level of Assurance 3 or higher. Prescribers must register their authentication credentials before they are enabled to send electronic prescriptions for controlled substances.
New York State EPCS Requirements
HELPFUL IDENTITY PROOFING LINKS
Individual Practitioners Q & A: Getting Started With Prescriber Identity Proofing
National Institute of Standards and Technology (NIST) Electronic Authentication Guideline
Federal Identity, Credential and Access Management Trust Framework Provider Credential Services.
This is not an exhaustive list. Any provider that is NIST 800-63 LOA 3 is allowed. Providers may be approved by the Federal Bridge Certificate Authority, universities and educational bridges related to these CAs and Trust Frameworks.
Entities Cross-Certified with the Federal Bridge