Industry experts enable the nation's top electronic prescribing company to securely confirm provider eligibility and authenticate them to e-prescribe controlled substances
June 13, 2011
Costa Mesa, Calif.
Experian® today announced that they and Symantec have provided DrFirst, the nation’s leading electronic prescribing company (e-prescribing), with an authentication solution for their newest product EPCS Gold™. The Experian and Symantec products will allow DrFirst to securely and accurately deliver secure online identity credentials to physicians who are eligible to issue e-prescriptions for controlled substances to their patients through EPCS Gold™.
The joint technology offering from Experian and Symantec is the first of its kind for e-prescribing and was developed specifically for DrFirst. Experian’s Precise IDSM platform will help ensure that Symantec’s VeriSign Identity Protection (VIP) credentials are provisioned to the appropriate users via comprehensive risk-based identity proofing. The technologies will serve as the secure back end to DrFirst’s identity proofing and logical access controls in accordance with the Drug Enforcement Administration (DEA) requirements for electronic prescribing of controlled substances.
Supporting Industry Requirements
In March 2010, the DEA issued an Interim Final Rule (IFR) that authorized electronic prescribing of controlled substances (EPCS) functionality for all providers in the United States. DrFirst has been pioneering the research and development of translating the DEA’s requirements into a product offering that will allow eligible physicians to send controlled substance prescriptions electronically to pharmacies that are authorized to accept the prescription. As part of the guidelines, the DEA requires a two-factor authentication protocol for any provider who wants to send controlled substance prescriptions electronically.
“EPCS is the final barrier to full adoption of e-prescribing among doctors who authorize controlled substances prescriptions,” said G. Cameron Deemer, president of DrFirst. “It was important to work with industry experts who would enable us to positively identify and authenticate physicians who are eligible to utilize our EPCS Gold™ solution to e-prescribe controlled substances electronically. We specifically chose to work with identity proofing and authentication security experts Experian and Symantec to develop a two-factor authentication solution that ensures that our users will be in full compliance with DEA rules.”
How it Works
The initial provisioning of the online credentials will be initiated once identity proofing completes via Experian’s Precise IDSM platform. The online credentials are then managed and validated utilizing the real time authentication capabilities of Symantec’s VeriSign Identity Protection (VIP) Authentication Service. The Symantec and Experian solution supports the National Institute of Standards and Technology (NIST) levels of assurance requirements (Special Publication 800-63) and, by doing so, also meets the DEA’s regulations for electronically prescribing controlled substances.
“There is growing demand among health care, government and financial services organizations for identity proofing and authentication technologies that will not only protect their clients from fraudsters, but also comply with the guidelines established by governing bodies like the NIST and DEA,” said Kerry Williams, group president of Experian Credit Services and Decision Analytics. “We are honored that DrFirst, the pioneer in e-prescribing, has put its trust in both Experian and Symantec to ensure that only providers who are eligible to electronically prescribe controlled substances will be able to seamlessly provide this service to their patients within a secure environment.”
The required authentication process will start by utilizing Experian’s Precise IDSM platform to securely identity proof eligible physicians through a combination of identity element verification, risk scoring, out-of-wallet questioning, and financial instrument verification designed to refine decisions about which physicians will be allowed to send controlled substances electronically. The identities of physicians will then be authenticated and managed by Symantec’s VIP Authentication Service, which provides an additional layer of protection beyond standard username and password by requiring physicians to enter a dynamic one-time-use, six-digit security code generated by their Symantec VIP credential.
Each time providers log in to EPCS Gold™, they will be required to submit their user credentials and one-time password to electronically sign and send controlled substance prescriptions. This identity proofing and authentication process ensures that all of the necessary steps have been taken to protect a physician’s controlled substance e-prescription transaction.
“We are pleased to provide DrFirst’s EPCS Gold™ physicians with a level of security for their online identities that delivers compliance as well as other requirements set by the DEA,” said Atri Chatterjee, vice president of User Authentication at Symantec. “We are also pleased to have achieved this customer success story through our work with Experian. Together, Experian’s risk-based identity proofing capabilities ensure that only authorized DrFirst EPCS physicians are issued strong authentication credentials and those physicians can then use Symantec’s VIP service to authenticate themselves to DrFirst before being allowed to e-prescribe controlled substances.”
Experian is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was US$4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.
For more information, visit www.experianplc.com.
Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners.