IDENTRUST CLOUD VALIDATION SERVICES (ICVS) FOR PHARMACIES

• Simplifies and Accelerates Application Development Deployment of IdenTrust Cloud Validation Services (ICVS) eliminates development of complex in-house functions.
• Ensures DEA Compliance ICVS is compliant with U.S. Drug Enforcement Agency (DEA) Federal Law 21CFR§1311.205 and Federal Law 21CFR§1311.302 for EPCS validations.
• Supports Surescripts® EPCS Message Format Expedites implementation for customers using Surescripts®.
• EPCS Compliant Supporting both standalone certificates and incoming digitally signed ePrescriptions.
• Expert Support To facilitate pharmacy application integration with ICVS.

IdenTrust Offers:

• Support to enable pharmacies to validate digitally signed EPCS messages
• Automated validation of ePrescriptions regardless of certificate issuer
• Access to our experienced team to help enable pharmacy applications and provide support following implementation
• The experience gained through maintaining relationships with all five DEA certified auditors that conduct DEA audits

The Crisis: Prescription Drug Abuse

America is facing a national public health crisis: prescription drug abuse. Statistics show that 44 people die every day as a result of a prescription opioid overdose. As deaths from drug overdose continue to sky-rocket, there is an increasing need to focus on compliance and safety when prescribing controlled substances. Officials at all levels of government are enlisting the help of health IT professionals to use technology for the Electronic Prescribing of Controlled Substances (EPCS).

What is EPCS?

EPCS is a rule established by the Drug Enforcement Administration (DEA) that allows prescribers to electronically submit digitally signed electronic prescriptions for controlled substances and describes how pharmacies must validate the signatures to ensure authenticity of the prescription. These regulations require two-factor authentication of prescribers, improving security and providing an audit trail for authorities. The use of EPCS is now allowed in all 50 states, is mandatory in the state of New York, with mandates in Maine expected by the beginning of 2018.

DEA Regulations

To comply with rigorous DEA regulations, the applications that pharmacies use to process incoming EPCS-compliant ePrescriptions must be able to correctly handle requests with or without digital signatures. The application must be able to validate digital signatures included in the prescription request, regardless of the issuer of the credential used to create the digital signature. Because there are a broad range of credential issuers, this can be a complex challenge to overcome. DEA also requires that pharmacy applications adhere to all security controls and retain electronic records and audit logs. Significant penalties can be assessed for non-compliance.

The IdenTrust Solution

The IdenTrust Cloud Validation Service (ICVS) provides pharmacy applications with a simple cloud-based service that performs digital signature and certificate validations in a secure manner that meets DEA and NIST requirements. Validations are accomplished with a simple web services call, the results of which are archived and can be easily integrated into the pharmacy application.

The IdenTrust® ICVS solution makes it easy for pharmacies to comply with EPCS validation requirements:

• Receive incoming ePrescription messages
• Determine message type and validation methodology
• Verify message format
• Validate digital signatures
• Provide status to allow pharmacy staff to accept or reject ePrescription requests
• Archive validation results to facilitate efficient and accurate audit reviews

Pre-Deployment Testing

IdenTrust provides test environments for both integration and systems testing to ensure that ICVS integration to the pharmacy application is fully tested prior to deployment into a production environment.

SPECIFICATIONS

Offering	IdenTrust® Cloud Validation Service (ICVS) uses Web Service Definition Language (WSDL) to facilitate messaging between the pharmacy application and IdenTrust to validate digital certificates and digitally signed EPCS messages. Using the appropriate service endpoint(s), in conformance with the required schema, pharmacies send digital signature and/or certificate validation requests to ICVS and in return receive a response containing the validation results.
Technical Specifications	ƒ NCPDP SCRIPT Version 10.6 ƒ EDI Format ƒ XML ƒ X509 v3 digital certificates certified by U.S. Federal Bridge Certification Authority ƒ Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) validation ƒ W3C's XML-DSig standard ƒ Web Services protocols ƒ Web Service Definition Language (WSDL) v1.1 ƒ Simple Object Access Protocol (SOAP) v1.1 HTTP binding ƒ Message formats for digital signature verification ƒ EDIFACT and NCPDP SCRIPT Version 10.6 or later
Related Requirements	ƒ DEA Rules 21 CFR Parts 1300, 1304, 1306 and 1311, effective June 1, 2010 ƒ FIPS PUB 186: Digital Signature Standard, NIST SP 800-57: Recommendation for Key Management, FIPS PUB 140: Security Requirements for Cryptographic Modules

hidglobal.com

North America: +1 512 776 9000 Toll Free: 1 800 237 7769 Europe, Middle East, Africa: +44 1440 714 850 Asia Pacific: +852 3160 9800

Latin America: +52 55 5081 1650

For IdenTrust Sales inquiries: +1 866-IDENTRUST | +1 866-433-6878 | sales@identrust.com

© 2017 HID Global Corporation. All rights reserved. HID, HID Global, the HID Blue Brick logo, the Chain Design and IdenTrust are trademarks of HID Global and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners.

2017-06-02-iam-identrust-epcs-sol-pharm-valid-ds-en PLT-03355