Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            2-Factor Authentication Options

            Modified on Thu, 5 Sep at 5:35 PM

            SCRIPTSURE CLOUD ERX & EPCS. 

            2-FACTOR AUTHENTICATION (2FA)  OPTIONS


            ScriptSure allows for the sending of controlled prescriptions (CLASS II-Class V) electronically. This is generally referred to as Electronic Prescribing of Controlled Substances (EPCS).  In order to send a controlled prescription to a pharmacy, a provider must first setup an ID.me account.  The ID.me setup process accomplishes two things:  

            1. Confirms the identity of the provider through a process call ID Proofing; and
            2. Allows the provider to select a method for approving controlled prescriptions. 


            The follow list shows the options that ca be selected to approve EPCS.



            1. PUSH NOTIFICATION - THE AUTHENTICATOR APP - this method allows a provider to download an application to the provider's cell phone and approve prescriptions.



            2. PHYSICAL TOKEN - this option allows a user to EPCS by using any of the  FIPS 140-2 complaint devices shown below.  These devices can be ordered directly from the manufacturer Yubico: https://www.yubico.com/products/yubikey-fips/



            PLEASE READ THE FOLLOWING:


            The DEA, in the context of EPCS (electronic prescribing of controlled substances) requires providers to approve medications using "two factors."  Something you know is one and something you have is the other, but these cannot be on the same device.

            • The something you know is your ID.me name username and password
            • The something you have is the ID.me authenticator (MFA) application you have installed on your phone (push notification).
            The DEA is very clear that you cannot do both of these functions on the same device. 

            The only circumstance where you can login to ScriptSure from your phone and approve prescriptions is if you have a physical token you insert into your phone charge port and use that for the MFA step (the something you have) OR if you have a second phone with ID.me MFA app installed on that.  They look like this and are sold by a company called Yubico: https://www.yubico.com/product/yubikey-5-fips-series/yubikey-5-nfc-fips/https://www.yubico.com/product/yubikey-5-fips-series/yubikey-5-nfc-fips/

             

            This rule is not our's, but rather the DEAs.  This information sheet from the DEA explains this fully: https://www.deadiversion.usdoj.gov/GDP/(DEA-DC-8)%20Use%20of%20Mobile%20Devices%20in%20the%20Issuance%20of%20EPCS.pdf

            Prior to a provider electronically sending a prescription, there is an attestation statement the DEA requires that appears on all EPCS: 



            In short, in the context of approving controlled substances only, you need to access the ERX application from a computer, laptop, tablet, ipad, iphone or other mobile device SEPARATE from the mobile deice you have your ID.me app (MFA) installed on OR purchase a hard token and add that to your account and you can approve controlled that way.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0