ScriptSure enforces strict identity verification protocols to ensure secure access to ePrescribing features—especially for EPCS (Electronic Prescribing of Controlled Substances). One critical part of this process involves managing tokens and completing identity verification via ID.me, a trusted third-party digital identity provider.
This article walks you through the steps for setting up, managing, and troubleshooting token devices and ID.me identity verification in ScriptSure.
Why Identity Verification is Required
The DEA (Drug Enforcement Administration) mandates that providers use two-factor authentication (2FA) for prescribing controlled substances electronically. ScriptSure integrates with ID.me to verify a provider's identity and binds a token to their user profile as a second authentication method.
What Is a Token?
A token in ScriptSure is a secure device or mobile app used to generate a one-time passcode (OTP) for two-factor authentication. Tokens are linked to a verified identity and are required for EPCS.
ScriptSure supports:
- Mobile tokens via an authentication app wh ID.me Authenticator)
- Hardware tokens (optional, organization-specific)
What Is ID.me?
ID.me is a federally accredited identity verification platform used to confirm a provider’s legal identity. This process typically includes:
- Document upload (driver's license, passport)
- Biometric checks (selfie or video verification)
- Cross-checks against national databases
- Once verified, ID.me links your identity to your ScriptSure profile for secure EPCS access.
Setting Up ID.me Verification and Token Access in ScriptSure
For Providers
- Log in to the ScriptSure application.
- You will be prompted to complete ID.me proofing.
- Click “Begin ID.me Verification.”
- Follow the prompts to complete identity verification via the ID.me website.
- Upload required identification.
- Complete facial recognition or video call (if prompted).
- Once verified, you’ll be redirected back to ScriptSure.
- Choose your token method (e.g., download an authenticator app (ID.me app) or request a hardware token).
- Register the token by entering the OTP shown on the device/app.
- Save changes and complete the token binding process.
The token must be used for all future EPCS actions.
Managing Tokens for Existing Users (Admin View)
As a Full Admin, you can assist users in managing their tokens but cannot bypass DEA-required identity verification.
Steps:
- Log in to the ScriptSure Manage Site.
- Navigate to the Users section.
- Search for the Provider needing token assistance.
- Open the user’s profile and go to the EPCS or Token section.
From here, you can:
- View the token type and status (Active/Expired)
- Revoke a token (if lost or compromised)
- Reinitiate the ID.me process if it was incomplete or failed
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article