10 Provisions and 5 Steps to Electronic Prescription Compliance for Pharmacies
Electronic prescription compliance is a key aspect of a comprehensive pharmacy compliance program. The U.S. Drug Enforcement Administration (DEA) and the U.S. Department of Justice (DOJ) strictly enforce the federal e-prescribing requirements, and non-compliance can lead to loss of DEA registration, fines, and other penalties.
While federal statutes such as the Controlled Substances Act (CSA) and the Drug Supply Chain Security Act (DSCSA) contain provisions that pertain to electronic prescriptions, the majority of pharmacies’ technical obligations exist under 21 C.F.R. Section 1311. Specifically, Subpart C establishes extensive requirements for healthcare providers of all types, and Section 1311.200 establishes additional requirements that apply specifically to pharmacies.
“Electronic prescription compliance is a tricky area for pharmacies. However, pharmacies have virtually no room for error, and even technical deficiencies can lead to enforcement action by the DEA.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.
10 Key Provisions of the Federal Electronic Prescription Regulations
Here are 10 examples of key provisions of 21 C.F.R. Section 1311 that apply to pharmacies:
1. Valid Prescriptions
While some provisions of Subpart C speak to the obligations of prescribing physicians and other specific types of providers, pharmacies must take these provisions into account when developing their electronic prescription compliance programs. For example, Section 1311.100 defines what qualifies as a “valid prescription.” Although this portion of Section 1311.100 speaks specifically to “practitioners,” pharmacy owners and pharmacists also need to have a clear understanding of what constitutes a “valid prescription” under the federal electronic prescription regulations, as filling an invalid prescription can lead to prosecution for prescription drug fraud.
2. Conditions for Processing Valid Prescriptions
There is also a portion of Section 1311.100 that speaks specifically to pharmacies. Under subsection (e), a registered pharmacy is only permitted to process valid prescriptions when two conditions are satisfied. First, the pharmacy must use “a pharmacy application that meets all of the applicable requirements of [Subpart C].” Second, the prescription itself must be “in conformity with the requirements of the [CSA] and” all pertinent federal regulations. Thus, when it comes to electronic prescribing compliance, pharmacies cannot focus solely on Section 1311.100 itself, but instead must focus on ensuring that their e-prescribing policies and procedures comply with all relevant sources of federal authority.
3. Pharmacy Applications
The “pharmacy application” referred to in Section 1311.100 is the software application that a pharmacy uses to process electronic prescriptions received from practitioners. Subpart C establishes extensive requirements for these applications, and pharmacies must ensure that their applications meet all of these requirements not only initially, but also on an ongoing basis.
In addition to technical requirements, Subpart C establishes requirements for the use of pharmacy applications as well. For example, Section 1311.170 states that a pharmacy application may, “may print copies of the transmitted prescription if they are clearly labeled: “Copy only—not valid for dispensing.” This is just one of numerous specific requirements with which pharmacies must comply on an ongoing basis.
4. Pharmacy Application Due Diligence
Prior to implementing an application for processing electronic prescriptions, pharmacies must conduct thorough due diligence in compliance with Section 1311.200 of Subpart C. Among other requirements, a pharmacy, “must determine that [a] third-party auditor or certification organization has found that the pharmacy application does the following accurately and consistently:
“Import, store, and display the information required for prescriptions under Section 1306.05(a) of this chapter.
“Import, store, and display the indication of signing as required by Section 1311.120(b)(17).
“Import, store, and display the number of refills as required by Section 1306.22 of this chapter.
“Import, store, and verify the practitioner's digital signature, as provided in Section 1311.210(c), where applicable.”
5. Ceasing Use of a Pharmacy Application
Similar to pharmacies’ other ongoing obligations, pharmacies must ensure that the applications they use to process electronic prescriptions remain compliant on an ongoing basis as well. For example, subsection (d) of Section 1311.200 provides that, if “[a] pharmacy . . . receives a notification that [a] pharmacy application is not in compliance with the requirements of this part [it] must not use the application to process controlled substance prescriptions until it is notified that the application is again compliant and all relevant updates to the application have been installed.”
6. Evaluating Paper Prescriptions
The DEA’s electronic prescription regulations also create certain obligations for pharmacies with regard to paper prescriptions. For example, if a pharmacy receives a paper prescription that indicates that it was originally transmitted electronically, the pharmacy must have policies and procedures in place to ensure that it does not fill the prescription twice. If the patient has already received medication under the electronic prescription, then the pharmacy must mark the paper prescription as “void”. Pharmacies have similar obligations when the original electronic prescription was transmitted to a different pharmacy.
7. Electronic Prescription Signatures
Pharmacies must have protocols in place to ensure the proper signature of all electronic prescriptions they receive. Depending upon the specific circumstances involved, this may require a signature by the prescribing physician, an intermediary that transmits the prescription to the pharmacy, or the pharmacy’s own electronic prescription application. When pharmacies receive electronic prescriptions with prescribers’ digital signatures, they must follow appropriate procedures to verify the authenticity of these signatures and store them for archival purposes.
8. Daily Pharmacy Application Audits and Reports
Pharmacies must utilize electronic prescription applications that allow for the “establish[ment] and implement[ation of] a list of auditable events.” Their application must also “analyze the audit trail at least once every calendar day and generate an incident report that identifies each auditable event.” When an auditable event occurs, the pharmacy must report the event to both the application service provider and the DEA.
Pharmacies have numerous detailed recordkeeping obligations under federal electronic prescription regulations. In general, “[i]f a prescription is created, signed, transmitted, and received electronically, all records related to that prescription must be retained electronically.” Pharmacies must keep all relevant records for “ two years from the date of their creation or receipt,” provided that they must also comply with any other pertinent laws or regulations that establish longer retention periods.
10. Transfers Between Pharmacies
Finally, pharmacies have specific obligations when transferring electronic prescriptions to (or receiving electronic prescriptions from) other pharmacies. For example, Section 1311.305 provides that if one pharmacy transfers electronic prescription files to another, both pharmacies are responsible for ensuring that the recipient pharmacy’s electronic prescription application meets all pertinent requirements or otherwise stored so that they can be “retrieved, displayed, and printed in a readable format.”
5 Steps for Establishing Electronic Prescription Compliance
Given the complex and ongoing nature of pharmacies’ obligations pertaining to electronic prescriptions, pharmacies must undertake comprehensive measures to ensure compliance. The federal electronic prescription regulations make clear that pharmacies must adopt custom-tailored compliance policies and procedures, and they must implement protocols that work effectively within the context and confines of their unique operations and practices. With this in mind, here are five crucial steps for pharmacies that need to establish electronic prescribing compliance:
1. Assess the Pharmacy’s Compliance Needs and Obligations
Despite the uniformity with which the federal electronic prescription regulations apply, different pharmacies will need to undertake different measures in order to establish and maintain compliance. As a result, pharmacies must assess their particular compliance needs and obligations, and then they must focus their compliance efforts in these specific areas.
2. Develop Comprehensive and Custom-Tailored Policies and Procedures
Once pharmacies assess the scope of their compliance burden, they can then develop electronic prescription compliance policies and procedures. These policies and procedures must be both comprehensive and custom-tailored based upon the assessment that was conducted. Pharmacies can either develop stand-alone electronic prescribing compliance policies and procedures, or they can incorporate these policies and procedures into their overall compliance programs.
3. Carefully Choose a Pharmacy Application
Pharmacies must be extremely careful when choosing their electronic prescription applications. The fact that an application is on the market does not necessarily mean that the application is compliant. In any case, the regulations make clear that pharmacies must conduct their own due diligence, and they must ensure that the applications they adopt (and the companies that sell them) fully satisfy the DEA’s requirements.
4. Implement the Pharmacy’s Policies and Procedures
Beyond developing electronic prescription compliance policies and procedures, pharmacies must implement these policies and procedures in all aspects of their operations. This includes everything from ensuring appropriate communication with prescribing physicians to evaluating prescriptions as they come in and maintaining all requisite documentation
5. Audit, Retain, Report, and Reassess On an Ongoing Basis
Like all other aspects of pharmacy compliance, establishing electronic prescription compliance is not a one-time event. Pharmacies must audit their compliance efforts, retain all required records, file all necessary reports, and reassess their compliance obligations on an ongoing basis. Failure to meet any of these obligations could result in non-compliance; and, while it may be possible to remedy the pharmacy’s compliance failure, it is also possible that the damage could have already been done. If the DEA uncovers a compliance violation during an audit or inspection, the ensuing enforcement action could lead to penalization—and it could potentially lead to a follow-on civil or criminal law enforcement investigation as well.