DEA Proposes E-Prescribing Regulations; Cumbersome and Strict Framework Could be an Obstacle to Widespread Adoption

On June 27, 2008, the U.S. Drug Enforcement Administration (“DEA”) published a much anticipated Notice of Proposed Rulemaking Regarding Electronic Prescriptions for Controlled Substances.  The proposed regulations are in addition to existing prescribing requirements for controlled substances and are expected to work in tandem with standards developed by the U.S. Department of Health and Human Services on transmitting electronic prescriptions.

The proposed regulations are voluntary and provide practitioners with the option of issuing prescriptions for controlled substances electronically.  However, the practitioner must follow strict controls to deter the diversion of controlled substances.  Such controls include implementing a physically secure information management system and monthly review by the practitioner of a system-generated controlled substance prescription log.  There is a corresponding duty to notify DEA of anything found to be “unusual” within a certain time period.  There are also strict guidelines imposed upon a practitioner on transmitting electronic prescriptions, such as authenticating the system just before signing and not printing or faxing an electronically transmitted prescription.  The burden in on the practitioner to ensure compliance with the proposed regulations and to prevent the diversion of controlled substances.  Among other things, practitioners will be held liable for knowingly permitting another individual to issue electronic prescriptions in the practitioner’s name and for failing to maintain adequate security measures in the handling of electronically transmitted prescriptions.

The proposed regulations also permit pharmacies to receive, dispense, and archive electronic prescriptions.  Again, this is voluntary.  Upon receipt of an electronic prescription, a pharmacy must check the validity of the prescriber’s DEA registration.  “A pharmacy that fails to check the validity of a controlled substance prescription before dispensing is legally responsible if the prescription is invalid.”  The proposal also places strict controls on the participating pharmacy to guard against diversion, such as an enhanced pharmacy information management system, internal audits and back-up systems.  For example, the pharmacy must establish and implement a list of auditable events, and the pharmacy’s system must analyze the audit logs at least once every 24 hours and generate an incident report that identifies each auditable event.  The pharmacy must then decide whether any auditable event poses a security incident that would have to be reported to DEA.

The DEA’s proposal has been long awaited to complement existing initiatives  to promote electronic prescribing, such as those under Medicare and the Health Insurance Portability and Accountability Act.  However, the cumbersome and strict framework proposed by DEA could be an obstacle to widespread adoption of electronic prescribing.  The ability to integrate these requirements into existing technology could be important to how extensively electronic prescribing is used, particularly by doctors.  The fear of DEA enforcement actions for failure to comply with these requirements will also play a role in whether a practitioner decides to adopt these procedures.  DEA should consider these issues in refining the proposed rule before issuing final regulations.  Comments on the proposed regulations must be submitted by September 25, 2008.

By John A. Gilbert & Serafina E. Lobsenz