How cybersecurity solutions are helping curb America’s opioid crisis


When the clock struck midnight on January 1, it didn’t just mark the start of a new year. It also marked the first day of a historic national mandate to curb the opioid epidemic: starting in 2023, organizations and healthcare providers must electronically prescribe all Schedule II, III controlled substances. , IV and V covered by Medicare Part D.

The Electronic Prescribing Mandate for Controlled Substances (EPCS) requires additional steps to ensure secure prescribing practices. However, the additional digital demands of the mandate can cause clinicians to spend more time with technology, resulting in workflow inefficiencies. But it is not necessary. If implemented with the right strategy, the EPCS mandate can lead to safer prescribing without hindering the work that matters most: treating patients.

More than 100,000 Americans died from drug overdoses between July 2021 and July 2022, according to CDC data. Opioids — especially synthetic opioids like fentanyl — were responsible for most of those deaths. However, addiction often begins with prescription opioids. The federal EPCS mandate, along with similar state-level EPCS laws, are an important step in addressing the opioid epidemic because they address unauthorized prescribing at the source. Recognizing the widespread repercussions of addiction, healthcare organizations are beginning to adopt highly effective strategies to stop drug diversion in its tracks.

While compliance can be met through a variety of technologies, healthcare organizations should consider implementing advanced tools with capabilities that go beyond mandate requirements. Those that provide tightly coupled integrations often lead to more successful results. This is the key to achieving compliance, minimizing drug diversion and reducing over-prescribing without creating additional burdens for hospital staff.

Rationalization of workflows and EPCS compliance

Studies show that mandatory electronic prescribing reduces medication errors, improves patient outcomes, reduces the number of patient visits, and generates hundreds of billions of dollars in healthcare savings. Of course, hospitals seeking these benefits must first initiate detailed and highly collaborative cross-functional project plans to ensure full compliance with specific DEA requirements.

The federal EPCS mandate has two major components for healthcare organizations: multi-factor authentication (MFA) for providers who prescribe controlled substances, and comprehensive reporting that tracks prescribing events as they occur. occur. The AMF confirms a doctor’s identity and authorization to prescribe a particular drug, while the reporting system tracks all prescribing activity and can feed algorithms to identify diversion.

It’s easy to imagine how these demands could slow down the daily work of patient care. For example, many healthcare systems require a lengthy MFA process, such as re-entering a username and password. For reporting, many hospitals perform manual audits of prescribing patterns, cross-referencing electronic health record (EHR) reports with dispensing cabinet activity. While these methods do the job and ensure compliance, they can be time consuming. Additionally, manual processes are riddled with errors. Additionally, healthcare systems can face hefty fines if they are investigated and found to be non-compliant.

But with the right cybersecurity tools, healthcare organizations can confidently comply with EPCS compliance while having better control and removing burdens from healthcare personnel. By integrating digital identity solutions that work with their current EHRs, healthcare organizations can go beyond FDA and DEA compliance. Advanced tools can unlock better visibility into prescribing practices without limiting the efficiency of hospital staff.

Consider MFA, for example. With digital identity technologies integrated into the existing cyberinfrastructure, doctors can easily prescribe necessary medications while away from the hospital while complying with EPCS rules. And the authentication process doesn’t need to be as tedious or tedious as typing in a password every step of the way: a wide range of convenient and innovative options such as hands-free authentication, notifications Token-push, fingerprinting, and facial biometrics allow providers to choose a DEA-compliant method that works best for them, while preventing unauthorized access and drug diversion.

Detecting drug diversion with artificial intelligence

While the AMF ensures accountability and safety in the prescribing process, the full reporting mandate creates an opportunity for healthcare organizations to combat drug diversion based on prescribing patterns.

Without the proper tools to analyze the immense amount of data from EHR distribution reports and cabinets, manually auditing these processes will be a major challenge. Manual monitoring is ineffective, if not impossible, given the constraints hospital IT staff already face. This is where AI and analytics-based cybersecurity platforms can make a crucial difference. AI can automate what would otherwise be a manual cross-reference between all systems and reports.

If a provider claims to prescribe a patient a medication for chronic pain, but only gives them half of the prescribed opioids while pocketing the rest, an AI-powered platform like Imprivata’s FairWarning solution, will report their behavior as suspicious. This solution can be integrated into the healthcare system’s existing digital identity strategy. For example, the same credentials a clinician uses to log into the EHR are the same credentials they use to prescribe medications and apply MFA. This provides a simplified way to analyze data and track prescription patterns.

The warrants set strict standards, but they alone will not stop diversion. The methods specifiers implement to achieve compliance will only be as effective as the organization’s ability to integrate with their existing technology. Complying with federal EPCS mandates is just the start of an effective drug diversion strategy. By taking a proactive approach to uncovering drug diversion with AI and digital identity tools, hospitals can amplify the goal of the EPCS mandate to prevent future drug diversion and enable corrective action before the incident occurs. does not degenerate. This will be key to enabling a broader wave of digital transformation for prescribing controlled substances.


Daniel Fabbri, Ph.D.is the Chief Data Scientist at Imprivata.

Dr. Fabbri is also an Assistant Professor of Biomedical Informatics and Computer Science at Vanderbilt University. His research focuses on machine learning applied to electronic medical records, clinical data, and data privacy. Dr. Fabbri’s research has been sponsored by the National Science Foundation, the National Institutes of Health and the US Department of Defense.

Leave a Reply