General Purpose Commercial Information Technology Equipment, Software, and Services. View Our Price List »
InfoGard: The Only DEA-Approved EPCS Certifier
Prescription drug abuse is a headline-grabbing national problem. Individuals and organizations involved in e-prescribing of controlled substances risk severe legal penalties and fines, along with unwanted media and political attention, when licit controlled substances are illegally diverted. Electronic Prescriptions for Controlled Substances (EPCS) applications can reduce diversion risks, but only if the design adheres to recognized best security practices that address both cryptographic and network protections.
In 2011, the DEA authorized InfoGard Laboratories as the only certifying organization for EPCS applications. This means that InfoGard is the only organization with a DEA-reviewed and approved EPCS test and certification process. Building on InfoGard’s EPCS expertise, we are now launching two new services to help EPCS application developers assure compliance with the DEA’s detailed, progressing requirements: a DEA certification requirements workshop, and advisory benchmarking to future DEA requirements.
Certification Requirements Workshop
InfoGard’s EPCS Certification Requirements Workshop gives your design engineering staff the technical and regulatory knowledge essential to specify, design, and develop compliant EPCS products. Our comprehensive training program addresses all 21 CFR Section 1311, Subpart C security and operational requirements, such as cryptographic modules, authentication (e.g. token and protocol requirements) and protection from insider and outsider attack (“processing integrity”).
During InfoGard’s exhaustive certification process development work with the DEA, we surfaced security issues that the DEA is addressing. Since the DEA has planned additional EPCS requirement changes, InfoGard recognizes the challenge that industry faces while awaiting the Final Rule. Unplanned product upgrades resulting from DEA rule changes can be disruptive and expensive. To address this challenge, InfoGard offers a new service: Advisory Benchmarking to Future Requirements. InfoGard’s direct experience with the DEA enables us to help other organizations navigate the progressing EPCS regulations with confidence.
Contact InfoGard today to get your fully compliant EPCS application to market with greater speed and less expense.
In addition to being the only DEA-accredited ECPS certification body, InfoGard is one of six selected Office of the National Coordinator for Health Information Technology (ONC) Authorized Testing and Certification Bodies. It is also accredited by the National Institute of Standards and Technology (NIST) under its National Voluntary Laboratory Accreditation Program with specialized expertise in technology security, i.e. NIST’s Cryptographic Module Validation Program. In addition, InfoGard is accredited by NIST to validate compliance with Personal Identify Verification (PIV) requirements. InfoGard is an independent laboratory and offers no hardware, software, system products, contract hardware or software design services that might conflict with being a testing and certification organization.