Embed Size (px)
Citation preview
VA/DEA PKI e-Prescribing Pilot for Controlled Substances
Rob Silverman, PharmDJanuary 13, 2005
Topics
e-Prescribing in Department of Veterans Affairs
VA/DEA PKI Pilot Participants Other roles Goals
Security Examples Findings
e-Prescribing is the norm at a VA Medical Center
Transmit prescriptions directly to the VA pharmacy Legend drugs Over-the-counter items provided by VA Document items obtained elsewhere
Result: a complete medication and patient allergy/adverse reaction history available at any VA workstation in the hospital, remote clinic, or via VPN access, with real-time order checks
Schedule II controlled substances
Under 21 CFR 1306, a C-II controlled substance may only be dispensed from a WRITTEN prescription signed by the practitioner
This creates one exception to an otherwise all-electronic prescribing environment
The VA/DEA PKI Pilot
An “ongoing” pilot ... although the formal review period has ended, the system is still in daily use and items are fixed as new issues come up
Scope of the project … demonstrate the application of a digital signature in place of a written signature for electronic transmission of prescriptions
http://www.deadiversion.usdoj.gov/ecomm/index.html
Participants
Original pilot: 50 Hines physicians were selected based on volume of Schedule II prescriptions written in the preceding 3 month period
Current usage: approximately 2 dozen active providers, some from original study and some added since
Other participant roles
“Can’t tell the players without a scorecard”
DEA PEC (DEA’s selected contractor) VA Office of Information
Emerging Technologies Infrastructure CPRS & Pharmacy
VISN Information Security Officer
Local Information Security Officer
CPRS Coordinator IRM
Workstation setup Central server
Specific goals
Create the infrastructure necessary to transmit a digitally signed prescription within the VistA CPRS system Kernel (the EMR’s “operating system”) CPRS (provider access to the electronic health
record) Pharmacy VA PKI certificates
Compare the existing ELECTRONIC signature to the PKI-enabled DIGITAL signature
A continuum of signature methods
Written signature Ink and paper
Captured signature Credit card machine at the store VA’s use of iMedConsent application
Electronic signature Provider knows an electronic code
Digital signature (PKI) Provider knows an electronic code and
possesses a smart card with matching information
Security
Digital Signature Prescription Integrity - The content of a
prescription has not been altered in transit.
Non-Repudiation - The sender of a prescription cannot deny sending it.
Authentication - The sender of a prescription is the person claimed and not an imposter.
http://www.deadiversion.usdoj.gov/ecomm/e_ordrs/index.html
Security – the current process
Provider contacts Clinical Informatics Service [CIS], requests to be a participant in the DEA PKI program
CIS contacts PEC PEC locates provider’s record in a
database extract from DEA, transfers it to a registrant database
Security – the current process
PEC confirms registration back to CIS and transmits that registration to a VA database
CIS gives provider an application/registration form
Acting as an “identity proofing agent”, CIS witnesses the application form signature Could be the local ISO or their delegate Photo ID required Resident physicians without individual DEA
numbers also require pharmacy authorization
Security – the current process
Application form faxed to VISN ISO, acting as LRA (local registration authority)
VISN ISO has a registration database that matches the PEC database
An 8-digit enrollment number is generated
Security – the current process
Enrollment number is returned securely to the local ISO
That number is then delivered in person to the applicant
Provider registers for the electronic certificate at http://vaww.va.gov/vapkidea (takes user to https://vaww1.va.gov/vapkidea/client/userEnrollMS.htm)
Other Tasks for the Card Select PIN Number Photo printed on card
“ActiveCard Upgrade Instructions” – given to the Hines physicians with their card and enrollment number
Security – the current process
Upon completion of the preceding steps, CIS activates the provider in the computer system as eligible to participate
What makes that so secure?
The certificate from the web site matches their DEA number
Their VistA CPRS account matches their DEA number
Prescription signature indicates Knowledge of VistA CPRS access/verify code Knowledge of the VistA CPRS electronic
signature code Possession of the photo ID smart card Knowledge of the card’s PIN number Certificate has not been revoked
Scaling the process nationally
The next few slides repeat the previous steps with a suggestion of how some areas are likely to change when this system is deployed nationally
Security – possible scenario for national deployment
Providers are eligible to participate by virtue of having a current and valid DEA registration … no need for manual addition to an enrollment database
Security – possible scenario for national deployment
Provider obtains a registration form from the DEA website and signs it in the presence of the station’s authorized “identity proofing agents” Could be the local ISO or their delegate Photo ID required
Security – possible scenario for national deployment
Application form transmitted to the LRA, possibly still the VISN ISO
An 8-digit enrollment number is generated
Enrollment number is returned securely to the local ISO
That number is then delivered in person to the applicant
Security – possible scenario for national deployment
Provider registers for the electronic certificate at a VA hosted web site https://vaww1.va.gov/vapkidea/client/userEnrollMS.htm
PIN number and card photo are probably already done because this card is used for
Access to the grounds Access to parking Access to building Other PKI activities, such as secure
Security – possible scenario for national deployment
Provider notifies CIS that they have obtained a digital certificate so that CIS can enable VistA CPRS to accept digital signature
What makes that so secure?
The certificate from the web site matches their DEA number
Their VistA CPRS account matches their DEA number
Prescription signature indicates Knowledge of VistA CPRS access/verify code Knowledge of the VistA CPRS electronic
signature code Possession of the photo ID smart card Knowledge of the card’s PIN number Certificate has not been revoked
Ordering is relatively unchanged --- place the order as usual
Sign the order using regular CPRS functionality, with the Electronic Signature Code
CPRS will prompt for the Smart Card PIN when it recognizes a C-II medication being signed
Activity:09/10/2004 14:15 New Order entered by SILVERMAN,CALL Order Text: MORPHINE TAB,SA 30MG TAKE ONE TABLET BY MOUTH TWICE A DAY Quantity: 60 Refills: 0 Nature of Order: ELECTRONICALLY ENTERED Dig Signature: SILVERMAN,CALL on 09/10/2004 14:16
CPRS will identify the order as DIGITALLY signed when both the electronic signature and smart card PIN have authenticated the order.
The VistA pharmacy application will also identify the order as DIGITALLY signed, indicating to the pharmacist that a paper copy is not necessary. Orders that fail to validate against the digital signature are displayed to the pharmacist once, and then automatically cancelled by the system.
Findings of the pilot
First and foremostIT WORKS!
Time savings to practitioners No need to deliver the prescription to the
pharmacy Prescriptions are complete One-stop-shopping, all prescriptions can
be handled in the same manner Permanent “storage” of the prescription is
now an electronic file vs. boxes of prescription sheets
Issues solved in the pilot
The system has been maintained through Change in smart card type (x1) Change in certificate issuance authority
(x1) Change in smart card software (x2) Change in COM object (x10 !)
More items solved
Workstation installation functions for “all users”
PIN caching for multiple Rx’s in the same patient profile at the same time
Forced VA to re-evaluate the drug file settings to clearly define a “schedule II drug”
Some “gotchas”
Biometrics testing experience Precise MC 100 used during pilot Example of alternative: Identix
Biotouch PowerUser access to computer
systems Tied to a specific smart card vendor
Items for discussion
Security needs for a DEA certificate are different than a VA email certificate (sign & encrypt) How many copies of the certificate may
exist? Default setup is different in a clinic than
an office environment
Does card-based logon save time? Remembering password vs. PIN
Future model
One ideal outcome of the pilot would be a DEA registration website that allowed online payment of a physician’s renewal, provided immediate response, and delivered a new PKI certificate at that time.
