NextGen Knowledge Center

ePCS Message Handling Processes

To handle Electronic Prescriptions of Controlled Substances (ePCS) messages, NextGen Healthcare has the following processes in place:

  • NextGen® Enterprise EHR uses RSA to digitally sign the ePCS message and SHA1 algorithm to hash ePCS messages.
    • The application includes a time stamp within five minutes of National Institute of Standards and Technology (NIST) time source.
  • NextGen® Enterprise EHR uses time server provided by Symantec® VIP service, which is Drug Enforcement Administration (DEA) compliant.
    • The application displays the following information to the provider prior to dispensation of the controlled substance:
      • Date of issuance
      • Full name of the patient
      • Medication name
      • Dosage strength of medication
      • Form of medication
      • Quantity of medication
      • Directions for use of medication
      • Number of refills authorized
      • Earliest fill date of the medication
      • Name, address, and DEA number of the provider
      • Attestation statement
      • Indication that each controlled substance is ready for signing
  • NextGen® Enterprise EHR pharmacy selection appears on new ePCS messages as well as refills for controlled substances.
    • The application records the following information:
      • Date of signature and issue of medication
      • Name and address of the patient
      • Medication information
      • Creation, alteration, indication of readiness for signing, signing, transmission, and deletion of ePCS messages

        NextGen® Enterprise EHR does not allow alteration and deletion of ePCS messages. Therefore, these events are not recorded.

      • Name, address, and DEA number of the provider
      • Failure to transmit ePCS message
      • Attempted unauthorized access, modification. or destruction of ePCS information
      • Interference with ePCS operation
      • Interference with auditing or logging of ePCS information
  • NextGen® Enterprise EHR stores the patient medication record in the patient_medication table. The record contains information about the patient, medication, and provider. When a medication is ePrescribed, the record is locked and, with the exception of the stop date, cannot be altered.
  • A copy of the ePCS message is archived in the epcs_erx_message_history table containing all of the information required by the DEA. Additionally, NextGen® Enterprise stores all underlying details of the ePCS message in the epcs_audit_prescription table.
    • The application reports on the following:
      • Date/time of the event
      • Type of the event
      • Person performing the event
  • Upon success or failure of the event, NextGen® Enterprise EHR stores the above information in the following tables:
    • The epcs_audit_type. This table holds a description and an audit type.
    • The epcs_audit_prescription. This table holds all logs related to ePrescribing of controlled substances.
    • The epcs_audit_logical_access. This table holds all logs related to setting up user access rights in System Administrator.
    • The epcs_audit_certificates table. This table holds all logs related to actions that store digital signing certificates.