Electronic prescription for controlled substances: a cybersecurity perspective

The Electronic Prescription for Controlled Substances (EPCS) is a set of rules published by the Drug Enforcement Administration (DEA) that regulates implementations of electronic prescription systems for controlled substances [1]. EPCS includes requirements two-factor authentication; specifications for electronic prescription applications; and rules governing the signing, transmitting, and receiving of electronic prescriptions [1]. However, this set of regulations overlooks numerous critical aspects of computer security. This paper highlights some key areas in the electronic prescription process outlined by the EPCS regulation that are susceptible to adversarial attacks and provides recommendations for additions to EPCS regulations that would provide greater security for the use of electronic prescriptions.