SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

EPCS-DEA Third Party Audits - How Often?

Is there a period of time that the DEA-EPCS Third Party audit is valid?

On March 31, 2010 the Drug Enforcement Agency's (DEA) rule, "Electronic Prescriptions for Controlled Substances" has revised its regulations to give physicians the choice of writing prescriptions for controlled substances the traditional method or through the electronic system. Originally, the regulation restricted physicians and practitioners from writing electronic prescriptions for controlled substances (EPCS).

The EPCS allows pharmacies, practitioners, and hospitals the ability to employ the benefits of information technology to the field of health care while maintaining the necessary controls for the dispensary of controlled substance prescriptions. In addition, this legislation will reduce the amount of necessary paperwork and the occurrences of prescription forgery. This rule came into effect on June 1, 2010.

The regulation only requires an audit every two years if there are no changes to the functionality of the application. In other words, your report would be valid for 2 years.

About GARY NELSON

Gary Nelson is a Principal based in Atlanta, Georgia. In addition to being a leader in AICPA attestation services in information security and privacy, Gary also helps lead Schellman’s HITRUST, HIPAA, DEA EPCS, and IoT compliance practices. Gary’s information security and privacy career spans over 20 years, with CPA licensure in multiple states, along with his other certifications and designations listed here. Prior to joining Schellman in 2006, Gary has previously served on the HITRUST Assessor Council and now actively participates in multiple industry organizations, such as the AICPA, ISACA, IAPP, CSA, and EHNAC.