Now that our team has set up your DrFirst subscription, you will need to complete your EPCS identity proofing. This document will walk your through the steps for completing this. You can also use our EPCS identity proofing checklist.

Provider invite and identity proofing

You will receive an invite from DrFirst (

As the provider, you must follow the instructions in this email in order to complete the EPCS registration process. This includes the IDP process (identity proofing) and activating token devices. If you are unable to find the email, check your junk/spam folder.

  1. In the email, a link will appear in step 1 of the directions. Select "Click to Register" link in order to begin the EPCS registration process.The invite email also contains an "Invite ID." It is recommended to save the email with this ID in the case that you are unable to complete the process and have to re-access this information later.
  2. This link will take you to the following page where your NPI number and Invite ID will be pre-populated in the "I have an Invite " box. You may need to scroll down and to the right in order to find these boxes as some browsers, such as Internet Explorer, do not condense information at the top of the page. Confirm that these fields are correct, and select the orange "Proceed" button.
     DO NOT START THIS PROCESS WITHOUT YOUR EPCS TOKEN. Even if you complete the IDP process, you cannot complete the last step without your token present.
  3. Upon logging in successfully, the first step will be to accept the "Terms of Use."
  4. Once the "Terms of Use" have been accepted, the next screen will present a temporary password. This allows you to resume the IDP session if you exit for any reason, and should be recorded before proceeding.
    This temporary password can only be used if IDP has been passed but you have yet to bind a token. If the IDP session needs to be exited and completed later, this password can be used to access the session within 24 hours. To use this password, select the original invite link and enter the password.
  5. Be aware of the prerequisites of the EPCS Gold IDP process and select "Continue."
  6. Then, accept the InfinID "Terms of Use."

User registration

Next, you must fill in all required fields on the user registration page marked with a red asterisk (*). Refer to the screenshot of this form for a typical view of the form.

Required (*)

  • NPI: This will be pre-populated.
  • First/Last Name: These fields will be pre-populated.
  • Email Address: Must match the email where you received the EPCS Invite.
  • DEA Number: When entering your DEA number, use all capital letters. For example, "AA1234567" and not "aa1234567." Enter your primary DEA number, not a specialty DEA or DEA for prescribing addiction medications.
  • Date of Birth: Select the calendar icon and select your birth year followed by the month and then day. This will ensure it is correctly formatted.
  • Address: Enter the address related to your financial records. This is typically a home address. Do not input any special characters within the address field.
  • SSN: Social Security Number.

Optional (but recommended)

  • Mobile Phone Number: While this is not required, if you enter a mobile phone number that Experian can verify, you will receive a text message with a confirmation code instead of a physical letter. This will speed up the IDP process.
  • Credit Card Number: While this is not required, this can increase the chances of passing IDP. Enter a personal credit card that is either a "Visa" or "MasterCard." You will NOT be charged; Experian requires only the first 8 digits.
Mobile phone number and credit card number are not required, but it is STRONGLY recommended that you complete both of these fields as they can prevent identity proofing failures.

Additionally, the "Driver's License State", "Driver's License Number", and "Residential Phone Number" are not required. If you enter your "Driver's License Number" put the class of the license at the end of the number.

  1. Once all fields in the User Registration have been filled out, select "I agree."
  2. You will then be required to answer 3-4 security questions pertaining to your financial history.

    If you are not presented with IDP questions, this could be due to a number of different factors. These include, but are not limited to, a security freeze or fraud alert on your accounts. Instead of these questions, you will see a message that informs you of unsuccessful identity proofing.

  3. Based on the answers to the questions presented, combined with the initial information entered by you on the "User Registration" screen, Experian will determine whether or not you have successfully passed IDP. If you fail IDP, you must start the IDP process over. If you fail 3 times, you cannot attempt IDP again for 24 hours. This will automatically lock the account for a full 24 hours.
  4. Once IDP has been completed successfully, you will receive a confirmation that your identity has been successfully verified on the next screen and will be required to complete registration steps.

Registering tokens

The first registration section asks you to register your EPCS token(s). In order to do this, the hard token from DrFirst is required.

A soft token can also be registered to your account. The soft token is added through the "VIP Access" mobile app (by Symantec), which can be downloaded onto a smartphone or tablet from the app store.

It is STRONGLY recommended that you have both a hard and soft token attached to your account. You will need a token every time you send a controlled prescription electronically and thus will need to access your EPCS Gold account each time.

If you only have one token on your account that is lost, stolen, dies, or is otherwise inaccessible (including getting a new phone), you will not be able to access your account. This means that your account will need to be DISABLED, and you will be required to complete IDP again from the beginning.

  1. To begin, click the orange "Add New Token" button.
  2. The following information will need to be entered per token:
    • Token Manufacturer: Symantec.
    • Token Issuer: DrFirst.
    • Token Type: OTP HARD TOKEN (Key fob) or OTP SOFT TOKEN (VIP Access).
    • Token Name: Nickname for the token to help identify it (Ex. "iPhone token", "Key fob", etc).
    • Serial Number or Credential ID: The Serial Number (S/N) is on the back of the hard token. The Credential ID appears on the VIP Access app.
    • One Time Passcode (OTP): The number generated on the hard token or the "Security Code" from the VIP Access app.
  3. Once all of the required fields have been entered, select the "Save New Token" button. Upon successfully registering a token you will see a message that confirms that token was added. You may save additional tokens or select "Continue" to proceed.

Creating a passphrase

A passphrase must be created for the account. This passphrase will be used to access the account and when a controlled substance is electronically prescribed.

  1. The passphrase will need to be entered twice. The passphrase must be at least 8 characters long, be mixed case, and contain at least one number.
  2. A security question and security answer (case sensitive) will need to be entered as well. This will be used in the even the passphrase is forgotten. You will only need to remember your security answer.
    DrFirst strongly recommends that the passphrase and security question/answer are written down to be stored in a secure location. DrFirst CANNOT reset a passphrase. The passphrase can only be reset by correctly answering your security question. In the event that the passphrase is forgotten and cannot be reset, your account must be DISABLED, and you will be required to complete IDP again from the beginning.
  3. When the "Passphrase", "Security Question", and "Security Answer" have been entered, select "Continue" to move forward.

Experian transaction number

Once the IDP steps have been completed as outlined in the previous pages, the next screen displays a field to enter in the "Experian Transaction Number." This step must be completed for the Experian process to be completed. This number will arrive immediately via SMS text message or in 5-6 business days by USPS mail.

If you must navigate away from this screen, it is safe to do so at this time. Experian sends an email congratulating you on completing identity proofing. Included in this email is a link to enter the transaction number at a later time.

SMS text message

Experian will attempt to match the mobile number (if entered) to the home address to verify that you are the primary account holder for the phone plan. This "Experian Transaction Number" can be entered on the screen to complete EPCS enrollment.

If you are expecting an SMS text message with your transaction number that you have yet to receive, contact DrFirst Support to have the text message resent.

As mentioned, an email link is sent to return the user to the screen to enter the transaction number at a later time.

The text message is only valid for seven days. Once expired, a provider will have to go through IDP again.

USPS mail

If a mobile phone number was not entered, or if Experian is unable to verify that the user is the primary account holder for the mobile phone number, Experian will send a letter via USPS mail containing the number. This typically takes 5-6 business days.

  1. Once the letter arrives, the user should access the IDP confirmation email and select the link to enter the "Experian Transaction Number."
  2. After selecting the link, enter the "Experian Transaction Number", passphrase, and pin from a token. Then select the "Submit" button.

At this point, enrollment is complete. However, you will need to work with an administrator to have your EPCS account activated before you can begin e-prescribing controlled substances. This can be done by using the instructions in the EPCS logical access control.


If you are already an active EPCS prescriber and are trying to on-board for EPCS at another organization, your account can be re-authenticated by leveraging your existing credentials. This prevents you from re-doing IDP for each organization that you are a part of.

Once you have been invited for the new organization, follow the next steps.

  1. Once you receive the invite from DrFirst, select the "Click to Register" link within the email. If you are unable to find the email, check your junk/spam folder.
  2. Within the "I have an invite" section, select the orange "Proceed" button.
  3. Accept the "Terms of Use."
  4. You will then be prompted to re-authenticate yourself by leveraging your existing credentials. Make sure to choose the "Use my existing authentication credentials" option, to prevent having to complete identity proofing again from the beginning.
  5. Finally, you will enter your existing passphrase, choose a token, enter the one-time pin (OTP), and select the "Submit" button.

At this point, enrollment at the new organization is complete. However, you will need to work with an administrator to have your EPCS account activated before you can begin e-prescribing controlled substances for this additional organization. This can be done by using the instructions in the EPCS logical access control.

Back to top of page