• Electronic Prescribing of Controlled Substances


  • DrFirst's desktop e-prescribing platform


  • DrFirst's mobile e-prescribing platform


  • EPCS dashboard (Provider's admin area)
  • Only the provider should access this area
    • Token management
    • Update account information (email address, signing passphrase)
    • Run EPCS report regarding usage
  • To access EPCS Gold
    • Via Rcopia by going to "Utilities", then "Token Management"

Identity Proofing Process (IDP)

  • FIrst Phase of EPCS Registration (see EPCS Onboarding)
  • Involves identity proofing via Experian and creation of your "two-factor authentication" which is required for all EPCS providers

Two-Factor Authentication (Two Components)

  • Security measure used by DrFirst when sending out controlled medications, created by the provider during the IDP stage
  • Component One - Tokens
    • Approved device that generates a six digit one-time-in (OTP)
    • Hard Token - Keychain device provided by DrFirst (Symantec or OneSpan)
    • Soft Token - VIP Access by Symantec can be downloaded on a mobile phone/tablet or computer from Symantec VIP
  • Component Two - Passphrase
    • Created by the provider, this is used to either send out controlled medications or access their EPCS Gold area

Logical Access Control (LAC)

  • Second phase of EPCS Registration (see Logical Access Control)
  •  DEA required stage which both confirms provider's identity by an admin and grants the provider their EPCS abilities for that organization
  • Provider will need "two-factor authentication" to complete this phase with their admin

Back to top of page