Articles in this section

Completing EPCS registration for ePrescribe

Navami
Updated

Before using ePrescribe to prescribe controlled substances, clinicians must register for the Electronic Prescribing of Controlled Substances (EPCS). Completing EPCS registration with SimplePractice consists of:

  1. Verifying your identity through identity proofing (IDP) with Experian
  2. Adding tokens and creating two-factor authentication for your EPCS Dashboard
  3. Completing the Logical Access Control (LAC) step

In this guide, we’ll cover:

Important: The steps in this guide should be completed if you’re prescribing controlled substances and after you’ve added ePrescribe to your SimplePractice account. Your NPI number and license(s) should show Verification pending. To add ePrescribe to your SimplePractice account, see Adding ePrescribe to your SimplePractice account.

Requirements for EPCS registration

Note: The steps in this guide should be completed after you’ve added ePrescribe to your SimplePractice account. To add ePrescribe to your SimplePractice account, see Adding ePrescribe to your SimplePractice account.

In order to complete your EPCS registration, have the following requirements ready:

  • Setting up a soft token and a hard token
  • Your mobile device or tablet
  • Your SSN (Social Security Number)
  • Your driver’s license, passport, or state-issued ID
  • Have a passphrase in mind
    • Minimum of 8 characters with at least one capital letter, one lowercase letter, and a number
    • A passphrase is necessary for the two-factor authentication step required for sending controlled substance prescriptions
    • If you forget your passphrase, you’ll need to enter your security question and answer
  • Have a security question and answer in mind
    • Security answers are case sensitive, so we recommend keeping record of your security question and answer exactly as you entered it
  • Personal mobile phone number
    • If your mobile phone number can be validated by Experian, you may be able to receive your verification code instantly by SMS text message
    • If your phone number can’t be validated, you’ll receive a letter via USPS mail after approximately 5-7 business days
  • First 8 digits of personal credit card
    • Visa or Mastercard only

Note: If you forget your passphrase and the answer to your security question, you’ll be required to restart EPCS registration, including the identity proofing process, from the beginning. You'll also be required to pay the setup fee of $89 and any applicable tax. For more information, see What happens if I forget my passphrase and can’t answer my security question?

Setting up a soft token and a hard token

For your EPCS Dashboard, you’ll set up two-factor authentication which requires either a soft token or a hard token. These tokens are approved devices that generate a 6 digit one-time PIN that you’ll use to log in to the EPCS dashboard. We recommend setting up both a soft token and a hard token in case one is lost or inaccessible. During IDP, you’ll be prompted to add your tokens to your EPCS Dashboard.

Creating a soft token

For soft tokens, you can download the VIP Access app from Google Play or the Apple Store on your mobile device or tablet, or via VIP Access by Symantec on a computer.

Important: The Drug Enforcement Agency (DEA) requires that the soft token be on a different device from the one you’re using to prescribe a controlled substance. For example, if you’re prescribing on a computer, the soft token must be on a separate mobile device or tablet.

Requesting a hard token

After your NPI number and license(s) are verified, we’ll notify you that you’re eligible to request a hard token directly through DrFirst. Requesting an initial hard token is covered by DrFirst and free of charge to you. To request a hard token:

addtocart.simplepractice.hardtoken.png
  • Select Check out in the popup window to review your order on the overview page
  • Click Check out again to proceed
  • Enter your contact and delivery information and select Complete order
completeorder.simplepractice.hardtoken.png

Once you’ve placed your order, you’ll receive a confirmation email where you can view your order status. 

Once the hard token has shipped, you’ll receive a second email with tracking information. You’ll receive a final email once the hard token has been delivered.  

For more information, see Order or get assistance with token(s) in DrFirst’s Help Center. 

Note: If you need a replacement hard token, the cost is $25 plus any applicable tax. For more information, see How do I request a replacement hard token?

FAQs

I already have an ePrescribe account with DrFirst/I already completed IDP. Can I connect that account?

If you’ve already completed IDP and already have an ePrescribe account with DrFirst, you’ll be able to re-authenticate your identity using your existing credentials and the tokens for your old account. For more information, see:

I didn’t receive an email to complete the identity proofing process. What do I do?

If you haven’t received an email to complete IDP, we recommend:

  • Checking your spam folder for an email from InfinIDAdmin@drfirst.com
  • Waiting another 24 hours

If you’re still not seeing this email, please reach out to our Customer Success team.

I forgot my EPCS Dashboard passphrase. How do I reset it?

If you’ve completed your identity proofing and have forgotten your EPCS passphrase, follow these steps to reset it:

  • Add your NPI
  • Enter your Serial Number (S/N) or Credential ID from your active token
    • Include the characters without spaces or dashes
  • Click Next Step

  • Use the dropdown menu to select your token
  • Enter the email address associated with your EPCS account 
    • This is the email address used for your EPCS registration process
  • Add the One Time Pin (OTP) from your token
  • Click Continue

You’ll receive an email address to reset your passphrase. The subject of the email will be Prescriber reset passphrase notification. Click the Reset Passphrase Link to be redirected to the Reset Passphrase page on the EPCS Dashboard.

  • Add your NPI
  • Enter your Serial Number (S/N) or Credential ID from your active token
    • Include the characters without spaces or dashes
  • Click Next Step

You’ll be prompted to answer the Security Question that you initially set up during the EPCS registration process.

  • Enter the Security Answer
    • Security Answers are case sensitive
  • Click Continue 
  • Enter your New Passphrase
    • The New Passphrase must be 8-20 characters long, at least 1 uppercase letter, at least 1 number, no special characters, and no more than 2 consecutive uses of the same character
  • Retype it in the Confirm New Passphrase field
  • Click Continue

How do I add another token?

You can add another token via the EPCS Dashboard. To do this:

  • Click Tokens > Manage Tokens
  • Choose Add New Token

A new section will appear to add information for the new token.

Field Enter/Select
Token Manufacture OneSpan
Token Issuer DrFirst
Token Type OTP SOFT TOKEN or OTP HARD TOKEN
Token Nickname Add a nickname or description of the token (i.e. blue key fob)
Serial # / Credential ID
  • If you’re using a DrFirst provided HARD token HARD token (keyfob): enter the Serial Number (S/N) on the back of the token without any spaces
  • If you’re using the Symantec VIP Access app SOFT token: enter the Credential ID that appears at the top of the screen without any spaces
One-time PIN (OTP) Enter the number generated on the hard token or the “Security Code” from the VIP Access app
  • Click Save

How do I log into the EPCS Dashboard?

To log into the EPCS Dashboard:

  • Click ePrescribe from left panel
  • In DrFirst, choose the hamburger menu in the upper left corner
  • Choose Utilities > Token Management

  • Enter your NPI # and passphrase 
  • Click Next

 

  • Use the dropdown menu to select the token
  • Enter a one-time PIN (OTP) from the selected token
  • Click Submit

How do I request a replacement hard token?

Only the initial hard token you received during EPCS registration and IDP verification was provided by DrFirst at no cost.

A replacement hard token will cost $25 + tax. This one-time fee will be charged to the credit card you provide when requesting your replacement. To request a replacement:

  • Navigate to DrFirst’s Replacement Token storefront
  • Enter your contact details and shipping and payment information
  • Select Pay to submit your request

You’ll receive an email confirmation for your request, another email when the replacement hard token has shipped, and a final email once it’s been delivered. 

If your request is within 90 days of your original token order and the token you received was lost or damaged, you may qualify for a replacement under warranty. In that case, please reach out to our team and include:

  • The reason you need a new hard token (lost or damaged token)
  • Your NPI number

For more information, see Order a replacement hard token within Order or get assistance with token(s) in DrFirst’s Help Center.

Important: If you’ve lost your hard token and don’t have a backup (such as a soft token through the Symantec app), you’ll need to complete IDP verification again before setting up your new token.

What happens if I fail IDP?

If you fail IDP three times, this will lock your account. You can’t attempt IDP again for a full 24 hours. If you fail IDP three times, you’ll have to pay the setup fee of $89 and any applicable tax to re-register. If you don’t pass, you can double check the following:

  • Exceeded the three (3) attempts permitted in a 24 hour period
  • A fraud alert on your account
  • Inaccurate answers to your security questions
  • Entered personal information that doesn’t match what Experian has on file
  • Moved within the last 6 years and Experian’s address of record doesn’t match your entry
  • Your address misspelled
  • Your financials associated with a PO box rather than your residential address
  • Your information in Experian is not fully listed (DOB, SSN)

For more information, see Where can I check what information Experian has on file for me?

If you failed three times, please reach out to our Customer Success team

What happens if I forget my passphrase and can’t answer my security question?

In the event that you forget your passphrase and can’t reset it, your account will be disabled, and you’ll be required to complete EPCS registration again from the beginning.

We strongly recommend that the passphrase, security question, and security answer are written down and stored in a secure location. Neither SimplePractice nor DrFirst can reset a passphrase. The passphrase can only be reset by correctly answering your security question.

What happens if I install the VIP Access app (soft token) on a new device?

Before adding the new soft token to your EPCS Dashboard, you must have at least one active (hard or soft) token before you lose access to the original active token.

What happens if I uninstall and reinstall the VIP Access app (soft token) on the same device?

Uninstalling and reinstalling the app on the same device generates a new Credential ID, turning it into a new soft token which must be added before use. Ensure a backup (another hard or soft token) has been added prior to doing so.

What if I get an error message: “Your Logical Access Control session has ended. No changes were made.”?

Repeat the steps in the Completing Logical Access Control (LAC) with your granting administrator section. Make sure that Active is selected in the Grant column.

Where can I check what information Experian has on file for me?

To check the information that Experian has on record for you, you can obtain a free Experian credit report from www.annualcreditreport.com. Identity proofing questions are formulated based upon credit history. This includes but isn’t limited to questions about home or auto loans, bank accounts, places of residency, etc. Having a credit report available can assist in answering these questions.

Related to