OneSpan Strong Authentication for EPCS

A global leader in authentication, electronic signatures, and identity management

3 minute read

Logo Cerner


Improve the Physician Experience

Enable physicians across your healthcare network to log in to any EPCS application with a user-friendly hardware token or mobile one-time-password (OTP) with biometrics

Meet Strict Authentication Requirements. Fast.

Stronger authentication for EPCS is mandated in most states already. Quickly and easily stay ahead of the DEA’s security requirements

Leverage Flexible Deployment Options

Multiple deployment options ensure quick implementation, securing physician login to any EPCS application while simplifying operations

EPCS At-A-Glance

The US Drug Enforcement Administration (DEA) legalized the use of Electronic Prescriptions for Controlled Substances to help reduce the rising prescription drug abuse problem in the United States. EPCS applications require a successful authentication by physicians in order to initiate any prescription of controlled substances, an important mechanism in reducing stolen prescriptions and substance abuse. Currently over half of the states have mandated specific multifactor authentication (MFA) requirements for these EPCS applications. And it’s expected that all states will require EPCS applications with MFA security in the near future.

A Fully Compliant Solution

Ensuring strict compliance and security of prescriptions for controlled substances is the law in a growing number of states. The OneSpan Strong Authentication for EPCS solution can be used with our hardware authenticator which has been certified to FIPS 140-2 Level 2 as well as our mobile authenticator which utilizes a 140-2 Level 1 certified cryptographic module.

These advanced and fully certified authentication security technologies not only satisfy rapidly expanding DEA mandates, but go to the heart of reducing rising prescription fraud and related drug abuse by fully securing high risk prescriptions.

Economical and Easy to Deploy

We recognize that each healthcare institution and platform has unique requirements. In light of this, our solution supports three cost effective and simple deployment options. Our healthcare customers can deploy a cloud-based solution, providing extensive security benefits and operational efficiencies. They can also embed OneSpan directly into the EPCS application by leveraging one of our existing integrations with Epic, PointClickCare, DrFirst, Allscripts, Imprivata, Matrixcare, Mediture or Cerner. And lastly, healthcare institutions can deploy onpremise, providing the ability to extend security to other key business applications.

Physician-Friendly Authentication Options

Your physicians don’t have time to deal with weak, static passwords that can be easily forgotten, and your healthcare institution can’t afford the exposure tied to a security breach and non-compliance with the DEA mandates. The OneSpan Strong Authentication for EPCS solution offers proven authentication options that are simple to use. Our Digipass GO7 hardware token generates an OTP at the touch of a button and supports secure access to multiple applications. And our Mobile Authenticator Studio provides a secure mobile OTP option which supports user-friendly face or fingerprint biometrics. Ensuring quick and secure login for physicians.


  • Improve the Physician Experience – Eliminate weak and cumbersome passwords while simplifying the login experience with user-friendly, one-button hardware tokens or a mobile authenticator with biometrics
  • Meet Strict Regulatory Requirements – Ensure compliance with DEA security mandates for EPCS with proven, and fully FIPS certified, multi-factor authentication
  • Quick Deployment – Leverage one of three flexible deployment options to customize a solution based on your healthcare institutions specific requirements