21 CFR 1311.125 - Requirements for establishing logical access control - Individual practitioner.

§ 1311.125 Requirements for establishing logical access control - Individual practitioner.

(a) At each registered location where one or more individual practitioners wish to use an electronic prescription application meeting the requirements of this subpart to issue controlled substance prescriptions, the registrant(s) must designate at least two individuals to manage access control to the application. At least one of the designated individuals must be a registrant who is authorized to issue controlled substance prescriptions and who has obtained a two-factor authentication credential as provided in § 1311.105.

(b) At least one of the individuals designated under paragraph (a) of this section must verify that the DEA registration and State authorization(s) to practice and, where applicable, State authorization(s) to dispense controlled substances of each registrant being granted permission to sign electronic prescriptions for controlled substances are current and in good standing.

(c) After one individual designated under paragraph (a) of this section enters data that grants permission for individual practitioners to have access to the prescription functions that indicate readiness for signature and signing or revokes such authorization, a second individual designated under paragraph (a) of this section must use his two-factor authentication credential to satisfy the logical access controls. The second individual must be a DEA registrant.

(d) A registrant's permission to indicate that controlled substances prescriptions are ready to be signed and to sign controlled substance prescriptions must be revoked whenever any of the following occurs, on the date the occurrence is discovered:

(1) A hard token or any other authentication factor required by the two-factor authentication protocol is lost, stolen, or compromised. Such access must be terminated immediately upon receiving notification from the individual practitioner.

(2) The individual practitioner's DEA registration expires, unless the registration has been renewed.

(3) The individual practitioner's DEA registration is terminated, revoked, or suspended.

(4) The individual practitioner is no longer authorized to use the electronic prescription application (e.g., when the individual practitioner leaves the practice).

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.

United States Code

Title 21 published on 10-May-2017 03:43

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 21 CFR Part 1311 after this date.

  • 2017-03-21; vol. 82 # 53 - Tuesday, March 21, 2017
    1. 82 FR 14490 - Program To Hire Special Assistant United States Attorneys in Targeted Federal Judicial Districts Utilizing Diversion Control Fee Account Funds
      GPO FDSys XML | Text
      DEPARTMENT OF JUSTICE, Drug Enforcement Administration
      Notice of proposed rulemaking.
      Electronic comments must be submitted, and written comments must be postmarked, on or before April 20, 2017. Commenters should be aware that the electronic Federal Docket Management System will not accept comments after 11:59 p.m. Eastern Time on the last day of the comment period.
      21 CFR Parts 1301 and 1311