State Board of Pharmacy; 77 South High Street, Room 1702; Columbus, Ohio 43215-6126

Tel: 614/466-4143                    Fax: 614/752-4836                   Eml: exec@bop.state.oh.us

 

 

 

 

This document was drafted in cooperation with Pharmacy Board members, staff, and Compliance Specialists, the Ohio Hospital Association, and the Ohio Society of Health-System Pharmacists. This document was designed to specifically answer questions for pharmacists, hospital administrators, hospital information technology personnel, computer software vendors, and others regarding hospital “electronic drug record keeping systems” and the various ways to achieve “positive identification” pursuant to paragraph (N) of rule 4729-5-01 and paragraph (I) of rule 4729-17-01 of the Administrative Code.  The content herein does not create additional regulatory requirements; however, it merely interprets existing regulations and shares the information from frequently asked questions.

 

 

What is positive identification?

           

“Positive identification” is defined in paragraph (N) of rule 4729-5-01 of the Administrative Code. It is also defined specifically for hospitals in paragraph (I) of rule 4729-17-01 of the Administrative Code. This document will discuss both methods of positive identification.

 

Paragraph (N) of rule 4729-5-01 states the following:

 

“Positive identification” means a method of identifying an individual who prescribes, administers, or dispenses a dangerous drug.

 

(1)  A method may not rely solely on the use of a private personal identifier such as a password, but must also include a secure means of identification such as the following:

(a)  A manual signature on a hard copy record;

(b)  A magnetic card reader;

(c)  A bar code reader;

(d)  A thumbprint reader or other biometric method;

(e)  A proximity badge reader;

(f)  A board approved system of randomly generated personal questions;

(g)  A printout of every transaction that is verified and manually signed within a reasonable period of time by the individual who prescribed, administered, or dispensed the dangerous drug.  The printout must be maintained for three years and made available on request to those indivi­duals authorized by law to review such records; or

(h)  Other effective methods for identifying individuals that have been approved by the board.

 

(2)  A method relying on a magnetic card reader, a bar code reader, a proximity badge reader, or randomly generated questions for identification must also include a private personal identifier, such as a password, for entry into a secure mechanical or electronic system.

 

Additionally for hospitals, paragraph (I) of rule 4729-17-01 states the following:

 

“Positive identification” has the same meaning as paragraph (N) of rule 4729-5-01 of the Administrative Code except that a specific hospital having a closed electronic drug record keeping system may be permitted to use identifiers utilizing both a password combined with a personal identifier to document the positive identification of each user for, but not limited to, the prescribing and administration of a drug if approved by the board of pharmacy.</para_first>­

<level2>­

<para_first>­(1) At a minimum, the following items will be considered during the approval process:</para_first>­

<level3>­<para_first>­            (a) Adequate audit controls are in place to detect and deter drug diversion;</para_first>­

</level3>­<level3>­<para_first>­            (b) Adequate access controls are in place to assure the identity of a user and to assign accountability of the user for any drug transaction;</para_first>­

</level3>­<level3>­<para_first>­            (c) Adequate safeguards are in place to prevent and detect the unauthorized use of an individual's password and personal identifier;</para_first>­

</level3>­<level3>­<para_first>­            (d) An ongoing quality assurance program is in place to ensure that (I)(a) through (I)(c) of this rule are being fulfilled and reviewed; and</para_first>­

</level3>­<level3>­<para_first>­            (e) Appropriate policies and procedures are in place to address all of the items in (I)(a) through (I)(d) of this rule.</para_first>­

 

</level3>­</level2>­<level2>­<para_first>­(2) Positive identification pursuant to paragraph (N) of rule 4729-5-01 of the Administrative Code shall always be used to document the:</para_first>­

<level3>­<para_first>­            (a) Dispensing, compounding, or repackaging of a drug;</para_first>­

</level3>­<level3>­<para_first>­            (b) Removal and possession of a controlled substance to administer to a patient;</para_first>­

</level3>­<level3>­<para_first>­            (c) Waste of a controlled substance.</para_first>­

 

 

What is an electronic drug record keeping system?

 

Pursuant to paragraph (H) of rule 4729-17-01 of the Administrative Code, an “electronic drug record keeping system” means a system of storing drug records electronically and capturing the “positive identification” of the person responsible for a specific drug transaction including, but not limited to, the prescribing, administering, or dispensing of a drug. 

 

What is a personal identifier?

 

Pursuant to paragraph (K) of rule 4729-17-01, “personal identifier” means a unique user name or number for identifying and tracking a specific user's access to an electronic drug record keeping system such as social security number, user identification number, or employee number.</para_first>­

 

 

What is a password?

 

Pursuant to paragraph (J) of rule 4729-17-01, “password” means a private identification that is created by a user to obtain access to an electronic drug record keeping system.</para_first>­

 

 

What is the best way to achieve positive identification?

           

The Pharmacy Board strongly believes that the best ways to achieve positive identification are those methods described in paragraph (N) of rule 4729-5-01 of the Administrative Code.  Paragraph (N) of rule 4729-5-01 does not permit passwords and personal identifiers alone to achieve positive identification. However, the Board understands the benefits of electronic drug record keeping systems and will work with hospitals and electronic drug record keeping system vendors to achieve positive identification of the user, hence the formation of paragraph (I) of rule 4729-17-01. However, hospitals should only seek Pharmacy Board approval for using passwords and personal identifiers as their final option and only as a temporary solution. Hospitals and vendors alike should be looking at moving towards the elimination of passwords and personal identifiers to achieve positive identification and in embracing advances in technology to achieve positive identification.  Thus, the Board is instructing hospitals and vendors to continually look for ways to implement positive identification as described in paragraph (N) of rule 4729-5-01.

 

 

Where is the best place in an electronic drug record keeping system to require positive identification?

 

Ideally, the prompt requesting positive identification should be at the conclusion of a drug transaction. For example, when a prescriber issues a prescription, the last thing he/she does is sign the prescription.   Realistically, it only makes sense to document the drug transaction with positive identification after the completion of an act.  Positive identification required at log-in does not document the specific drug transaction and causes other security problems.  For example, a nurse really does not document the administration of a medication when she logs in to an electronic drug record keeping system.  When a nurse used a paper medication administration record he/she was required to document the administration after the drug was administered.  Again, ideally that is what should occur with an electronic drug record keeping system. 

 

As noted above, an electronic drug record keeping system that requires positive identification only at log-in security problems arise.  For example, if a user walks away and fails to log-off the system, the system will remain live and anyone can enter the system under that user’s positive identification.  Therefore, such a system would need to implement an automatic log-off when inactivity is noted.  The automatic log-off times would need to be relatively short, and may vary depending on the practice location.

 

 

What should you know before selecting a bar code reader as your method of achieving of positive identification?

 

Pursuant to rule 4729-17-03, there must be adequate controls to prevent diversion of drugs.  Therefore, bar codes must be designed so that they may not be photocopied and used to enter the system. Also, the device containing the bar code should not display the number sequence that will allow a person to override the bar code scanning process and gain access to the system. 

 

 

How can I design a system of randomly asked questions to achieve positive identification?

 

An example of a system of randomly asked questions with a personal identifier is as follows:  Upon setup a person is initially asked to answer 15 questions, each with a unique answer, from a pool of 70 questions; then, when positive identification is required for a drug transaction that person will be asked to answer two randomly selected questions from the pool of the 15 uniquely answered questions that were submitted by that person.

 

 

Should an electronic drug record keeping system have a secondary method of positive identification as a back-up?

 

            Absolutely. When a system of positive identification fails, there needs to be an alternative method to allow a healthcare professional to continue practicing without compromising patient care, yet meeting the intent of keeping appropriate records for the administration, prescribing, and dispensing of a drug.  There are various ways that this can be achieved and it is suggested that you talk with the Board about them.

 

 

What will be considered for Pharmacy Board approval of a hospital to use passwords and personal identifiers to document positive identification?

 

Pursuant to paragraph (I) of rule 4729-17-01, the following will be considered during the approval process:

 

·        The electronic drug record keeping system is a closed system within the   hospital.

·        Adequate audit controls are in place to detect and deter drug diversion.

·        Adequate access controls are in place to assure the identity of a user and to assign accountability of the user for any drug transaction.

·        Adequate safeguards are in place to prevent and detect the unauthorized use of an individual’s password and personal identifier.

·        An ongoing quality assurance program is in place and routinely reviewed.

·        Appropriate policies and procedures are in place.

·        That positive identification pursuant to paragraph (N) of rule 4729-5-01 is being used to document: the dispensing, compounding, or repackaging of a drug; the removal and possession of a controlled substance; and, the waste of a controlled substance.

 

 

What is meant by an electronic drug record keeping system that is a closed system within the hospital?

 

A closed system within a hospital means that the electronic drug record keeping system functionality is contained within the confines of the inpatient hospital system. Thus, no outside access or drug orders/prescriptions sent outside of the hospital electronic drug record keeping system would be allowed without meeting the requirements for positive identification pursuant to paragraph (N) of rule 4729-5-01. This is because adequate audit controls, access controls, and safeguards cannot be assured. 

 

For example, prescriptions created within the hospital system could not be sent to an outside retail pharmacy utilizing only passwords and personal identifiers.  An additional Pharmacy Board approval would have to occur for hospitals wanting to use an electronic prescription transmission system pursuant to rule 4729-5-30.

 

Another example is a hospital that would allow a prescriber to remotely access the hospital’s electronic drug record keeping system to create drug orders for inpatients.  The prescriber could not use passwords and personal identifiers to remotely access the hospital’s electronic drug record keeping system.  Positive identification of the prescriber pursuant to paragraph (N) of rule 4729-5-01 would be required.   

 

 

 

What is meant by adequate audit controls and access controls?

 

Audit and access controls are technical safeguards. An electronic drug record keeping system that does not employ both of these controls will not be adequate for using passwords and personal identifiers for positive identification.    

 

Audit controls provide the ability to track user access when prescribing, dispensing, administering, and performing other dangerous drug transactions or required documentation.  Electronic drug record keeping systems at a minimum should log user identification, location of drug transaction, time and date of access, and dangerous drug accessed.

 

Access controls limit access to electronic drug record keeping systems to only authorized individuals through a combination of controls, such as setting parameters for creating passwords, requiring passwords to be changed after a set period of time, and restricting an individual’s access to those drug applications allowed per practice act (e.g.: a nurse may administer but cannot dispense a drug).  

           

 

What is meant by acceptable safeguards, quality assurance programs, and policies and procedures?

 

Acceptable safeguards, quality assurance programs, and policy and procedures were combined because they relate to each other. They also directly relate to the audit controls and access controls noted above.  You can have the best audit and access controls but without adequate safeguards to prevent and detect the unauthorized use of an individual’s password and personal identifier, appropriate ongoing quality assurance programs, and policies and procedures, the system will not be adequate to use passwords and personal identifiers for positive identification. 

 

The whole point of positive identification is to positively identify an individual.  This entire article is devoted to positive identification and the Pharmacy Board believes it is a very important topic.  We all know the problems associated with passwords and personal identifiers.  The Board has discovered that passwords and personal identifiers can be easily stolen without the knowledge of the user.  Therefore, a person could use a stolen password and personal identifier to enter an electronic drug record keeping system to obtain drugs by creating drug orders, dispensing medications, and removing medications with it appearing to be the person linked to the password and personal identifier.  Also, many of us have so many different passwords we tend to write them down so they can easily be seen; or worse, we tape them to the computer monitor.  Additionally, healthcare professionals are not the greatest typists and often use the one finger “seek and you shall find method” when entering their passwords and personal identifiers, thus making it easy for another person to obtain.  

 

Therefore, the most important thing in the approval process is to have the appropriate safeguards in place to prevent and detect unauthorized use of an individual’s password and personal identifier.  Some individual examples of appropriate safeguard applications for an electronic drug record keeping system might be to: notify an individual when a drug transaction occurs with their password and personal identifier for verification; track a drug order from order entry to administration to verify that an order was completed and ensure that all drug transactions (e.g.: order entry, dispensing, and administration) were not performed by the same individual; and, connect work schedule times with access to the system.  These are just some individual examples to give a hospital some ideas of what is meant by appropriate safeguards.  Each hospital is unique and may require multiple safeguard applications for Board approval and they may be completely different than listed above.  

 

 It cannot be stressed enough that safeguards are directly linked to the audit controls, access controls, quality assurance programs, and policies and procedures.  The quality assurance programs need to be ongoing and not just used during the initial testing phase.  Quality assurance programs should be developed by using the information obtained from the technical, audit, and access controls.  The information should be routinely reviewed and evaluated for discrepancies and variances. Policies and procedures need to be developed to address how to deal with a detected discrepancy or variance.  Additionally, policies and procedures need to be developed to address all items in paragraph (I) of rule 4729-17-01.  A hospital needs to address what disciplinary action will be applied to an individual that violates a policy and procedure.   

 

Prior to presenting its system to the Board for approval, a hospital should review its electronic drug record keeping system and conduct its own risk assessment to determine if it has adequate access controls, audit controls, and safeguards, and appropriate quality assurance programs, and policies and procedures to assign accountability and to prevent and detect drug diversion.    

 

 

When is the best time for you to involve the Board in the process of developing your electronic drug record keeping system?

 

Early and often!  The Pharmacy Board understands the benefits of electronic drug record keeping systems and wants to aid a hospital in successfully implementing a system.  As everyone knows, these systems have a great potential to reduce medication errors, provide enhanced confidentiality of drug records, increase efficiency, decrease paper, enhance accountability, and enhance drug security.  So, the earlier the Pharmacy Board can work with you and your electronic record keeping system vendor the better.  Please note that the Pharmacy Board does not approve the electronic drug record keeping system, but only the method of achieving “positive identification”.

 

 

What is the Board’s approval process for evaluating positive identification in a hospital electronic drug record keeping system?

           

The Pharmacy Board approval process involves looking at the method of positive identification used in a specific hospital electronic drug record keeping system.  The Pharmacy Board approval is not an approval of the electronic drug record keeping system, but only in the method of achieving and documenting positive identification in relation to all drug transactions.

 

The Board approval process for hospitals with an electronic drug record keeping system that utilizes a method of positive identification as defined in paragraph (N) of rule 4729-5-01 (no passwords and personal identifiers) will involve ongoing communication with Board office staff and more importantly with your area Compliance Specialist to answer questions, to discuss the timeframe for implementation, and to determine a mutually acceptable date and time to conduct an inspection. The Compliance Specialist may choose to conduct an initial on-site review of your planned system, and may request interim meetings to review your progress.  The Compliance Specialist will conduct an inspection to verify that the method(s) of positive identification and location within the electronic drug record keeping system meet the requirements that should have been discussed throughout the selection and implementation process.   

 

The Board approval process for hospitals with an electronic drug record keeping system that utilizes a method of positive identification as defined in paragraph (I) of rule 4729-17-01 (passwords and personal identifiers) will involve meeting with the Pharmacy Board staff, and the assigned Board Compliance Specialist(s), if available and appropriate, to review and evaluate the items listed in paragraph (I) of rule 4729-17-01 to determine if adequate controls are in place to assign user accountability and to detect and deter drug diversion, as well as reviewing quality assurance programs and policies and procedures.  After the Board staff determines that the method(s) of positive identification is appropriate and your electronic drug record keeping system is ready for operation, an inspection will be conducted by the Compliance Specialist(s) to verify that all items that were discussed in the initial approval process have been implemented.  If any items listed in paragraph (I) of rule 4729-17-01 are not adequately fulfilled then passwords and personal identifiers may not be used to document positive identification.  Therefore, a hospital must follow the requirements in paragraph (N) of rule 4729-5-01 to achieve positive identification.  Any unresolved conflicts regarding the approval of a method of achieving positive identification in a hospital will be taken to the Pharmacy Board itself for resolution.

 

Once the Pharmacy Board has approved the hospital’s method of positive identification, the Board will document the approval in an inspection report rendered by the inspecting Compliance Specialist(s).  Those hospitals that have been approved by the Board will be listed on the Board’s website.

           

 

What are the sequences of events that are expected when implementing an electronic drug record keeping system?

 

            Some example steps you should consider to obtain Board approval are:

 

1)      Prior to purchasing an electronic drug record keeping system a hospital should read this document and then contact the Pharmacy Board to indicate its intent to implement an electronic drug record keeping system and to discuss any specific questions uniquely related to the hospital.

2)      Determine the appropriate areas of implementation and method(s) of positive identification that are best suited for the hospital.

3)      Select a software vendor that can provide an electronic drug record keeping system that can meet the hospital’s needs and implement your selected method(s) of positive identification.

4)      Contact the Pharmacy Board to indicate what electronic drug record keeping system vendor you selected, the method(s) of positive identification that will be used, the location within the system that positive identification will be implemented, and the timeframe for installation and implementation.

5)      Contact the Pharmacy Board office staff and area Compliance Specialist with questions as often as needed.

6)      Routinely contact the area Compliance Specialist with progress of implementation.  In a large, complex system, the Compliance Specialist may request multiple on-site visits to discuss progress and help guide system development.

7)      If you are using a method of positive identification as defined in paragraph (N) of rule 4729-5-01 (when passwords and personal identifiers are not used), then only an inspection by a Pharmacy Board Compliance Specialist is required for approval as described in this document. 

8)      If you are using passwords and personal identifiers pursuant to paragraph (I) of rule 4729-17-01, then you must contact the Pharmacy Board to obtain approval by the Board as described in this document.

9)      After an individual hospital’s method(s) of positive identification is inspected and approved, the information will be added to a list on the Board’s website.

 

 

What interaction should you expect to have with a Compliance Specialist(s)?

 

            You should plan on meeting with a Board Compliance Specialist early and often during your planning stage.  The Compliance Specialist(s) may have anecdotal information that will help avoid problems experienced in other hospitals when implementing an electronic drug record keeping system.  Several meetings with your IT department and development team are suggested to discuss the method(s) of positive identification and your project timeline. It is important that the Compliance Specialist(s) work through the development and implementation stages with you.  Early identification and intervention of potential problems will allow you to maintain the implementation timeline of your electronic drug record keeping system.

 

            Prior to implementation of your electronic drug record keeping system, the Compliance Specialist(s) will initially review a test mode of all functions.  Obtaining an approvable status may take more than one inspection.  Once the test mode is approvable, then an incremental release of the system will be discussed.  Usually one busy floor, perhaps med-surg, will be suggested for the initial implementation phase.  After a few weeks in the implementation phase the Specialist(s) may return for an inspection of the unit to review the accuracy and successful utilization of the method(s) of positive identification implemented.  Also, you may need to run your old system parallel to the new system to maintain positive identification during the transition.  After an inspection, enhancements or corrections to the system may be required and additional inspections may need to be scheduled for a system to be approved for full implementation.

           

Some questions and/or items that you should anticipate to be asked, and/or demonstrated during an inspection are:

 

·        What method(s) of positive identification are you using? Are you using a method defined in paragraph (I) of rule 4729-17-01?

·        Does the application you selected for meeting the requirement of positive identification work?  You will be asked to demonstrate the method of positive identification.

·        Where in the electronic drug record keeping system is positive identification asked for?  Is it at log-in only?  Is it after a drug transaction?

·        If you only require positive identification at log-in, then what times have you assigned for automatic log-out?  This will be asked to be demonstrated.  The automatic log-out may need to be as low as 30 seconds from inactivity.

·        If using bar codes, can they be copied and be used to enter the system?  You will be asked to copy a bar code to see if it can be used to enter the system.

·        You will be asked to provide information on your policies and procedures and quality assurance programs.

·         If you are using a Board approved method of positive identification that allows passwords and personal identifiers, you will be asked to demonstrate the audit controls, access controls, and safeguards that are in place.