Fax or Digitized Guidelines
Print Version Printer version


Guidelines for Prescriptions Transmitted to Pharmacists by Fax or in Digitized Image Files

December, 2006 OCP Council

Can pharmacists trust the authenticity of prescriptions they receive by facsimile? Is it acceptable for pharmacists to receive scanned images of prescriptions sent to them in computer files? There are minimum requirements that need to be met before either question can be answered in the affirmative.

It is important to note that neither the use of facsimile transmissions nor the transmission of computer image files constitutes true electronic prescribing. In true electronic prescribing, machine-readable data is sent from a prescriber's computer to a pharmacy's computer without intermediary human-readable images such as faxes or scanned images of paper prescriptions. True electronic prescriptions have advantages over paper-based prescriptions for prescribers and pharmacists by authenticating the transmission and providing the security to prevent tampering. Projects are underway in Canada that seek to introduce electronic prescribing in community pharmacy settings. Yet despite the advantages of e-prescriptions, several obstacles (some technical and some regulatory) stand in the way of their introduction. Although Canada Health Infoway and Health Canada have both worked over the last year to bring e-prescribing closer to reality, there is as yet no full-scale deployment of e-prescriptions in Ontario.

It is not yet possible to legally transmit a prescription electronically from a prescriber's computer to a computer at a community pharmacy.

Meanwhile, the advantages that e-prescriptions offer to physicians and pharmacists have driven vendors to find creative ways to bend, if not break, the rules and regulations (the federal Food and Drug Act and the Controlled Substances Act) that keep prescribers tied to the use of paper-based prescriptions. Some of these vendor products create images of prescriptions and fax them to pharmacists. Others send the images in computer files as email attachments. Some of them are unacceptably risky from a computer security perspective. Others are reasonably secure but still violate existing law and regulation. Still others appear to offer a legal and secure means of transmitting prescriptions electronically from prescribers to pharmacists. Many of these vendor products rely on a computer-generated facsimile to deliver the final prescription because both physicians and pharmacists can legally accept faxes.

How can pharmacists discern whether the prescriptions they receive by fax are both authentic and legally constructed? The requirements below, if met, will allow pharmacists to answer this question affirmatively.

The following two recommendations refer to requirements for computer-based systems that fax prescriptions to pharmacists.

Requirement 1 - All computer-based prescription systems that electronically record prescriptions and transmit them to a pharmacist by facsimile copy or in a computer file containing a digitized image of the prescription must:
  1. digitally record and store the unique instance of a prescriber's signature obtained at the time the prescription is signed, in addition to other audit log information such as the time of transmission and destination;
  2. transmit a clearly identifiable, life-size image of the digitally recorded signature as an integral part of the prescription facsimile; and
  3. mark any paper copy printed in addition to the electronically transmitted prescription as a copy, in order to prevent a patient from improperly filling the prescription more than once.
Requirement 2 - Where a pharmacist is aware of the use of a third-party information technology service provider, by a prescriber, to deliver a prescription by facsimile copy to the pharmacist, the pharmacist should obtain assurance from the prescriber that:
  1. the service provider is aware of and accepts the responsibilities and obligations, in respect of the service provision, that are placed upon that service provider acting as an agent of the prescriber by the Ontario Personal Health Information Protection Act, 2004;
  2. the service provider has put in place reasonable technical and administrative safeguards to ensure that the confidentiality and integrity of all personal information in the prescription is protected while being stored or processed by the service provider; and
  3. the service provider warrants that the personal information in the prescription will not be collected, used, retained, or disclosed for any purpose other than to deliver the prescription to the pharmacy of the patient's choice in a timely fashion.

In addition, a further recommendation is made regarding computer-based systems that transmit prescriptions to pharmacists in digitized image files (i.e., files containing a computer-generated or scanned image of each prescription):
Requirement 3 - Before accepting a digitized image of a prescription transmitted in a computer file by a third-party service provider, the pharmacist must obtain assurances that:
  1. the service provider is aware of and accepts the responsibilities and obligations, in respect of the service provision, that are placed upon that service provider by the Ontario Personal Health Information Protection Act, 2004;
  2. the service provider has put in place reasonable technical and administrative safeguards to ensure that the confidentiality and integrity of all personal information in the prescription is protected while being stored or processed by the service provider;
  3. the service provider has put in place reasonable technical and administrative safeguards to ensure that the confidentiality and integrity of the computer file containing the image of the prescription is protected while being transferred by the service provider to the pharmacist; and
  4. the service provider warrants that the personal information in the prescription will not be collected, used, retained, or disclosed for any purpose other than to deliver the prescription to the pharmacy of the patient's choice in a timely fashion.

Questions Pharmacists Should Ask Before Accepting Faxes or Digitized Image Files from Computer-Based Prescription Systems

Pharmacists receiving prescriptions by fax should ask the following questions and ensure they can be answered in the affirmative:

1Is the prescriber's signature unique to each prescription?
If a digitized image of a prescriber's signature is pasted onto multiple prescriptions, it will function as the electronic equivalent of a rubber stamp. Such stock images providelittle or no security against prescription fraud. Each prescription must be signed by the prescriber and each signature must form a unique image. Question 1 should be asked whenever faxed prescriptions are received from a new source.

2Is the image of the signature clear, life-sized, and suitable for comparison with other examples of signatures from the same prescriber?
Signature images that are too small, too indistinct or too coarsely digitized provide insufficient visual information to allow a useful comparison with known samples of the prescriber's signature. Question 2 should be asked with each prescription received.

Pharmacists who are considering allowing prescribers to submit prescriptions in the form of digitized image files need to ask the following additional questions and ensure the answers are also affirmative:

3If the pharmacist receives the prescription via a third-party service provider, has the service provider put in place reasonable technical and administrative safeguards to protect the confidentiality and integrity of the information in the prescription while it is stored or processed by the service provider?
To maintain patient privacy, computer equipment containing personal health information should either be physically protected against unauthorised access or theft (e.g., by being maintained in a physically secured environment that limits access to authorised personnel) or else the information should be stored in encrypted form to prevent access if the equipment is stolen or lost. A service provider that fails to implement either of these measures is taking unnecessary risks with the confidentiality and integrity of this information.

Question 3 above should also be asked by pharmacists who are aware that the prescriptions they receive by fax are being delivered via a third-party service provider.

4Are the image files protected by encryption during transmission?
If a file contains personal health information, it should either be encrypted prior to transmission or it should be transmitted across a securely encrypted channel (e.g. via a web connection secured by SSL1). Unencrypted digitized image files containing prescriptions should never be attached to emails or transmitted by unsecured means.

5If the prescriber transmits the image file via a third-party service provider, does the service provider warrant that the personal information in the prescription will not be collected, used, retained, or disclosed for any purpose other than to deliver the prescription to the pharmacy of the patient's choice in a timely fashion?
To maintain patient privacy, files containing digitized images of prescriptions should only be kept by the service provider for as long as is needed to ensure successful transmission.

Questions 3, 4 and 5 should be asked the first time arrangements are made by the pharmacy to receive prescriptions in the form of digitized images. They should be asked again whenever material changes are made to these arrangements.
Question 3 should also be asked by pharmacists the first time they become aware that prescriptions they receive by fax from a prescriber are being delivered via a third-party service provider.

1SSL or Secure Sockets Layer is a means of encrypting message traffic between a web browser and a web server. A slightly updated version is called TLS or Transport Layer Security. SSL/TLS is a published standard of the Internet Engineering Task Force.


Guidelines for Prescriptions Transmitted by Fax
Pharmacy Connection May/June 2007

Editor’s Note
As this edition of Pharmacy Connection goes to press, it appears that electronic prescribing is closer to becoming a reality, but it is not clear what the standards for such transmission will be. In the meantime, these guidelines will assist pharmacists with evaluating prescriptions received on current computerized fax-based systems

Prescriptions generated from a physician’s electronic health record system or computer program and then faxed to the pharmacy are not considered true e-prescribing. True e-prescribing will allow a prescriber to generate a prescription which will be transmitted directly to the pharmacy and populate the pharmacy computer fields.
At the same time, true e-prescribing will provide the tools to verify the authenticity, integrity and security of the sender and data received.

The College is aware that Health Canada is involved in several initiatives to develop the enabling legislation and standards to permit electronic prescribing. As the legality of electronic prescriptions has been in question for a number of years, several providers have developed fax-based solutions to transmit prescriptions. Presently, facsimile transmissions or transmission of computer image files (i.e. encrypted e-mail), which do not constitute true electronic prescribing, is permitted. Pharmacists will be kept informed of any changes to this situation and the following information is provided for guidance in current practice.

The current Federal legislation, Food and Drugs Act and Controlled Drugs and Substances Act, require that prescriptions are provided verbally or in writing. While verbal prescriptions can be accepted in most cases, any written prescription is expected to be signed by the physician. This provides the authentication by a prescriber for the prescription as well as a method for a pharmacist to verify the authenticity of the order. Regardless of whether the prescription is handwritten, typed, computer generated, or generated using a medical health record system, the prescription is expected to be signed by a physician. Not signing prescriptions potentially leads to fraud, diversion or misuse by patients as a pharmacist has no way of determining whether the prescription is original, photo-copied, reproduced by a software program or was a copy given to the patient for insurance purposes.

For a written prescription, the physician’s unique signature is required to provide the authorization. A rubber stamp or an electronic counterpart are not acceptable as each signature is the same or can be created by any number of people. In addition, not signing or no signature is not acceptable.

Many physicians’ systems that generate a prescription have been introduced over the past several years. Some can create unique signatures each time the prescription is generated. However, many do not, and prescriptions are sent to pharmacies using facsimile in the belief these are acceptable “electronic” prescriptions.
Modifications or additional software can often be requested from the medication management system provider that can generate a unique signature each time a prescription is generated.

To assist pharmacists in communicating with physicians about a particular fax system, the College developed a questionnaire which pharmacists are encouraged to use based on principles from the “The Guidelines for Prescriptions Transmitted to Pharmacist by Fax or in Digitized Image Files” which can be found above.

In any communication, a pharmacist may wish to indicate to the physician that it would be helpful if a physician could identify the method of transmission e.g. direct fax, third party service provider etc. and the software program or electronic health management system they use. Where physicians have questions, pharmacists should direct or refer physicians to our website for the Guidelines or advise physicians to contact the Physician Advisory Service at the College of Physicians and Surgeons of Ontario for more information.

The following are questions that should be included in communications with the physician based on the recommendations contained in the Guidelines.

The physician should be aware that an affirmative response to all questions will serve as their acknowledgement and authorization for prescriptions faxed to pharmacies from their office.

If a physician answers the questions by selecting any of the choices in the last column of the table below, the pharmacist will have concerns about the authenticity of the prescriptions and/or security of the transmission.

Questions
1. Is your signature visible on each faxed prescription?YesNo
2. Your signature on each prescription must be unique (i.e., not an electronic counterpart to a "rubber stamp").
How do you sign prescriptions before they are faxed?
  • With each prescription, I sign copy printed on paper which is then faxed.
  • With each prescription, I use a stylus to sign a tablet, screen or hand-held device.
  • With each prescription, I use a special electronic pen to sign the prescription.
  • With each prescription, I use another method to generate a unique signature.
    		• I do not sign each prescription before faxing.
    3. If you use a service provider to fax your prescriptions to the pharmacy on your behalf is the transmission secure and privacy protected?
    Do you use a service provider and if so, have they assured you that reasonable technical and administrative safeguards are in place to protect the confidentiality of the information in the prescription while it is stored or processed by the service provider e.g. secure firewalls, encryption?    		I use a service provider and they have assured me that reasonable technical and administrative safeguards are in place to protect the confidentiality of the information while it is stored or processed by the service provider.I use a service provider but do not know whether they have reasonable technical and administrative safeguards place.
    4. Do you have an agreement with your service provider that warrants that the personal health information in the prescription will not be collected, used or disclosed in contravention of Ontario's Personal Health Information Protection Act (PHIPA)?YesNo