Tamper-resistant Prescriptions: Separating Fact from Fiction

On October 1, the Centers for Medicare and Medicaid Services (CMS) will require a higher level of security be integrated into prescription pads.  As a result of 2007 legislation mandating use of tamper-resistant prescriptions for Medicaid patients, healthcare providers will need to integrate at least three industry-recognized security features to:

1. Prevent unauthorized copying of a completed or blank prescription.
2. Prevent erasure or modification of information written on the prescription by the prescriber.
3. Prevent use of counterfeit prescriptions.

Though the intent of the guidelines is clear, many healthcare providers and their compliance officers are understandably concerned.  They do not have a thorough knowledge of security technologies.  And, unfortunately, there are a lot of misconceptions and inaccurate information circulating about which features actually will comply with CMS guidelines.

Nationally-recognized prescription security expert Jason J. Frerichs has been working with the National Council for Prescription Drug Programs to develop more definitive guidance on security features to provide a reliable reference to help both healthcare providers and pharmacists recognize whether a prescription is tamper-resistant. 

Assessing Security Features
The Insight editorial staff caught up with Mr. Frerichs to assist you in evaluating your organization’s prescriptions for CMS compliance.  He talked to us about available security technologies – what works and what could leave you open to embarrassment and liability.

Fiction: A prescription with multiple plys will satisfy CMS guideline #1.
Fact: No, to qualify as CMS-compliant, a security feature must exist on the prescription when it reaches the pharmacist.  The patient only presents the top ply of a duplicate prescription, so the pharmacist can’t be sure there was ever another ply.

Fiction: All pantographs are equally effective in preventing a criminal from copying a prescription (CMS #1).
Fact:  No, performance can vary widely.  Pantographs are hidden background images, such as “VOID,” that appear across a document when it’s been copied or scanned.  When the pantograph image is less than 600 x 600 dots per inch (dpi), the VOID will not appear at many copier settings.  An effective pantograph will produce a VOID across a wide range of color copier settings.

Fiction: Refill quantities surrounded by special characters such as asterisks, e.g. *** Qty 5***, act as security against modification and satisfy CMS requirement #2.
Fact: The CMS has said the use of asterisks is only acceptable as a security feature for computer-generated prescriptions. 

Fiction: If my prescription is chemically coated, it will prevent modification and be compliant with CMS requirement #2.
Fact: Maybe, maybe not.  Many prescriptions are coated to protect against bleach.  However, criminals employ many common chemicals, such as acetone, to modify prescriptions.  Some 42 chemicals have been known to be used. A truly tamper-resistant prescription will leave a stain or reveal a “VOID” when exposed to multiple chemicals.

Fiction: Thermochromic ink isn’t an effective security feature because it doesn’t work after sitting on a shelf.
Fact:  Thermochromic or heat-sensitive ink provides an effective means of authenticating that a prescription is valid and not a counterfeit. If properly formulated and controlled, it will perform as intended indefinitely – changing from one color to another, or from color to clear from the warmth of a hand or your breath. It can be used to satisfy CMS requirement #1 or #3.

Fiction: Having our hospital logo on the prescription will help prevent counterfeiting and satisfy CMS guideline #3.
Fact:  A logo is not a security feature and will not meet any of the CMS requirements. Anyone can grab one from your Website and use it to create a counterfeit prescription or other document.

  
TRUTH OR CONSEQUENCES
At this point, you may feel like throwing up your hands and simply comply with the letter of the law and ignore the spirit.  However, Frerichs warned, “There are real consequences for those healthcare organizations and practitioners who adopt a minimalist approach.

“You can expect to be barraged by patient phone calls if pharmacists refuse your prescriptions.  Until standards and testing procedures for tamper-resistance are in place and accepted, pharmacists will be the ultimate arbitrators of what’s compliant. They can’t afford to gamble on accepting poor quality prescriptions because when faced with an audit, they will not be reimbursed,” he said.

Frerichs also pointed to a legal issue, “holder in due course,” that potentially could hold the healthcare provider liable if fraudulent activity would arise.  “Originally applied to negotiable checks, the courts have said that the party most able to prevent the crime must take appropriate steps to do so,” he explains.  “This principle has not been tested in the courts as it relates to prescriptions yet, but providers should seek legal counsel to ensure they are not liable.

THE ROAD TO COMPLIANCE
With so much confusion in the marketplace and the October 1 deadline closing in, just what can a healthcare system and their practitioners do to meet CMS guidelines and minimize liability?

“There are no shortcuts to compliance,” Frerichs said, “but there are two vital steps you can take – testing your prescriptions and understanding the standards being followed in your state.”

Test your Prescriptions for Quality

1. Examine the preprinted information. Does the ink come off easily? Wrap tape around your finger and see if you can lift off the phone number. Or, try picking off the ink with a pick. If you can easily remove the ink without damaging the paper, you have a quality problem.  The criminal will commonly replace the practitioner’s phone number with their own in case the pharmacist calls.
2. Test a written prescription by dipping in bleach and then acetone.  If you can remove the written information without destroying the prescription, you have a problem.  A quality Rx paper will change color where bleach, acetone or another chemical is applied, or a “VOID” may emerge. So you can easily detect that someone has modified the prescription.
3.  Test your prescription on a color copier. Test it across a wide range of light and dark settings.  A “VOID” should display across the prescription at multiple settings.  A good quality prescription will display the “VOID” on about 90 percent of the copies.
4. Test your prescription as a fax. If your prescription has a photocopy void feature, it will activate when faxed. Some photocopy voids result in a solid “VOID” on the prescription that makes it impossible for the pharmacist to read.  This will result in delays for your patients and increased phone calls to you and your staff. A well designed photocopy VOID uses hollow letters that don’t obscure the prescription when it is faxed.
5. Test the sensitivity of the thermochromic (heat-sensitive) ink. A quality thermochromic ink will quickly change from an intense blue to clear, or from one color to another.  These are the most complex ink formulations to duplicate and thus provide an effective deterrent against counterfeiting.

KNOW YOUR PHARMACISTS, FOLLOW THEIR LEAD
“With local pharmacists being the ultimate judges of which prescriptions are tamper-resistant, it’s important that you develop a relationship with them,” Frerichs stressed.

“Pharmacists are being held accountable for determining whether a prescription is tamper-resistant.  Healthcare providers need to understand how pharmacists are testing for compliance to ensure their security choices will pass pharmacists’ tests,” he said. “Though CMS may, indeed, accept and endorse specific security features, pharmacies are not likely to have the necessary equipment to test every feature.

“If you know the expectations of the pharmacy community and meet that norm, you will minimize patient inconvenience, embarrassment and the potential liability associated with non-compliance,” Frerichs concluded.

For more information on developing a CMS-compliant prescription program or for assistance in assessing your organization’s fraud risks, contact Standard Register.  Or, visit the Resource Center at www.securescrip.com for helpful information about prescription fraud prevention.