Skip to main content
  1. Posts/

ePrescribing – Why its STILL a bad idea

·2754 words·13 mins

With my earlier rant about how hard it is to read doctors’ handwriting, you would think that everyone would just jump on the ePrescribing band-wagon and fix this problem. I’ve ranted before about the horrors of ePrescribing and choosing the wrong medication, now heres something else that isn’t really thought-out pretty well.
Thats right, that nice little fax you get from the doctors office using their spiffy new ePrescribing software. How can we be sure that its a real or a phony? To forge a hard-written Rx, you need to steal a pad, write your drug, write the sig in pharmacy shorthand that wont send off any red-flags, wipe your butt on the signature line (to get a realistic looking signature), and hope the pharmacist is too busy to realize a glaring error you made.
To forge a fax over Rx, you need to obtain the computer generated paper copy (which most doctors office will give you to), scan it, and just use photoshop or some other program to fill in whatever your heart wishes, then just fax it over. Nobody is going to be looking for an ePrescribing phony, so it shouldn’t send off any red flags. There is no “signature” only something stupid like:
James D Doofman MD
Signed via secure terminal
Thanks mr “Signed via secure terminal”, that really makes me feel like it makes this legit. Other have a little digital signature that looks like an inkjet printer threw up in a little text box. As if that’s going to stop people from using a xerox machine and some tape. “Secure Signature” thwarted.
ePrescribing has taken one huge factor that makes forgery difficult. The human handwriting factor. All of us ‘know’ a doctors handwriting or writing habits. The out of town or new doctors that we don’t recognize we call on. ePrescribing takes care of that. There is no human element to Rx’s now days. Everything is generated by a computer, the same type of computer that you are reading this entry on. The same computer that can be infected by viruses, taken over by hackers, and is 100% reliant on the person sitting in front of it to not click on the wrong space or hit the wrong button.
I could just as easily now take one of the 1000 rx’s that I receive on a daily basis for narcotics via ePrescribing, use a copy machine, Microsoft word, and some tape, and send out forgeries that nobody would give a second thought to. In fact, I would be really surprised if someone hadn’t made a web page that will allow you to fill in your name, address, pharmacy name/fax, and what drug you want (via easy click menu!) and have it auto-fax it to the pharmacy of your choice. I’m sure it would be very trivial to make, and pharmacists wouldn’t even suspect it to be a phony (maybe a mistake by the doctor, but not a phony).
So whats the solution? Easy, doctors need to know your pharmacist and pharmacists need to know your doctor. If you deal with one doctor on a frequent basis, invite him/her out to dinner or drinks after work. This applies to doctors to. You deal with the same pharmacy day in and day out? Go out for a beer or cocktail after work with them. Don’t give me this whole “I’m too busy” bullshit. All it takes is for that pharmacist to save your ass from one DEA investigation (because your dipshit office staff infected your office network with a virus, and every computer-literate crackhead now has full ePrescribing powers right under your nose) to make a few drinks a month/year completely worth your time.
I love how we toss out a system of Rx writing that has been working perfectly fine for hundreds of years to a system that has been out for 5 that our licenses and practice rely on. Way to go.

Comments #

Comment by RJS on 2007-09-09 06:02:16 -0700 #

All of your points are mitigated, of course, when one truly has a full electronic system where there are no faxes coming out of the fax machine.
At the mega chain I work for, we have a little queue that fills up with electronic prescriptions that we have to print out. There’s no way to stick something into that queue unless you have an SPI #. So you’d need someone *in* the office to fake that Rx for you, which doesn’t happen very often. And depending on how good your software is, you need the right logon to actually *generate* a script, otherwise your access to patient records (as office staff) is read-only. Different levels of privileges for the people in the office, not unlike normal IT work.
It’s easier to pick up the phone and fake an Rx than to forge a true electronic prescription.
And I don’t know about you, but up here in the Northeast, we have an average of ~3-4 pharmacies per square mile, most of them doing about 400 scripts a day. That’s a lot of doctors to generate that much script volume for that many pharmacies.
You’d be going out for dinner and drinks every single night of the week to get to know all the docs in the area that you regularly receive prescriptions from. It’s a nice idea, but it’s not realistic. The further south you go on the highway towards Boston, the more undoable this becomes.
It *would* cut down on the asshole behavior on the prescribers’ part though, now wouldn’t it.

Comment by Kay Geers on 2007-09-09 09:52:06 -0700 #

In MO, we are now required to call any doctor to verify controlled prescriptions received over fax. They are not allowed to send controlled rxs over the fax without a written signature (copied to the fax of course). They are to print out the fax, sign it then fax it. Of course, none of the doctors know this so we have to inform them over and over and over again. You know that any doctor that has ePrescribing is not going to print it out and fax it then. Why must we be Pharmacy Police?

Comment by DanTech on 2007-09-09 11:00:26 -0700 #

Revco (remember them?) had Prescribe on it’s computers and a few doctors used it back then.
Revco was consumed by CVS back in 1997, so the software has been out longer than 5 years.
It is still crap though.

Comment by drh on 2007-09-09 18:32:12 -0700 #

I’m with you. The e-prescribing trend has come largely from the electronic medical record trend. The EMRs are supposedly going to revolutionize healthcare and miraculously increase the quality of care that patients are receiving. At least that’s what the people SELLING EMRs are convincing doctors and even the government, which will probably eventually make having an EMR another asinine requirement to get paid by Medicare and Medicaid. Most docs I know who’s groups have gone to an EMR have hated it and said it’s made their lives a living hell. I know several who have quit their jobs because of them. There was even a study recently that showed the quality of care was basically the same between docs with paper charts and EMRs–a couple things a little better with EMRs and a couple better with plain old paper. I think this is another case (cough–Nexium) where companies who sell a product are creating bogus reasons to convince docs that unless they buy/prescribe their product, they’re bad doctors.

Comment by Awesome-O on 2007-09-09 19:26:45 -0700 #

What do I care if some junkie gets his fix? It’s better than you giving me the wrong medicine because you can’t read the doctor’s handwriting.

Comment by Rxmomma on 2007-09-09 19:36:39 -0700 #

now you’ve gone & done it, AP, you’ve just told the entire world how to forge e-prescriptions……Not too smart. Now the Vicodin Fairy will be working some OT to keep up with all those forgeries. Some things just need to be kept quiet and this is one of them.

Comment by DrRx on 2007-09-10 06:35:26 -0700 #

Well, I wouldn’t say the written script method has been working for 100’s of years…. If so, doctors and pharmacists wouldn’t be going to the point of mandating ‘tamper resistant’ script pads (October 1st, 2007) and folks would not bother to even try to forge them. But we know, that for every forgery that you catch, there are probably 2 or3 that you DON’T. ePrescribing certainly isn’t the answer either (at least not in its present state), but I don’t think that simply having a human-written signature is going to save us….

Comment by Rob on 2007-09-10 07:55:44 -0700 #

First, Faxed Rx can be traced to the machine that sent them. If I fax over a prescription, then it comes from my fax server. If the pharmacist pays attention to where it came from, they will catch forgeries.
Second, nobody ever gets a hard copy of the faxed Rx except the pharmacist themselves. The patients don’t know what the faxed Rx looks like and so don’t have a template with which to make a copy.
Third, e-prescribing is not the same as faxing. e-prescribing is the use of a totally electronic system using a service line Sure-Scripts that tracks them all electronically. With e-prescribing, you can actually look at a patient’s prescribing history and see what they have filled and where. It makes forgeries nearly impossible, since nobody knows the doctor’s log-in (much like all other e-commerce) PLUS it makes finding abuse far easier.
I really think e-prescribing is a huge step forward. Faxing is just an intermediate step. Am I wrong?

Comment by crash on 2007-09-11 12:25:41 -0700 #

Actually the headers and footers on the faxed script will either say the name of where the fax came from, or the phone number. So it easy to decide whether it is a real script or not.

Comment by Shalom (R.Ph.) on 2007-09-11 17:40:47 -0700 #

Commenting on the comments: Some software currently in use is a cross between true end-to-end e-prescribing (his computer straight to mine), and faxing: it starts with the doctor entering stuff into his Palm Pilot (or whatever) and finishes up with it spitting out our fax machine. Now how do I know, looking at that fax, whether it’s a real e-prescription or not? I’m not familiar with all the variations of e-prescribing software; a good fake only needs to look like it *might* have come from some random software package. Heck, who says it even has to be a real doctor, the whole office might be a figment of the forger’s imagination complete with legitimate-looking (but bogus) address, phone, DEA# etc. An even better refinement of this might be a real phone number belonging to a confederate. Admittedly if the script comes directly into my computer, it’s probably legit (assuming the doctor’s computer hasn’t been pwned, as TAP reminded us); however, when I’m working at a Chain of Verylarge Stores, these come out my fax machine all the time, and in assembly-line pharmacy it’s not always so easy to catch a phony. Besides, who even suspects the possibility (besides us suspicious types).
OK, if the doctor isn’t in our store’s database and not in the Central Verification System either, that might raise an eyebrow or two. I suppose in the end it comes down to knowing your local doctors, just like when they phone stuff in.
(And I do wish the pediatrician down the road would start e-rxing already. I mean, in ten years behind the counter I’ve seen some bad handwriting, but this is the first time I’ve ever actually put a doctor’s fax on speed dial. Most of his scripts are preprinted with a menu of eighteen drugs, and all he has to do is circle the name, strength, and “1/2” “tsp” “BID” “10 days”, or whatever (and I’ve heard, third-hand, that it wasn’t by his own choice that he started doing this…). It’s when he tries to write it freehand that it looks like a cross between Chinese and Arabic.)
Also, it’s trivial to make your fax machine report whatever name and number you want it to. It’s set somewhere in the options of the fax machine (or more likely in this case a computer with a fax-modem), and is thus only as trustworthy as the owner of the machine. If there was some way to cross-reference the header with Caller ID info, it could be made more reliable, but AFAIK that’s not been implemented.
(It’s always a good idea to have Caller ID on incoming lines in the pharmacy, for obvious reasons.)

Comment by rxpooh on 2007-09-12 09:17:51 -0700 #

Just yesterday I caught a fake–it was a computer generated rx for 260 percocet 5/325(nice round # huh?) from a large university hospital. It was a pretty good fake & I probably wouldn’t given it a second thought during my extremely busy day if it weren’t for the quantity. It was an odd # and an even odder # of days supply.
I called the MD to verify it and she wanted to see it. After I faxed it to her,she confirmed it was a fake. When I told the “patient” what I had found out and that I wouldn’t give her the script back, she didn’t seem too upset. She probably had more fake rx’s out in her car to take to the next unsuspecting pharmacy.
Many computer generated rx’s are way too easy to make on a home computer.
As far as e-prescribing goes–I have seen many MD’s pick the wrong drug/sig on their pull drown menu. Lucky for them, the pharmacists filling their scripts know what we’re doing!

Comment by Rich on 2007-09-13 12:37:34 -0700 #

Old system working perfectly?
Uh … no.
How many times have the wrong meds or the wrong dosages been given out in the US in the past year due to hard to read scrips?
Every system has its problems. It’s not black and white. One really is comparing gray areas here.

Comment by TMLutas on 2007-09-13 14:42:15 -0700 #

As a computer admin guy, I think I might have some of the pieces to this puzzle. There are plenty of programs out there that can generate non-human readable codes that replicate the human readable stuff that is there so the patient and pharmacist don’t necessarily have a computer handy. This can include a timestamp and a doctor’s code that can’t really be forged. See for a good example for general security use.
But this isn’t going to work unless you’re clear as to what’s acceptable and what isn’t. Forgeries can be eliminated but not unless everybody up and down the chain accepts that they’re going to have to change the way they do business.
Good luck with that.

Comment by FilipG on 2007-09-14 08:29:18 -0700 #

Coming from the Doc’s end of this, the *only* safeguard that exists in any meaningful way is the *relationship* between the Doc writing the Rx and the [angry] Pharmacist deciphering it – what medium that transaction happens to be in is irrelevant.
Mistakes get caught, forgeries are spotted, patients feel cared for, and more if the Rx-reading knows and has a good relationship with the Rx-writer. It’s that simple.
Technology helps – the Rx-reader can look up prior Rx’es for said patient and notice changes in dosing/drug that could be obvious mistakes, etc. The Rx-reader can correlate Rx-writers with their Caller-Id using technology, etc.
You know it and I know it that a lot of patients are gonna get sick/die the day that Rx-readers are replaced by a machine.

Comment by Ed Terry on 2011-09-07 14:01:17 -0700 #

My wife’s psychiatrist apparently chooses drugs he prescribes from a drop-down menu or pick-list. We went to the pharmacy one night to pickup a new medication and the pharmacist brought out several box of clomiphene and I almost fainted. At 51, she’s way too old to try to get pregnant. I asked the pharmacist to look at the list he used on his computer, and the brand name of that particular brand of clomiphene was next to the drug the doctor was supposed to prescribe.

25 years ago I was a pharmacist and the people who scared me the most were not the amphetamine and opiate abusers, but the post menopausal women who always wanted the Premarin filled RIGHT NOW! They didn’t want to hear excuses about why I had to call the doctor to obtain authorization for a refill.