Diversion Control Division, US Department of Justice, Drug Enforcement Administration

Title 21 Code of Federal Regulations

PART 1311 —REQUIREMENTS FOR ELECTRONIC ORDERS AND PRESCRIPTIONS

Subpart A General

Section 1311.01 Scope.

Section 1311.02 Definitions.

Section 1311.05 Standards for technologies for electronic transmission of orders.

Section 1311.08 Incorporation by reference.


§1311.01 Scope.

This part sets forth the rules governing the creation, transmission, and storage of electronic orders and prescriptions.


§1311.02 Definitions.

Any term contained in this part shall have the definition set forth in section 102 of the Act (21 U.S.C. 802) or part 1300 of this chapter.


§1311.05 Standards for technologies for electronic transmission of orders.

(a) A registrant or a person with power of attorney to sign orders for Schedule I and II controlled substances may use any technology to sign and electronically transmit orders if the technology provides all of the following:

(1) Authentication: The system must enable a recipient to positively verify the signer without direct communication with the signer and subsequently demonstrate to a third party, if needed, that the sender's identity was properly verified.

(2) Nonrepudiation: The system must ensure that strong and substantial evidence is available to the recipient of the sender's identity, sufficient to prevent the sender from successfully denying having sent the data. This criterion includes the ability of a third party to verify the origin of the document.

(3) Message integrity: The system must ensure that the recipient, or a third party, can determine whether the contents of the document have been altered during transmission or after receipt.

(b) DEA has identified the following means of electronically signing and transmitting order forms as meeting all of the standards set forth in paragraph (a) of this section.

(1) Digital signatures using Public Key Infrastructure (PKI) technology.

(2) [Reserved]


§1311.08 Incorporation by reference.

(a) These incorporations by reference were approved by the Director of the Federal Register in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. Copies may be inspected at the Drug Enforcement Administration, 600 Army Navy Drive, Arlington, VA 22202 or at the National Archives and Records Administration (NARA). For information on the availability of this material at the Drug Enforcement Administration, call (202) 307-1000. For information on the availability of this material at NARA, call (202) 741-6030 or go to: http://www.archives.gov/federal_register/code_of_federal_ regulations/ibr_locations.html.

(b) These standards are available from the National Institute of Standards and Technology, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, 100 Bureau Drive, Gaithersburg, MD 20899-8930, (301) 975-6478 or TTY (301) 975-8295, inquiries@nist.gov, and are available at http:// csrc.nist.gov/. The following standards are incorporated by reference:

(1) Federal Information Processing Standard Publication (FIPS PUB) 140-2, Change Notices (12-03-2002), Security Requirements for Cryptographic Modules, May 25, 2001 (FIPS 140-2) including Annexes A through D; incorporation by reference approved for Sec. Sec. 1311.30(b), 1311.55(b), 1311.115(b), 1311.120(b), 1311.205(b).

(i) Annex A: Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules, September 23, 2004.

(ii) Annex B: Approved Protection Profiles for FIPS PUB 140-2, Security Requirements for Cryptographic Modules, November 4, 2004.

(iii) Annex C: Approved Random Number Generators for FIPS PUB 140- 2, Security Requirements for Cryptographic Modules, January 31, 2005.

(iv) Annex D: Approved Key Establishment Techniques for FIPS PUB 140-2, Security Requirements for Cryptographic Modules, February 23, 2004.

(2) Federal Information Processing Standard Publication (FIPS PUB) 180-2, Secure Hash Standard, August 1, 2002, as amended by change notice 1, February 25, 2004 (FIPS 180-2); incorporation by reference approved for Sec. Sec. 1311.30(b) and 1311.55(b).

(3) Federal Information Processing Standard Publication (FIPS PUB) 180-3, Secure Hash Standard (SHS), October 2008 (FIPS 180-3); incorporation by reference approved for Sec. Sec. 1311.120(b) and 1311.205(b).

(4) Federal Information Processing Standard Publication (FIPS PUB) 186-2, Digital Signature Standard, January 27, 2000, as amended by Change Notice 1, October 5, 2001 (FIPS 186-2); incorporation by reference approved for Sec. Sec. 1311.30(b) and 1311.55(b).

(5) Federal Information Processing Standard Publication (FIPS PUB) 186-3, Digital Signature Standard (DSS), June 2009 (FIPS 186-3); incorporation by reference approved for Sec. Sec. 1311.120(b), 1311.205(b), and 1311.210(c).

(6) Draft NIST Special Publication 800-63-1, Electronic Authentication Guideline, December 8, 2008 (NIST SP 800-63-1); Burr, W. et al.; incorporation by reference approved for Sec. 1311.105(a).

(7) NIST Special Publication 800-76-1, Biometric Data Specification for Personal Identity Verification, January 2007 (NIST SP 800-76-1); Wilson, C. et al.; incorporation by reference approved for Sec. 1311.116(d).

[75 FR 16310, Mar. 31, 2010]

NOTICE: This is an unofficial version. An official version of this publication may be obtained directly from the Government Printing Office (GPO).

Emergency Disaster Relief
National Prescription Drug Take Back Day. Turn in your unused or expired medication for safe disposal here.
RX Abuse Online

U.S. DEPARTMENT OF JUSTICE  •  DRUG ENFORCEMENT ADMINISTRATION
Diversion Control Division  •  8701 Morrissette Drive  •  Springfield, VA 22152  •  1-800-882-9539

DOJ Legal Policies and Disclaimers    |    DOJ Privacy Policy    |    FOIA    |    Section 508 Accessibility