Q: What is LOA2?
A: LOA2 is a level of assurance that a person is who they claim to be. The requirements for meeting Level 2 for Identity Proofing have been set by NIST (the National Institute of Standards and Technology). The specific NIST requirements for LOA2 are outlined in this publication: https://pages.nist.gov/800-63-3/sp800-63a.html
Q: Is this the same as what is required for EPCS (Electronic Prescribing of Controlled Substances)?
A: No. The vetting process is similar however EPCS requires a hard token to display a special password for controlled substance prescribing.
- What will a provider be expected to do for LOA2?
A: In order to verify identity to the level required, providers will be asked to answer three questions pertaining to personal financial history through an Experian web link. Having the provider’s personal credit card available (for information purposes only) for LOA2 identity proofing will assist in expediting the process. A copy of a government issued picture ID, such as a driver’s license, will also be required for LOA2. We will continue to require the provider’s NPI and copies of their medical and DEA licenses.
Q: What happens if a provider signs up (with LOA2) and then later wants EPCS?
A: Since EPCS requires a different identity proofing process, the provider would need to follow the full EPCS process and pay the full fee (currently $125) for EPCS if they later elect to obtain EPCS. For this reason, if EPCS may be wanted at a later date the provider may want to consider EPCS instead of LOA2.
- Will a token be issues for LOA2:
A: No, not at this time (a hard token is only required for EPCS)
Q: Will providers still be able to designate Provider Agents under LOA2?
A: Yes, at this time providers, as permitted by their state’s regulations, will continue to be able to designate Provider Agents.
Q: Can a prescriber skip LOA2 and just do all paper prescriptions?
A: While a provider within Sevocity is not required to send any prescriptions electronically, all providers with prescribing rights are required to be on the Surescripts network in order to have access to Sevocity. As such, all prescribing providers added to Sevocity will still have to undergo LOA2.
Q: What about existing providers?
A: Existing providers with prescribing rights within Sevocity as of 12/31/17 are grandfathered and will not be required to undergo identity proofing with LOA2.
Q: If a provider received identity proofing with another EHR will they still need to undergo Sevocity’s LOA2 identity proofing?
A: Yes, the Surescripts requires each EHR to independently follow the required identity proofing for their new providers.
Q: If a provider undergoes identity proofing for Provider-Patient Data Exchange (DIRECT) with Sevocity will they also have to do the LOA2 identity proofing?
A: Yes, at this time the requirements are different for these two programs and the separate identity proofing will be required. However, we will be reviewing the two requirements to see if it may be possible in the future to combine them.
Q: If a provider is deactivated and later is reactivated in the practice will they be required to undergo LOA2 again?
A: No, once a provider undergoes LOA2 and then is deactivated, they will not need to undergo LOA2 again upon reactivation. Note: this is different from start-up fees, which may be required for reactivation depending upon the period of deactivation.
Important note: if a customer was grandfathered from the LOA2 process initially and is later deactivated at some point, they will be required to go through the LOA2 process upon reactivation.
Q: When does the LOA2 process start? The LOA2 process has been in effect since January 1, 2018.
Confidentiality Notice: This document may contain confidential information. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this document is STRICTLY PROHIBITED. If you have received this document in error, please immediately notify Sevocity at 877-777-2298.