On February 21, the DEA implemented multi-factor authentication (MFA) on their registrant data server. This is an important change since the DEA server is the only primary source location available to access or download DEA data. This new security layer was implemented to protect the personally identifiable information (PII) of the registrants.
The MFA system sends a token to the email of record for the registration used when accessing their server. This security feature requires registrants to keep the email address associated with their DEA registration up to date. Any changes to this email of record must be made with the DEA.
The MFA security tokens are good for about 10 or 15 minutes, and once authenticated the sessions on their server remain valid for about 1 hour - after which a new login and MFA code is required.
For larger organizations, it has been quite a challenge just locating the individual who receives these MFA token emails. And even once located - if the credentialing and validation teams are large - receiving a token to one individual's email is not a practical solution.
This security change also means that credentialing organizations without a registration can no longer access the DEA data server using the physician's credentials - which is presenting quite a challenge. As the MFA system is a manual login method, it also impacts organizations wanting to automate their credentialing and validation processes.
There is an alternative method for reaching the DEA data server, which is the new Registrants Dataset Access (RDA) system. Once approved, this system removes the need for MFA token emails. This system requires a separate application approval process - which can be a bit confusing to navigate. The DEA is also takes a few weeks to processes these requests, making it important to get the applications right the first time.
At DEA Lookup, we have been working extensively since this new security approach was implemented. All of our software options are fully compatible with the various DEA data server access methods. If you have questions about how our software can help your organization, or if you need help applying for the new RDA access to their data servers, email us at customerservice@dealookup.com.
Return to News Home
