Date of Award
Doctor of Philosophy (PhD)
Graduate School of Computer and Information Sciences
Michael J. Laszlo
A critical component of a physician's duties is prescribing medication to his or her patients. This process is handled by the physician writing a prescription for a medication and having the medication dispensed to the named patient. A review of federal law reveals no requirement that the prescription be issued on any type of specific written instrument such as safety paper, multi-part forms, or other standardized documents.
Because of the lack of adequate controls, there is a serious problem with false and altered prescriptions being issued within the United States. A 1994 study by the White House Office of National Drug Control estimated that there was two billion dollars spent annually on illegal prescription drugs that would have otherwise been spent to support legitimate activities in the overall domestic economy. Hospital records show that from 1990 through 1995, there has been a steady and alarming increase in overdoses of prescription medication. The United States Drug Enforcement Administration has estimated that in 1993 approximately 25 billion dollars in prescription drugs were sold illegally, compared to a government estimate of 31 billion dollars spent that year on cocaine. A large percentage of these drugs originate from altered prescriptions.
The mechanics of prescription fraud can take many forms. These include forgery of the physician's signature, alteration of the dosage or quantity of medication found on a legitimate prescription, phone-in prescription fraud, and theft of prescription blanks. Recent developments in the computer field have resulted in computer assisted cryptographic methods that can authenticate users, signatures, and the contents of electronic messages. One such method is a public key cryptographic system (PKCS). This technology allows data to be encrypted over public networks and allows the recipient of the message to definitively authenticate and verify both the contents and the sender of the message.
The goal of this investigation was to develop a theoretical schema that uses a public key cryptographic system to authenticate every prescription written by a licensed physician and prevent any alteration to its contents. The schema also addresses implementation, connectivity, security, privacy, and the economic issues that are associated with this type of system. The theoretical schema consists of a model that addresses specific hardware, operating software, general configuration, implementation, and technical requirements for both the users of the system and the peripheral equipment that is required by the physician and pharmacist in order to operate in an effective manner. It also addresses connectivity issues associated with the dynamic Internet or asynchronous communications link between the physician's desktop computer and the pharmacist's office computer. Security and privacy issues specifically address the encryption and decryption mechanisms that are in place in order to make sure that the prescription information is secure and authentic. It also consists of requirements for public-key encryption and software authentication, explores existing products that make use of this technology, incorporates the products into the theoretical schema, and addresses the configuration issues required in order to setup the software with an appropriate and functional level security. Finally, the theoretical schema addresses the issues of password and public-key maintenance. Economic issues focus on the costs required to implement and maintain the system and potential revenue streams that exist within the market-place if the captured prescription drug data is sold to interested third-parties such as pharmaceutical or healthcare marketing companies.
The technical components of the schema were validated by creating a prototype system that provided the necessary encryption for a physician and pharmacist. The system demonstrated that public-key cryptography could be used to encrypt, transmit, decrypt, and authenticate prescriptions sent between pharmacists and physicians. The system also demonstrated that the prescriptions can be generated quickly and that the actual encryption and decryption process could be performed is less than one second. The economic issues were validated by computing the actual cost of implementing the system using existing products and comparing these costs against the estimated costs available from the federal government associated with prescription drug fraud. Finally, the potential acceptance of the system was evaluated by distributing and correlating the results of a survey that was distributed to both physicians and pharmacists.
The results showed that a public-key cryptographic system will eliminate prescription fraud by providing positive authentication of every prescription received by the pharmacist, and that the contents of the prescription could not be altered between the time it was written by the physician and received by the pharmacist. The investigation showed that the system was not expensive to develop or use. It also showed that the majority of the users (physicians and pharmacists) will be reluctant to embrace the technology; however, younger and more computer-literate users, as well as those users who perceive that a significant problem with prescription drug fraud already exists, were more likely to accept and use the technology.
Donald R. Lemma. 1999. A Theoretical Model for a Prescription Drug Public Key Cryptographic System. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (668)