Strong Authentication by Default
Medications, controlled substances, and patient records deserve more protection than a username and password. PharmaLink supports two-factor authentication using time-based one-time passcodes (TOTP), so a compromised password alone cannot open an account. Organizations that manage identity centrally can connect their identity provider through SAML single sign-on, keeping account provisioning, deactivation, and password policy under your existing controls.
Positive Identification at the Point of Dispense
A growing number of states require positive identification of the person performing a dispense. PharmaLink meets this with WebAuthn biometric verification — Face ID, Touch ID, or passkeys — required at the moment of dispensing or inventory adjustment. The requirement is configurable per account: apply it to all dispenses, to controlled substances only, or turn it off where your state does not require it. The result is a dispense record tied to a biometric identity check, not just a login session. Review your state’s rules in our dispensing regulations library.
A Tamper-Evident Record
When a board inspector or auditor asks what happened, the answer should be in the system, not in someone’s memory. PharmaLink keeps append-only user activity logs — entries are added, never edited or deleted — alongside per-record change history showing what changed, when, and by whom. Dedicated audit reports cover patient data access and change history, so you can demonstrate exactly who viewed or modified a patient’s information during any period.
Access Scoped to the Role
Not everyone in the practice needs to see everything. PharmaLink provides granular, per-location role permissions covering dispensing, administration, reports, billing, inventory, and mail order. A dispensing technician at one location, a billing manager across three, and an administrator over the whole group each see exactly what their role requires — and nothing more. Permissions are location-aware, so multi-site groups can delegate confidently.
Documented Acceptance, State by State
Compliance extends to the agreements themselves. PharmaLink maintains versioned Terms of Service and Privacy Policy acceptance records, including state-specific variants, so there is a durable record of which user accepted which version of which document, and when.
Security in Service of Compliance
These controls are not abstract IT policy — they map directly to the obligations of a dispensing practice: verifying who dispensed, protecting patient information, restricting access to controlled inventory, and producing records on demand. Together with automatic PDMP reporting and the audit-ready records in reporting and analytics, they let your program withstand scrutiny without scrambling.
Talk Through Your Requirements
Every state, and every practice, draws these lines a little differently. Contact us to discuss your state’s positive-identification and record-keeping requirements and see how PharmaLink’s controls are configured in practice.