Features

Security & Compliance

Layered authentication, biometric positive identification, and a tamper-evident audit trail protect every dispense.

Strong Authentication by Default

Medications, controlled substances, and patient records deserve more protection than a username and password. PharmaLink supports two-factor authentication using time-based one-time passcodes (TOTP), so a compromised password alone cannot open an account. Organizations that manage identity centrally can connect their identity provider through SAML single sign-on, keeping account provisioning, deactivation, and password policy under your existing controls.

Positive Identification at the Point of Dispense

A growing number of states require positive identification of the person performing a dispense. PharmaLink meets this with WebAuthn biometric verification — Face ID, Touch ID, or passkeys — required at the moment of dispensing or inventory adjustment. The requirement is configurable per account: apply it to all dispenses, to controlled substances only, or turn it off where your state does not require it. The result is a dispense record tied to a biometric identity check, not just a login session. Review your state’s rules in our dispensing regulations library.

A Tamper-Evident Record

When a board inspector or auditor asks what happened, the answer should be in the system, not in someone’s memory. PharmaLink keeps append-only user activity logs — entries are added, never edited or deleted — alongside per-record change history showing what changed, when, and by whom. Dedicated audit reports cover patient data access and change history, so you can demonstrate exactly who viewed or modified a patient’s information during any period.

Access Scoped to the Role

Not everyone in the practice needs to see everything. PharmaLink provides granular, per-location role permissions covering dispensing, administration, reports, billing, inventory, and mail order. A dispensing technician at one location, a billing manager across three, and an administrator over the whole group each see exactly what their role requires — and nothing more. Permissions are location-aware, so multi-site groups can delegate confidently.

Documented Acceptance, State by State

Compliance extends to the agreements themselves. PharmaLink maintains versioned Terms of Service and Privacy Policy acceptance records, including state-specific variants, so there is a durable record of which user accepted which version of which document, and when.

Security in Service of Compliance

These controls are not abstract IT policy — they map directly to the obligations of a dispensing practice: verifying who dispensed, protecting patient information, restricting access to controlled inventory, and producing records on demand. Together with automatic PDMP reporting and the audit-ready records in reporting and analytics, they let your program withstand scrutiny without scrambling.

Talk Through Your Requirements

Every state, and every practice, draws these lines a little differently. Contact us to discuss your state’s positive-identification and record-keeping requirements and see how PharmaLink’s controls are configured in practice.

Ready to start dispensing?

Most practices are up and running within days of submitting their application. Talk to a PharmaLink specialist about the right dispensing program for your practice, or call us at (888) 222-2671.