Manage Your EPCS Account, Tokens, and Password
After registering for electronic prescribing for controlled substances (EPCS), you can manage your EPCS account and authentication tokens in the Exostar Token Management tool. You can also reset your EPCS password with help from an eRx Administrator.
Contents
Open Exostar Token Management
Use the Exostar Token Management tool to add a new token to your EPCS account, remove or resync an existing token, or manage your backup phone number.
Open the Rx Queue
Click on the Rx Queue tab in PCC EHR to open PCC eRx.
Go to My Settings
Click on the “My Settings” link in the top navigation bar to open your personal PCC eRx settings.
Open Exostar Token Management
Click on the “Exostar Token Management” button to open the tool.
Read on to learn which actions you can take within Exostar Token Management.
Authenticate to Unlock Other Actions
Before you can take most actions in Exostar Token Management, you must validate your identity by entering a one-time code from your hard token, soft token, or backup phone number – whichever method you have available.
Authenticate with Your Hard Token
To authenticate using your hard token, scroll to the Manage Token section of Exostar Token Management and click the “Authenticate” button. Then, enter a one-time password from your token into PCC eRx and click “Authenticate”.
Authenticate with Your Soft Token
To authenticate using your soft token, scroll to the Manage Mobile Credential section of Exostar Token Management and click the “Authenticate” button. Then, approve the request from the Authy app on your phone or enter a one-time password from your soft token into PCC eRx and click “Authenticate”.
Authenticate with Your Backup Phone Number
To authenticate using your backup phone number, scroll to the Manage Phones section of Exostar Token Management and click the “Authenticate” button. You will receive a call or a text from Exostar with a one-time password. Enter the one-time password into PCC eRx and click “Authenticate”.
After authenticating, you can take other actions in Exostar Token Management.
Add a New or Replacement Token
You can use the Exostar Token Management tool to add a new or replacement token to your EPCS account. This is useful when you need to replace a lost or broken hard token, set up a soft token using a new cell phone number, or configure a soft token for the first time after having skipped that step in the EPCS registration process.
Order New Hard Tokens from PCC: If your practice needs to order new hard tokens, contact PCC Support. PCC orders hard tokens from Exostar at no cost to you. Once ordered, Exostar ships hard tokens directly to your practice, generally in less than two weeks.
Add a Soft Token to Your EPCS Account
Set up your smartphone as a factor of authentication for EPCS.
Grab Your Hard Token and Your Smartphone
Get your EPCS hard token and smartphone in hand.
You will need to enter a one-time password from your hard token to unlock the rest of the actions in Exostar Token Management.
You will need your smartphone in order to set it up as a soft token.
Open Exostar Token Management
Click the “Exostar Token Management” button on the My Settings page in PCC eRx.
Exostar Token Management opens in a new window over PCC eRx.
Scroll to the Manage Token Section
Go to the Manage Token section within Exostar Token Management.
You will use the “Authenticate” button in this section and your EPCS hard token to validate your identity and unlock the other actions in Exostar Token Management.
Authenticate to Unlock Other Actions
Click the “Authenticate” button in the Manage Token section of Exostar Token Management.
The “Authenticate” button prompts you to validate your identity by entering a one-time password from your hard token. Grab your hard token, press the button to generate a one-time password, then type it into the token management window.
After you successfully authenticate, you can access the other actions in Exostar Token Management, including the option to add a new soft token.
No Hard Token? Authenticate Using Your Backup Phone Number: If you don’t have a hard token configured for EPCS, you can unlock the rest of the actions in Exostar Token Management using one of the backup phone numbers for your account. Scroll to the Manage Phones section to view those numbers and authenticate using one of them.
In Manage Mobile Credential, Click “Add Credential”
Scroll to the Manage Mobile Credential section of the page and click the “Add Credential” button to add a new soft token to your account.
Enter Your Cell Phone Number and Confirm Your Email
Set the country where your cell phone number was issued, type in your phone number, and confirm that the correct email address is listed.
You do not need to use any punctuation when typing in your phone number.
Click “Register Phone”
Click the “Register Phone” button to save your contact information and initiate the part of the process that takes place on your smartphone.
A blue loading bar labeled “Registration in progress…” will display in PCC eRx until you have finished the steps on your smartphone.
Tap the Authy Notification on Your Smartphone
Pick up your smartphone and tap the push notification from Authy to open the app.
No Notification? Open the App Manually: If you have the Authy app installed but do not receive a push notification, open Authy manually instead by tapping the app icon on your home screen.
Don’t Have the Authy App? Download it Now: If you do not have the Authy app installed on your smartphone, you will receive a text message with a download link instead of a push notification. Open the text message, click on the link, and install the Authy app before moving on to the next step.
Tap the Notification Icon in the Authy App
Tap the notification bell icon in the Authy app.
The red counter on the notification bell indicates that you have a new request to add a token.
No Notification? Finish Set Up Manually: If the notification bell in the Authy app does not display a red counter but you can see the PCC eRx soft token on your screen, click the ‘X’ beside the blue loading bar in PCC eRx, then enter a one-time password from your soft token into the “Soft OTP” field to finish registering your smartphone as your soft token for EPCS.
Approve the Pending Request
Tap the pending request from PCC eRx to approve it. Then, tap the green “Approve” button to confirm.
Once you approve the pending request, your smartphone becomes registered as a soft token for EPCS in PCC eRx.
Request Timeout: If the pending request from PCC eRx times out before you have a chance to approve it, tap “Exit” in the top left corner of your phone screen, click the ‘X’ beside the blue loading bar in PCC eRx, then enter a one-time password from your soft token into the “Soft OTP” field in PCC eRx.
Click “Cancel” to Save and Close Exostar Token Management
When you have finished adding the soft token to your account, click the “Cancel” button at the bottom of the window to save your work and exit Exostar Token Management.
Once registered, your soft token is bound to your identity, phone number, and device. Only you may use it as a second factor of authentication when sending electronic prescriptions for controlled substances from PCC eRx.
Add a Hard Token to Your EPCS Account
Add a hard token as a factor of authentication for EPCS.
Grab Your Hard Token and Your Smartphone
Get your EPCS hard token and smartphone in hand.
You will need to enter a one-time password from the soft token on your smartphone to unlock the rest of the actions in Exostar Token Management.
You will need your hard token in order to register it as an authentication method for EPCS.
No Soft Token? Authenticate Using Your Backup Phone Number: If you don’t have a soft token configured on your smartphone, you can unlock the rest of the actions in Exostar Token Management using one of the backup phone numbers for your account. You can see those numbers in the Manage Phones section of Exostar Token Management.
Open Exostar Token Management
Click the “Exostar Token Management” button on the My Settings page in PCC eRx.
Exostar Token Management opens in a new window over PCC eRx.
Scroll to the Manage Mobile Credential Section
Go to the Manage Mobile Credential section within Exostar Token Management.
You will use the “Authenticate” button in this section and the soft token on your smartphone to validate your identity and unlock the other actions in Exostar Token Management.
Authenticate to Unlock Other Actions
Click the “Authenticate” button in the Manage Mobile Credential section of Exostar Token Management.
The “Authenticate” button prompts you to validate your identity by approving a request in the Authy app or entering a one-time password from your soft token. Grab your smartphone and approve the Authy request, or open your soft token and type it into the “Soft OTP” field in the token management window.
After you successfully authenticate, you can access the other actions in Exostar Token Management, including the option to add a new hard token.
No Soft Token? Authenticate Using Your Backup Phone Number: If you don’t have a soft token configured on your smartphone, you can unlock the rest of the actions in Exostar Token Management using one of the backup phone numbers for your account. Scroll to the Manage Phones section to view those numbers and authenticate using one of them.
In Manage Token, Click “Add Token”
In the Manage Token section of Exostar Token Management, click the “Add Token” button to add a new hard token to your account.
Enter Your Hard Token’s Serial Number
Enter the serial number from the back of your hard token into PCC eRx.
Enter Two One-Time Passwords from Your Hard Token
Press the button on your hard token to generate a one-time password, then enter it into the field labeled “One-Time Password 1”.
Press the button a second time to generate another password, then enter it into the field labeled “One-Time Password 2”.
Both fields are required to resync your token.
Click “Submit”
Click the “Submit” button to finish registering your hard token.
Click “Cancel” to Save and Close Exostar Token Management
When you have finished adding the hard token to your account, click the “Cancel” button at the bottom of the window to save your work and exit Exostar Token Management.
Once registered, your hard token is bound to your identity. Only you may use it to validate your identity when sending electronic prescriptions for controlled substances from PCC eRx.
Remove a Token
If you lose access to one of your tokens, deactivate and remove it from your EPCS account so that you can add back a replacement.
Open Exostar Token Management
Click the “Exostar Token Management” button on the My Settings page in PCC eRx.
Exostar Token Management opens in a new window over PCC eRx.
Authenticate to Unlock Other Actions
Using your hard token, your soft token, or your backup phone number, whichever method you have available, authenticate your identity and unlock the other actions in Exostar Token Management.
To authenticate using your hard token, scroll to the Manage Token section and click the “Authenticate” button. Then, enter a one-time password from your token into PCC eRx and click “Authenticate”.
To authenticate using your soft token, scroll to the Manage Mobile Credential section and click the “Authenticate” button. Then, approve the request from the Authy app on your phone or enter a one-time password from your soft token into PCC eRx and click “Authenticate”.
To authenticate using your backup phone number, scroll to the Manage Phones section and click the “Authenticate” button. You will receive a call or a text from Exostar with a one-time password. Enter the one-time password into PCC eRx and click “Authenticate”.
After authenticating, you can take other actions in Exostar Token Management.
Deactivate Your Token
To deactivate your hard token, click “Deactivate Token” in the Manage Token section.
To deactivate your soft token, click “Deactivate” in the Manage Mobile Credential section.
Record the Reason
Document your reason for deactivating your token, then click the “Deactivate” button to complete the process.
Click “Cancel” to Save and Close Exostar Token Management
When you have finished removing the token from your account, click the “Cancel” button at the bottom of the window to save your work and exit Exostar Token Management.
After you deactivate a token, you can add back a replacement for it.
Resync a Token
When PCC eRx stops accepting one-time passwords from your hard token, you can try resyncing it to restore your ability to use it as a factor of authentication for EPCS.
Grab Your Hard Token
Get your hard token in hand. You will need it to complete the resync.
Open Exostar Token Management
Click the “Exostar Token Management” button on the My Settings page in PCC eRx.
Exostar Token Management opens in a new window over PCC eRx.
In Manage Token, Click “Resync Token”
Scroll to the Manage Token section and click the “Resync Token” button.
Enter Two One-Time Passwords from Your Hard Token
Press the button on your hard token to generate a one-time password, then enter it into the field labeled “One-Time Password 1”.
Press the button a second time to generate another password, then enter it into the field labeled “One-Time Password 2”.
Both fields are required to resync your token.
Click “Resync Token”
Click the “Resync Token” button after entering both passwords.
If you receive an error message, try again, double-checking to make sure that you are entering the passwords correctly.
Click “Cancel” to Save and Close Exostar Token Management
When you have finished resyncing your token, click the “Cancel” button at the bottom of the window to save your work and exit Exostar Token Management.
After resyncing, try sending an electronic prescription for a controlled substance to see if it has been restored. If resyncing does not restore use of your hard token, contact PCC Support.
Manage the Backup Phone Number for Your EPCS Account
You can set up a phone number as a backup authentication method for your EPCS account in case you lose access to both your hard and soft tokens. While you cannot use the backup phone number to send prescriptions for controlled substances, you can use it to authenticate in Exostar Token Management so that you can add new tokens back to your account and resume prescribing.
PCC recommends setting up at least one phone number when you register for EPCS, but you can update your backup phone number settings at any time in Exostar Token Management.
Add a Backup Phone Number
You can add one or several phone numbers as backup authentication methods for your EPCS account. You can use these phone numbers to authenticate and unlock the other actions in Exostar Token Management, which is especially useful if you lose access to both of your EPCS tokens and want to set up new ones without having to go through the Exostar identity proofing process a second time.
Open Exostar Token Management
Click the “Exostar Token Management” button on the My Settings page in PCC eRx.
Exostar Token Management opens in a new window over PCC eRx.
Authenticate to Unlock Other Actions
Using your hard token, your soft token, or your backup phone number, whichever method you have available, authenticate your identity and unlock the other actions in Exostar Token Management.
To authenticate using your hard token, scroll to the Manage Token section and click the “Authenticate” button. Then, enter a one-time password from your token into PCC eRx and click “Authenticate”.
To authenticate using your soft token, scroll to the Manage Mobile Credential section and click the “Authenticate” button. Then, approve the request from the Authy app on your phone or enter a one-time password from your soft token into PCC eRx and click “Authenticate”.
To authenticate using a backup phone number already connected to your account, scroll to the Manage Phones section and click the “Authenticate” button. You will receive a call or a text from Exostar with a one-time password. Enter the one-time password into PCC eRx and click “Authenticate”.
After authenticating, you can take other actions in Exostar Token Management.
In Manage Phones, Click “Add Phone”
In the Manage Phones section, click the “Add Phone” button to add a new number to your account as a backup authentication method.
Choose a Delivery Method
Choose how you want to receive messages from Exostar at this number.
Depending on your selection, Exostar will either text or call you with an authentication code when you use your backup phone number to unlock your account.
Enter Your Cell Phone Number
Set the country where your cell phone number was issued and type in your phone number twice to confirm it.
You do not need to use any punctuation when typing in your phone number.
Click “Send Code”
Click the “Send Code” button to prompt Exostar to send you an authentication code.
If you entered your phone number correctly, you will receive a phone call or text from Exostar with your authentication code.
Resend Code: If you do not receive a code, check that you entered your phone number correctly. If your number is correct, click “Resend Code” and wait to receive a different code. If you do not receive a code after a second attempt, contact PCC Support for assistance.
Enter the Code into PCC eRx
Answer the call or open the text from Exostar, then type your authentication code into the “One-Time Password Code” field in PCC eRx.
Click “Submit”
Submit the code to finish adding your phone number as a backup authentication method for your EPCS account.
Click “Cancel” to Save and Close Exostar Token Management
When you have finished adding your phone number as a backup authentication method, click the “Cancel” button at the bottom of the window to save your work and exit Exostar Token Management.
Delete a Backup Phone Number
You can remove old backup phone numbers from your EPCS account.
Open Exostar Token Management
Click the “Exostar Token Management” button on the My Settings page in PCC eRx.
Exostar Token Management opens in a new window over PCC eRx.
Authenticate to Unlock Other Actions
Using your hard token, your soft token, or your backup phone number, whichever method you have available, authenticate your identity and unlock the other actions in Exostar Token Management.
To authenticate using your hard token, scroll to the Manage Token section and click the “Authenticate” button. Then, enter a one-time password from your token into PCC eRx and click “Authenticate”.
To authenticate using your soft token, scroll to the Manage Mobile Credential section and click the “Authenticate” button. Then, approve the request from the Authy app on your phone or enter a one-time password from your soft token into PCC eRx and click “Authenticate”.
To authenticate using your backup phone number, scroll to the Manage Phones section and click the “Authenticate” button. You will receive a call or a text from Exostar with a one-time password. Enter the one-time password into PCC eRx and click “Authenticate”.
After authenticating, you can take other actions in Exostar Token Management.
Find the Phone Number to Delete
Scroll to the Manage Phones section of the screen and find the phone number you wish to delete from your account.
Click “Delete Phone”
Click the “Delete Phone” button next to the phone number you wish to delete.
This removes the phone number as a backup authentication method for your EPCS account.
If you deleted the only backup phone number that was listed, add a new one right away to ensure that you will be able to unlock your account settings in Exostar Token Management even if you lose access to both of your EPCS tokens.
Click “Cancel” to Save and Close Exostar Token Management
When you have finished deleting the backup phone number from your account, click the “Cancel” button at the bottom of the window to save your work and exit Exostar Token Management.
Change Your Delivery Method
When you set up a phone number as a backup authentication method to unlock Exostar Token Management, you can choose whether you want to receive your one-time passwords by text or phone call. You can change that delivery method preference later in the Manage Phones section of Exostar Token Management.
Open Exostar Token Management
Click the “Exostar Token Management” button on the My Settings page in PCC eRx.
Exostar Token Management opens in a new window over PCC eRx.
Authenticate to Unlock Other Actions
Using your hard token, your soft token, or your backup phone number, whichever method you have available, authenticate your identity and unlock the other actions in Exostar Token Management.
To authenticate using your hard token, scroll to the Manage Token section and click the “Authenticate” button. Then, enter a one-time password from your token into PCC eRx and click “Authenticate”.
To authenticate using your soft token, scroll to the Manage Mobile Credential section and click the “Authenticate” button. Then, approve the request from the Authy app on your phone or enter a one-time password from your soft token into PCC eRx and click “Authenticate”.
To authenticate using your backup phone number, scroll to the Manage Phones section and click the “Authenticate” button. You will receive a call or a text from Exostar with a one-time password. Enter the one-time password into PCC eRx and click “Authenticate”.
After authenticating, you can take other actions in Exostar Token Management.
Find the Phone Number to Update
Scroll to the Manage Phones section of the screen and find the phone number to update with a different delivery method.
In the Delivery Method Column, Click the “Change” Link
Click the blue “Change” link in the Delivery Method column beside the phone number whose settings you want to update.
The delivery method toggles to the option that was not previously selected.
Click “Cancel” to Save and Close Exostar Token Management
When you have finished changing your delivery method, click the “Cancel” button at the bottom of the window to save your work and exit Exostar Token Management.
Reset Your EPCS Password
If you lost or forgot your EPCS password, ask an eRx Administrator at your practice to help you reset it.
eRx Administrator Steps
First, an eRx Administrator resets the prescriber’s password.
Open PCC eRx Administration
On the Rx Queue tab in PCC EHR, click “Administration”.
Open EPCS Setup
Click on the “EPCS Setup” link.
Find the Prescriber
Search for the prescriber by last name.
Edit the Prescriber
Click the “Edit” link on the prescriber’s account.
Reset the Prescriber’s Password
Click the “Reset EPCS Password” button.
The screen updates with a message showing that the prescriber can reset their password.
Prescriber Steps
Next, the prescriber chooses a new password.
Open My Settings in PCC eRx
On the Rx Queue in PCC EHR, click “My Settings”.
Create a New EPCS Password
Click the “Reset EPCS Password” button, then create a new password that meets all of the criteria.
Click the “Submit” button to save the new password.
Close the Window
Once you have successfully reset your password, click “Cancel” to close the window and exit the workflow.
Never Revoke Your EPCS Account
Never Revoke Your Account: Never click the “Revoke Account” button in Exostar Token Management. If you believe you might need to take that action, contact PCC Support first.