The Department of Justice recently announced some big changes regarding access to the Controlled Substance Act Registrant database. We’ve adapted accordingly and want to help you stay up-to-date! Here’s what you need to know about those changes and what that means for your organization when monitoring for compliance.

What’s changing with the DEA database?

Effective November 17, 2020, the National Technical Information Service (NTIS) will no longer distribute the dataset from the Controlled Substance Act Registrant database. This dataset will be made available directly from the Drug Enforcement Administration, updated nightly, and made available at no charge.

I need to perform a DEA number lookup, how can I access the dataset?

In order to access the dataset, an applicant must fit into one of 3 categories:

1. The applicant is a DEA Registrant (Entities registered under the Controlled Substance Act).

DEA Registrants will have access to the same dataset that was available from NTIS through an enhancement of the DEA Validation Tool found on the DEA Diversion Registration webpage. Registrants are able to conduct a registration validation of another registrant, a feature that already exists, or download a dataset file that can be used in a self-designed system. 

2. For parent organizations of those entities registered under the Controlled Substance Act, and those entities with federal or state statutory requirements.

Entities within this category will have access to the same files that were available from NTIS through a secure link. Entities are required to apply to DEA, providing identifying information and a detailed explanation for the need and use of the information. DEA will review each application and approve or deny the same based on the information provided. If approved, the applicant will be issued a username and password, as well as the link to access and download a text file that once downloaded, can be used in a self-designed system. 

3. Entities Providing Credentialing or Verification services to the Healthcare Industry

Entities will be required to apply to DEA, providing identifying information and a detailed explanation for the need-to-know and use of the information. If approved, the applicant will be issued a username and password, as well as the link to access and download a text file that once downloaded, can be used in a self-designed system.

How has ProviderTrust responded to changes in the DEA verification process?

ProviderTrust is accessing the dataset under the third category. Our clients can rest assured knowing that we have successfully applied for access to the dataset and have ensured that DEA license verifications through Passport and Dash have continued to process as usual.

If I don’t monitor DEA licenses with ProviderTrust, What does this mean for me?

If you are a current DEA Registrant or belong to a parent organization of a DEA Registered Entity, you should have no problem successfully applying for and receiving access to the dataset.

If you do not fit into one of those categories and you can demonstrate a need-to-know, you can apply for access to the Limited Dataset that does not contain DEA Numbers or Expiration Dates.

We believe that a smarter healthcare makes a safer healthcare and recommend partnering with a third party vendor to ensure that DEA License Verifications are done thoroughly and correctly for your organization.


Make sure you’re covered with our Compliance Monitoring Checklist.

Get the Checklist