Controlled drugs and remote prescribing sit at the most-regulated intersection of UK telehealth. The Misuse of Drugs Regulations 2001 set the framework, the GPhC and CQC layer expectations on top, and clinical defensibility carries the load. This piece walks through which drugs are controlled, what remote prescribing is permitted, and what the audit trail must contain.

Which drugs are controlled — Schedule 2 through 5

UK controlled drugs are categorised under five schedules. Schedule 2 includes opioids, methylphenidate, lisdexamfetamine, amphetamines. Schedule 3 includes tramadol, buprenorphine, some benzodiazepines. Schedule 4 includes anabolic steroids (including testosterone), benzodiazepines (Part 1), some hormonal preparations. Schedule 5 includes preparations of certain Schedule 2 drugs at low concentration.

Remote prescribing rules — when it is permitted, when shared-care kicks in

Remote prescribing of controlled drugs is permitted but the clinical bar is high. GMC and GPhC require that remote prescribing decisions are clinically defensible and properly documented. For Schedule 2 medications, structured initial assessment, ongoing monitoring, and clear shared-care arrangements where applicable are expected practice.

GPhC standards for dispensing CDs from a remote/online model

GPhC publishes standards for registered pharmacies covering governance, staff, environment, services and equipment. Remote/online dispensing of CDs requires: full CD-register procedures, dual-signature controls where required, secure storage, validated delivery with signed-for receipt for Schedule 2-3, and audit trail integrity from prescription receipt to patient delivery.

CQC expectations for digital clinics handling CDs

CQC inspections of digital clinics handling CDs focus on: prescriber qualification and oversight, intake assessment quality, ongoing monitoring documentation, shared-care coordination where applicable, complaints and incident handling, and the integration between clinical record and CD register. Failure on any of these is an immediate finding.

Patient safeguarding requirements specific to remote CD prescribing

Patient safeguarding for remote CD prescribing requires: identity verification (NHS Login or equivalent), red-flag screening, substance-use screening, mental-health screening, and clear escalation pathways. The structured assessment is the safeguard — not the dispensing process downstream.

The audit trail you must keep — paper, digital, both

CD register entries must be made within 24 hours of dispensing under Misuse of Drugs Regulations 2001. The register can be paper or digital with appropriate signature controls. The audit trail must link prescription, dispense, register entry, delivery confirmation, and any incidents. Inspection-ready means exportable and queryable, not just stored.

Key takeaway

CD register entries must be made within 24 hours of dispensing under the Misuse of Drugs Regulations 2001. Late or incomplete entries are one of the most common inspection findings.

For controlled drugs, the structured assessment is the safeguard — not the dispensing process downstream.

Controlled drugs in remote care are not a generic regulatory question — they are a category-specific one. The operators doing this well treat the full pathway (assessment, prescribing, dispensing, monitoring, audit) as one integrated clinical process. The operators doing it badly treat it as four separate ones.