The Trusted Source for
Secure Identity Solutions
The Benefits of EPCS Beyond Compliance
August 15, 2016
An ASSA ABLOY Group brand
Presenters
Sheila Loy
Director Healthcare Solutions
HID Global
Joe Summanen
Technical Architect
Nemours Children’s Health System
Charisse Geslani
Associate Analyst
Nemours Children’s Health System
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Electronic Prescriptions for Controlled Substances
Why offer it?
Prescription Drug Monitoring Programs (PDMP)
State Legislation
Investigations/ Reporting
Compliance… It’s not IF, it’s WHEN
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Electronic Prescriptions for Controlled Substances
Why offer it?
Provider Challenges with Paper Prescriptions




Secure paper and storage process expense
Inconvenient for the prescriber
Negative patient experience
Lost patients – revenue reduction
Telemedicine/ Tele Health
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Electronic Prescriptions for Controlled Substances
Requirements
User experience
Insert + Pin
OTP
Bio
(PKI)
(OTP)
(BIO)
EMR
Electronic Prescriptions for Controlled
Substance EPCS
NIST SP 800-63-2 compliant Identity proofing at level of
assurance 3 with secure credential binding
DEA Compliance using FIPS140-2 validated credential
Must present two factors of authentication within a
certified EPCS module in an EMR platform
Interim Final Ruling
http://www.deadiversion.usdoj.gov/ecomm/e_rx/
The authentication method must be separate from the
device used to write the narcotic prescription
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Nemours Children’s Health System
EPCS and Two-Factor Case Study
• Founded in 1936
• Press Ganey’s 2015 Guardians of Excellence Award
• Nemours Website KidsHealth.org is the most visited website
devoted to Children’s Health in the world
• HIMSS Stage 7 Certified
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Nemours Children’s Health System
EPCS and Two-Factor Case Study
•
•
•
•
Telemedicine Initiative
Innovative and Enhanced Experiences
Be Prepared for Legislation
Trusted Partner
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Nemours Children’s Health System
EPCS and Two-Factor Case Study
•
•
•
•
Credential Management System
Authentication Server
Epic Plug-In
HSM
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
HID EPCS Credential Provisioning Process
Activation letter is
mailed to address on
file to complete LOA3
START
Parallel process
creates checks &
balance
LOA3 check is
Fill online forms on PKI
performed
based in
registration website
information provided
Activation
Letter
Local issuance/remote
issuance station
Credential issued
If LOA3 identity
proofing is
successful
Provision Credential
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Launch Logical
Access in Epic
Successful Solution Deployment Agents
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Nemours Children’s Health System
Project Oversight
 Use Case Discussions
 Proof of Concept Scope
 Documentation
 Pilot Test Group – include physicians
 Feedback Cycles
 Deployment Success
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Nemours Children’s Health System
Leverage the Investment
 Elevate Security and Privacy throughout the organization
 Invest once for myriad use cases
– Remote Access – deploy soft/ mobile tokens or fobs
– VPN Access – deploy soft/ mobile tokens or fobs
– Privileged User, Security Admin – PKI security
 Simple to train
 Simple to use
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Nemours Children’s Health System
Keys to Success
 Bring internal teams and partners together early
 One project management point of contact (owner)
 Proper internal education
 Proliferation of solution availability
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Yes! Security and Convenience
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Summary of Benefits
 DEA Compliance
 Improved patient/ patient family experience
 More secure and efficient workflow for prescribers
 Digital audit trail
 Cost effective ability to institute additional two-factor
authentication use cases
 Increased HIPAA privacy
 Elevated security, without friction
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Why HID Global for Identity Assurance?
 Over 25 years in the user authentication and digital identity business
 Integration with over 30 different eMR/ eHR platforms
 Over 50 million credentials issued by Department of Defense and
Civilian Agencies using our identity management solutions
– GSA Approved Certification Authority cross-certified with the U.S. Federal
Government Bridge Certificate Authority
– FIPS 140-2 Validated Credential offerings
– GSA Approved SP 800-63-2 Level of Assurance 3 Identity Proofing
 Widest variety of authentication methods
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
QUESTIONS?
Trusted Advisor
Sheila Loy
Identity & Access Management, Healthcare
HID Global
M: 952.270.5453 E: sloy@hidglobal.com
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand