Skip navigation

Effective October 28, 2019 Duo Security will be transitioning to Cisco's Privacy Statement. View the Duo Privacy Data Sheet.

Product & Engineering

Duo Security Integrates with Epic to Secure E-Prescriptions for Health IT

Two-Factor Authentication for E-Prescriptions

In order to help healthcare providers meet e-prescription requirements as mandated by the U.S. Drug Enforcement Agency (DEA), Duo Security now provides two-factor authentication security for healthcare organizations that send and receive prescriptions for controlled substances electronically with Duo Authentication for Epic.

Two-factor authentication is a required security control for healthcare providers that need to comply with the Electronic Prescriptions for Controlled Substances (EPCS) standards in order to send and receive prescriptions electronically.

Two Factor for Epic EHRs

We now offer a new integration to our healthcare customers with Epic Systems Corp., a major electronic health record (EHR) software provider used across the nation to digitally collect, store, process and exchange many different types of patient health information.

Wisconsin-based Epic Systems is the leading EHR provider for over a thousand major medical groups, hospitals and integrated healthcare organizations.

Epic keeps track of millions of patients nationwide, partnering with other software companies and small firms in the effort to digitize health records. The federally-led initiative to move from paper health records to digital is backed by incentive-based programs which include payments for physicians and hospitals that demonstrate ‘meaningful use’ of certified EHRs as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Epic EHRs are certified by the latest Office of the National Coordinator for Health Information Technology (ONC) criteria for hospital and provider domains (search for certified healthcare products here).

Epic Certified for E-Prescriptions Epic in SureScripts' E-Prescribing Software Vendors list

Mandatory E-Prescribing Regulations By State

E-prescribing is an integral function of EHR software, as many states have realized, with benefits that include less paperwork, the preservation of prescription authenticity, and a reduction in medication errors caused by illegible handwritten prescriptions or misheard oral prescriptions.

New York is one state that recognizes these potential benefits, as they’ve passed legislation to mandate the use of e-prescriptions across their healthcare providers, prompting major organizations to seek out security controls to meet EPCS compliance by the deadline just a few months away - March 27, 2015.

Two years ago, New York passed legislation amending Title 10 NYCRR Part 80 Rules and Regulations on Controlled Substances to require pharmacies and physicians to prescribe controlled substances electronically, and abide by the DEA’s EPCS compliance guidelines.

Rochester General and Stanford Children’s Hospital are two of those major healthcare providers based in New York, and some of the first customers to use Duo Authentication for Epic in order to employ two-factor authentication to meet the DEA’s security requirements.

Security Streamlined for Healthcare Professionals

While an effective security tool, two-factor authentication and other security solutions can be seen as an extra challenge to healthcare professionals' already complicated workflows that often involve traveling and using many different devices.

Other two-factor authentication solutions require healthcare professionals to type in a second passcode to authenticate, which can slow down the e-prescription process.

But with Duo's two factor, physicians, nurses and other healthcare staff can quickly digitally sign e-prescriptions by using a device they already carry - a smartphone. Duo Mobile, our authentication mobile app, allows healthcare professionals to tap an approve button sent via push notification. Learn more about Duo Push.

Or, they can choose to authenticate using phone callback, which calls a phone number they choose and allows them to authenticate by pressing a certain key. Duo also works with hardware tokens that meet FIPS 140-2 Level 1 compliance, the National Institute of Standards and Technology (NIST)'s Security Requirements for Cryptographic Modules (PDF) (also required for EPCS compliance).

Learn more about Duo Authentication for Epic.

Want more information about health IT and two-factor authentication? Check out: Securing E-Prescription Applications & Identity-Proofing A Medley of State Healthcare Data Laws: Insurance Encryption & 2FA for E-Prescriptions