Skip navigation
Product & Engineering

Introducing: Duo’s Remote Identity Proofing for Healthcare and EPCS


  • Duo & announce remote identity proofing for healthcare
  • Level of Assurance 3 (LOA3) credential service provider
  • Easy-to-use and privacy-first two-factor authentication and ID proofing solution

Healthcare is one of Duo Security’s fastest growing verticals, and the critical use case in healthcare has been Electronic Prescriptions of Controlled Substances (EPCS) with our Epic Hyperspace integration.

Electronic prescription signing helps patients and physicians with more convenient and accurate prescription delivery, and our physician users love the convenience of using Duo Push to quickly sign prescriptions using their cell phone instead of always carrying hardware tokens or badges.

EPCS is a critical use case for many of our healthcare customers, particularly as states including New York, Maine and Minnesota began requiring strong identity verification (via two-factor authentication) for electronic signing based on DEA guidance.

So our customers came to us with a challenge: make it simple for physicians to remotely fulfill the identity proofing requirements of EPCS, including two-factor authentication (2FA).

EPCS + Duo

Historically, our customers have used the institutional method for enrolling users into our service. In most cases, this means manual, in-person verification of a provider’s identity. Now, manual enrollment might work in inpatient settings where physicians can go visit an IT help desk, but it can also lead to personnel overhead, which can be particularly challenging with extremely busy physicians

However, how do you manually verify the identity of ambulatory physicians at outpatient clinics?

Over the last two decades, consolidation has been the name of the game in healthcare. No longer do hospitals maintain a single campus, they are now a network of outpatient clinics combined with inpatient hospitals, in some cases, across timezones.

Frankly, it’s costly for customers to send employees out to outpatient clinics over the course of weeks or even months to enroll all their users. This often means that the same hospital system will support both paper-based and electronic prescriptions at the same time, creating an administrative burden for physicians, nurses, and pharmacists.

Considering the complexity of two-factor authentication enrollment, it’s no surprise that scaling EPCS is a huge challenge for healthcare customers.

Privacy First

The DEA guidelines around the electronic prescription of controlled substances require identity proofing at Level of Assurance 3 (LOA3), meaning a high level of of confidence in the user’s identity.

At Duo, we have a philosophy of using the least Personally Identifiable Information (PII) possible. Our customers love that about us, as it makes implementation easier, while ensuring that privacy is a number one priority. We also believe that separating authentication from identity is the right security decision to reduce risk.

We began by exploring solutions with the major credit bureau agencies, but we quickly realized that instead of building an integration directly with consumer databases, we could find a strong partner to help us solve this problem.

Duo is proud to announce a partnership with to bring instant, LOA3 identity proofing for EPCS to our healthcare customers.

With over a decade of experience delivering on-demand verification, fraud prevention and risk management solutions to over 55,000 businesses, has proven themselves invaluable to this partnership. We share similar cultural values, from privacy-by-design product mindset to an unwavering focus on customer experience. We look forward to introducing you.

Here’s How It Works

Duo and's ID Proofing Diagram

Who is powers informed trust decisions through instant identity verification and background check services. Their trust and safety platform delivers the fast, customized and scalable technology businesses need to combat fraud and reduce risk all on one platform. As a federally approved CSP, certified by the DEA and FICAM (Federal Identity Credential & Access Management),’s healthcare customers gain peace of mind knowing their identity proofing solutions meet EPCS compliance requirements.

What About Other Industries?

We started this integration to solve healthcare use cases, but we’re excited about future joint opportunities with

Please stay tuned in the upcoming year, as we address additional use cases with identity proofing.