Duo helps protect confidential patient information by integrating with Epic’s EHR to provide secure remote access that’s tailored to the needs of the healthcare industry.
When your users log into your EHR, Duo’s two-factor authentication solution helps you identify an individual, then checks the security health of their device before granting access.
Trusted Endpoints lets you secure access to your EHR systems and support your BYOD policies by allowing you to detect personal, employee-owned devices. Administrators can use Duo’s out-of-the-box integration with Citrix Netscaler Gateway and VMware Horizon View.
“Duo has provided us with security for our remote users when connecting to our infrastructure as well our internal employees when using security applications. It offers great reporting and granular security controls.”— Ilya Solovey, IT Administrator, Managed Health Care Associates
Duo’s solution can help you meet healthcare data regulatory compliance. The Health Insurance Portability and Accountability Act (HIPAA) recommends the use of strong access controls to any system providing access to patient data.
Healthcare organizations are required to meet federal regulations, known as Electronic Prescriptions for Controlled Substances (EPCS) compliance for e-prescribing, ID proofing, reporting and analysis.
Duo has partnered with Inflection.com to help healthcare organizations securely and accurately verify an individual physician’s identity remotely. A quick online identity verification allows busy healthcare professionals to continue work as usual.
After identity verification, physicians can enroll with Duo and digitally sign e-prescriptions via push notifications on their smartphones. With one tap, physicians can approve e-prescriptions using the Duo Mobile app. Doctors can also use a variety of other authentication methods, like soft or hard tokens and U2F.
Plus, administrators can use Duo’s out-of-the-box integration with Epic Hyperspace’s e-prescription workflow for quick and easy setup. Duo also provides security reports for auditing, tracking and compliance.
Note: [Duo’s one-time passcodes generated via SMS and callback methods are not FIPS-140-2 compliant. Current versions of Duo Mobile for iOS 6 and above, Android, and Windows Phone do generate FIPS 140-2 Level 1 validated OTP passcodes.
For the purposes of EPCS, choose between Duo Push, U2F (YubiKey hard tokens), OTP hard tokens, or FIPS 140-2 validated hardware token to help meet your compliance team’s interpretation of the Federal EPCS Guidelines.]
Download Duo's CISO guide to get a detailed account of one healthcare CISO's experience with a zero-trust security model.