Skip navigation

Duo Security is now a part of Cisco

About Cisco

University of Colorado Health (UCHealth)

“Our clinicians loved the simplicity of Duo Push to their phone or smartwatch to approve prescriptions.”
— Dr. CT Lin, Chief Medical Information Officer (CMIO)

Highlights

UCHealth is one of the largest healthcare systems in the Colorado area

Duo helped UCHealth significantly improve the patient experience, while saving thousands of dollars by eliminating paper-based prescriptions

Duo’s phenomenal success with clinicians gave UCHealth the confidence to expand its usage to remote access and other sensitive applications

Company Overview

University of Colorado Health (UCHealth) is a nonprofit health care system that includes 10 hospitals and more than 400 clinics throughout Colorado, southern Wyoming and western Nebraska. U.S. News ranks UCHealth’s hospitals in northern Colorado, Poudre Valley Hospital and Medical Center of the Rockies, among the top 10 hospitals in Colorado. The UCHealth system includes more than 4,000 practitioners and thousands of patients who receive care every year at one of their health facilities.

Business Challenges

UCHealth’s mission is to improve lives: in big ways through learning, healing and discovery, and in small personal ways through human connection. UCHealth measures success by patient health outcome and satisfaction. Along these lines, one major area that needed improvement was how patients are prescribed and receive their medications. UCHealth explored the benefits of moving from paper prescriptions to electronic prescriptions. The cost and management of paper prescriptions was high – tamper-resistant paper used for prescriptions, for example, costs up to $1 per sheet. In addition, there was a high cost burden to secure and manage tamper-resistant paper. The paper had to be put inside locked drawers. Other costs include mailing, printing, duplicate prescriptions (if lost) and crossover (if doctors were not in the office, another doctor had to write the prescription). It was estimated that mailing and printing alone cost one of UCHealth’s clinics $10,000 to $15,000 per month.

Technical Challenges

Even though the benefits of electronic prescriptions outweigh those of paper prescriptions, UCHealth had to consider the impact of the Electronic Prescription of Controlled Substances (EPCS) regulation. One EPCS requirement is that organizations must use a multi-factor authentication (MFA) solution to prescribe controlled medications. UCHealth tested several solutions. They quickly eliminated key fob-based solutions because they were not convenient to use for clinicians. They considered a fingerprint-based solution, but the overall cost was too high. At UCHealth, clinicians are mobile and not bound to a workstation. They can be in the emergency department, in their office, at a local clinic or at home. Investing in 4,000-plus fingerprint devices (one for each possible workstation that a clinician could work at), and the additional cost to manage and deploy them wasn’t feasible.

The Solution

UCHealth deployed Duo Access for their Epic application, which they use to approve e-prescriptions of controlled substances. UCHealth found Duo’s push-based authentication for prescription approval was easiest to use compared to any other authentication solutions they had tested. Previously, clinicians could only issue prescriptions during work hours from the hospital or clinic. Without access to tamper-proof paper, patients couldn’t get a refill during nights or weekends. Patients had to either wait until the doctor was back in the office or their doctor had to request another colleague to sign-off on the prescriptions. In both scenarios patients had a poor experience, since their wait time was several hours to days.

With Duo, clinicians could approve prescriptions from anywhere, improving the patient experience. UCHealth’s Dr. CT Lin said, “our clinicians loved the simplicity of Duo Push to their phone or smartwatch to authenticate.”

Before they started rolling out Duo, UCHealth also had to meet the ID proofing requirements laid out in EPCS. The process was a little easier after deploying an Electronic Health Record (EHR) application since they had already checked the identity of and documented every clinician on staff that was granted access to the EHR. For address verification, they created an internal portal where clinicians can input their mobile number and Epic credentials, and this information is verified against the information in their database.

UCHealth started with a small group of pilot users to gather feedback. After a successful pilot phase, they opened enrollment for all users. Within weeks, thousands of users enrolled to use Duo to approve e-prescriptions. The enrollment was fast, partly because user feedback was positive. In fact, Duo’s success elevated users’ expectations for other IT projects. They expect more user friendly products such as Duo.

After the success of EPCS project, UCHealth is looking to expand Duo to other use cases, such as secure access to VPN to prevent attackers from remotely accessing internal resources. Another driver to expand the usage of Duo is to satisfy partner requirements. Some organizations, Anthem, for example, will only partner with organizations that are secured and protected with MFA.

Ready to Get Started?

Try out Duo Access for 30 days for the complete Unified Access Security experience.