Why you need two-factor authentication for your Epic system
DEA regulations mandate the use of two-factor authentication when a prescription for a controlled substance is submitted electronically. That means that all EPCS enabled electronic prescribing systems must support such technology and all authorized prescribers (such as physicians and nurse practitioners) must be equipped with appropriate security tools.
In practical terms, all users of Epic Hyperspace that wish to prescribe controlled substances electronically need to possess one of the two-factor authentication tools/devices as required by the DEA.
What is two-factor authentication?
VASCO DIGIPASS Plug-In for Epic Hyperspace
DIGIPASS Authentication for Epic Hyperspace is a software module that integrates with your Epic System to provide FIPS Compliant and DEA approved two-factor authentication for your users authorized to issue prescriptions for controlled substances.
How it works
The two-factor authentication technology replaces insecure static passwords with strong, constantly changing passwords in accordance with DEA’s requirements. You easily generate a one-time password by pressing the button on your DIGIPASS hardware token or launching the DIGIPASS for Mobile app on your phone. A one-time password is valid for a limited time. At each login you will create a new DIGIPASS password.
VASCO’s DIGIPASS Authentication for Epic Hyperspace solution is comprised of three components:
- IDENTIKEY Authentication Server -- A Server-side software
- VASCO Epic Plug-in (client-side .NET module that integrates with Epic Hyperspace)
- VASCO DIGIPASS client-side authentication devices (hardware or mobile tokens);
PKI devices and biometric options are also supported. Please note that these modalities are the only ones allowed by DEA for EPCS.
Why choose VASCO?
- Guaranteed Compliance – VASCO offers the only one-time password hardware token that is FIPS 140-2 Level 2 Certified and satisfies the DEA requirements for EPCS.
- No additional development work - take advantage of the VASCO Epic Hyperspace Plug-in. VASCO has done all development work so you don’t have to, drastically reducing the cost and complexity of implementation and support. With no need for additional databases or servers, you can get up and running quickly, and with minimal resources.
- Easier Audit Process - VASCO's FIPS 140-2 Level 2 Certified authenticator fulfills EPCS and Stage 3 meaningful use requirements, and the robust reporting capabilities of our backend IDENTIKEY platform deliver a comprehensive audit trail that can ease the third-party audit process.
- Remote Identity Proofing – In addition to FIPS compliant two-factor authentication, VASCO offers NIST compliant identity proofing service as required by DEA for EPCS.
- One Authenticator, Many Apps - No one wants to carry 2, 3 or 10 tokens. With VASCO’s solutions healthcare providers can equip staff with a single hard or mobile token that can be used to conveniently and securely access all applications throughout the healthcare organization.
- Multiple Authentication Modalities - VASCO offers the most comprehensive portfolio of DEA-approved authentication modalities, including hardware, mobile and PKI authenticators; all supported on a single authentication platform.
- Long-term Savings – VASCO’s FIPS Compliant DIGIPASS GO 7 token has an average life span of 10+ years and no artificial expiration date.
- Branding, Packaging and Fulfillment Services – All hardware and mobile authenticator can be customized with your logo and colors; custom packaging with user instructions can also be developed. Full service inventory control and fulfillment is offered by VASCO to ease the distribution process.