HealthCast

High-Level Product Description and Features

HealthCast EPCS is a frictionless, DEA-compliant, Multi-Factor Authentication (MFA) solution for securing electronic prescriptions of controlled substances (EPCS) workflows. The solution supports supervised enrollment and credentialing of providers, multi-factor authentication of providers during signing of e-prescriptions, auditing and reporting of DEA-mandated events, and assists healthcare organizations in meeting EPCS DEA requirements.

Product Features

The solution's features include identification proofing and enrolling, provider authentication, and auditing and reporting.

Identification Proofing and Enrolling

The HealthCast EPCS solution currently supports institutional enrollment for organizations. The HealthCast EPCS solution provides the ability for establishing the role of "EPCS Enrollment Supervisor." This secured role helps ensure the actions around enrollment of providers and issuance of authentication credentials are appropriately supervised.

Note

The "EPCS Enrollment Supervisor" refers to the user who is authorized in RapidIdentity MFA to enroll the HealthCast EPCS providers.

Upon provider credentialing, the EPCS Enrollment Supervisor enrolls the provider in services, such as PingMe and Fingerprint Biometrics to issue the supervised, authenticated credentials.

Authentication for HealthCast EPCS

The solution authenticates the provider during the electronic prescription of controlled substances workflow. The provider is prompted for additional authentication, in which the solution authorizes the provider and allows the prescription process to be completed through its additional layer of identity security.

Auditing and Reporting

HealthCast EPCS assists in capturing and providing the reporting and exporting of the following events:

  • establishment of and modifications to users in the “EPCS Enrollment Supervisor” role

  • authentications of the EPCS Enrollment Supervisor related to any EPCS enrollment processes of providers, with the inclusion of failed authentication attempts

  • authentication of each provider during their EPCS enrollment process, with the inclusion of failed authentication attempts

  • enrollment and issuing of credentials for authenticated EPCS providers for each configured authentication methods: Biometric and/or PingMe

  • modifications to and/or the removal of credentials for enrolled EPCS providers       

  • both successful and failed two-factor authentication transactions for provider signing of EPCS prescriptions

Important

The Healthcast EPCS solution offers the ability to capture and retrieve records related to the events listed above.

It does not capture or provide the reporting and exporting of the following events:

  • actions related to the "EPCS Access Approver" assigning EPCS access controls to providers

    The organization will need to establish their own procedures in establishing that role and capturing, tracking, and reporting on activities related to that role, as well as any setting of, or change to, logical access controls.

  • the Enrollment Supervisor checking providers’ identification

  • attempted unauthorized access to the electronic prescription application