High-Level Product Description and Features
HealthCast EPCS is a frictionless, DEA-compliant, Multi-Factor Authentication (MFA) solution for securing electronic prescriptions of controlled substances (EPCS) workflows. The solution supports supervised enrollment and credentialing of providers, multi-factor authentication of providers during signing of e-prescriptions, auditing and reporting of DEA-mandated events, and assists healthcare organizations in meeting EPCS DEA requirements.
Product Features
The solution's features include identification proofing and enrolling, provider authentication, and auditing and reporting.
Identification Proofing and Enrolling
The HealthCast EPCS solution currently supports institutional enrollment for organizations. The HealthCast EPCS solution provides the ability for establishing the role of "EPCS Enrollment Supervisor." This secured role helps ensure the actions around enrollment of providers and issuance of authentication credentials are appropriately supervised.
Note
The "EPCS Enrollment Supervisor" refers to the user who is authorized in RapidIdentity MFA to enroll the HealthCast EPCS providers.
Upon provider credentialing, the EPCS Enrollment Supervisor enrolls the provider in services, such as PingMe and Fingerprint Biometrics to issue the supervised, authenticated credentials.
Authentication for HealthCast EPCS
The solution authenticates the provider during the electronic prescription of controlled substances workflow. The provider is prompted for additional authentication, in which the solution authorizes the provider and allows the prescription process to be completed through its additional layer of identity security.
Auditing and Reporting
HealthCast EPCS assists in capturing and providing the reporting and exporting of the following events:
establishment of and modifications to users in the “EPCS Enrollment Supervisor” role
authentications of the EPCS Enrollment Supervisor related to any EPCS enrollment processes of providers, with the inclusion of failed authentication attempts
authentication of each provider during their EPCS enrollment process, with the inclusion of failed authentication attempts
enrollment and issuing of credentials for authenticated EPCS providers for each configured authentication methods: Biometric and/or PingMe
modifications to and/or the removal of credentials for enrolled EPCS providers
both successful and failed two-factor authentication transactions for provider signing of EPCS prescriptions
Important
The Healthcast EPCS solution offers the ability to capture and retrieve records related to the events listed above.
It does not capture or provide the reporting and exporting of the following events:
actions related to the "EPCS Access Approver" assigning EPCS access controls to providers
The organization will need to establish their own procedures in establishing that role and capturing, tracking, and reporting on activities related to that role, as well as any setting of, or change to, logical access controls.
the Enrollment Supervisor checking providers’ identification
attempted unauthorized access to the electronic prescription application