Solution Architecture
The HealthCast EPCS solution utilizes several RapidIdentity MFA and HealthCast ExactAccess technology components to deliver its corresponding EPCS capabilities. The ultimate deployment architecture for any HealthCast EPCS implementation will be dependent on several factors, including hardware capacity requirements as well as EMR, VDI and MFA/SSO technologies deployed and their configuration.
The diagram in Figure 1 is representative of one typical solution architecture and is designed to facilitate the user with a general understanding of the solution's major components and how they contribute to the HealthCast EPCS solution.
Citrix Server
The Citrix Server houses Epic Hyperspace and the EPCS plug-ins that aid in the communication between the user and Epic Hyperspace.
Epic Hyperspace is the display element of the Epic residence and is the means in which healthcare providers communicate with Epic, the platform that contains electronic medical records for patients.
EPCS Plug-ins communicate with the Citrix Receiver on the EPCS endpoint and assists in the transfer of the OTP and Biometric data from the user to Epic. Epic Hyperspace communicates with the endpoint to ensure the user is authenticated in order to securely access patient information and clinical applications.
Note
The HealthCast EPCS solution installs communication points for the EPCS endpoint and the Citrix Server to facilitate the necessary interaction between both points.
HealthCast EPCS Server
The HealthCast EPCS Server hosts the RapidIdentity MFA Server and the eXactAccess Server.
RapidIdentity MFA Server
The RapidIdentity MFA Server communicates between the user and the Epic Client to offer the two-step verification process.
The login information from the user through PingMe or Biometric means is authenticated in the RapidIdentity MFA Server from the credentials obtained during enrollment.
Once authenticated, the user can verify who they are in Epic configured authentication contexts, like controlled substance ordering.
ExactAccess Server
The ExactAccess ("XA") Server is the server-side component of the ExactAccess ("XA") solution. It is deployed with the XA Client installation software to provide information and communication between workstations and servers. This feature is necessary for the successful implementation of the XA Solution.
While the XA Server can provide capabilities for a broad range of MFA/SSO capabilities, for the purposes of EPCS, the XA Server is used to provide audit collection services.
EPCS Enrollment Workstation
RapidIdentity MFA Full Clients are deployed on EPCS Enrollment Workstations to be used by an EPCS Enrollment Supervisor for enrolling providers for EPCS and capturing their fingerprints for fingerprint authentication. The clients communicate with the RapidIdentity MFA Server.
EPCS Endpoint
HealthCast ExactAccess Clients are deployed on the EPCS Endpoints for the purpose of gathering provider authentication audit information. These clients communicate with the HealthCast eXactAccess Server.
RapidIdentity MFA Partial Clients are deployed on the EPCS Endpoints and are utilized strictly for fingerprint authentication. The clients communicate with the RapidIdentity MFA Server and the EPCS Plug-ins which in turn interact with Epic Hyperspace.
EPCS Plug-ins are deployed on the EPCS Endpoints. The EPCS Plug-ins facilitate communication with Epic Hyperspace.