Ensuring secure, streamlined multifactor authentication workflows for remote access and EPCS

Key facts

Location: California

Beds: 447

EHR: Epics

Challenges

  • Mitigate risks of phishing and other cyberattacks
  • Comply with EPCS regulations
  • Protect PHI and other information

Results

  • Improved security of remote access workflows
  • End-to-end EPCS compliance
  • Consistent and efficient multifactor authentication experiences, regardless of workflow

El Camino Hospital is a 447-bed hospital system with locations in Mountain View and Los Gatos, California. El Camino has more than 4,000 employees, including more than 1,000 physicians.

The team at El Camino was tasked with the same challenge that many healthcare organizations are contending with – they need to ensure security and compliance at their organization without sacrificing efficient workflows. Specifically, they were looking to ensure secure and efficient authentication workflows for their users – both clinical and non-clinical.

When El Camino began exploring multifactor authentication solutions, they knew there were some baseline needs they needed to address. They were looking for a solution that would: 

  • Help safeguard against unauthorized remote access
  • Protect PHI and other data from increasingly sophisticated cyber attacks
  • Increase security of admin and privileged level access
  • Comply with new regulations that required multifactor authentication, like electronic prescribing for controlled substances (EPCS)

“When we assessed our IT security posture, we recognized the opportunity to add multifactor authentication for remote network access as a key component to safeguarding PHI and other sensitive data from unauthorized access,” says James Brummett, Director, Technical Services at El Camino Hospital. While security and compliance were the intended goals of a multifactor authentication solution, the team at El Camino also knew that without clinical efficiency at its core, the project was unlikely to succeed. 

“While improving security was a key goal, the biggest factor in our selection process was that we be able to ensure efficient workflows for our users – especially our care providers,” says Dr. Craig Joseph, interim CMIO at El Camino Hospital. “Keeping enrollment and re-enrollment simple, offering multiple authentication methods, and ensuring minimal impact were necessary for success.”

The solution

After evaluating multiple solutions and weighing their criteria, El Camino looked to Imprivata Confirm ID® for their multifactor authentication needs. In Imprivata Confirm ID, El Camino gained a solution that enabled:

  • Convenient, easy-to-use authentication methods, including push token notification
  • A comprehensive authentication platform for all applications and workflows, due to their use of Imprivata OneSign®
  • End-to-end compliance for EPCS
  • Easy implementation and deployment

>Imprivata Confirm ID ticked all the boxes for the requirements we had,” says Joseph. “Being able to support multiple workflows with the same platform allowed us to deliver efficient, near-frictionless authentication experiences to our providers.”

Remote access

Imprivata Confirm ID for Remote Access has empowered El Camino to take on critical security and workflow challenges by enabling secure and convenient multifactor authentication for remote access workflows.

EPCS

Imprivata Confirm ID for EPCS is the most comprehensive platform for provider identity proofing, supervised enrollment, two-factor authentication, and auditing and reporting. For El Camino – and other healthcare organizations who have deployed the solutions – this means that care providers are able to efficiently prescribe controlled substances electronically while meeting DEA requirements.

Implementation

El Camino was able to roll out both Imprivata Confirm ID for Remote Access and Imprivata Confirm ID for EPCS in approximately three months. In support of that timeline, and key to their success, the team made sure to build in numerous communications about each project, including flyers and targeted emails among other methods.

Remote access

Making security frictionless at El Camino started with a straightforward enrollment process – users were able to self-enroll, or they could choose to have help desk-assisted enrollment. Whichever they chose, though, enrollment in Imprivata Confirm ID for Remote Access was a simple process.

“Further simplifying enrollment was the ease with which users could enroll multiple authentication modalities, including Imprivata ID,” says Brummett. “It was crucial that we allowed our users to have access to more than one option so that security would be as simple as possible.”

At initial go-live, El Camino had 1,281 of their 1,553 scoped users enrolled. That quickly grew to more than 1,700 users enrolled for remote access.

EPCS

The team at El Camino had identified their emergency department physicians for a soft launch, followed by a second group of controlled substances-prescribing physicians.

Regardless of number of physicians being enrolled, though, the team at El Camino needed to make sure that their enrollment and identity proofing process was done efficiently and in a manner that complied with DEA requirements. Before physicians can prescribe controlled substances electronically and be issued two-factor authentication credentials, the DEA requires that an identity proofing process take place so that their identities can be validated.

“With Imprivata Confirm ID for EPCS, the perceived complexities of the DEA regulations are just that – perceived,” says Joseph. “It had built-in workflows that made identity proofing, enrollment, and putting logical access controls in place very simple. For that reason, we felt confident in our ability to roll out the solution quickly and effectively.”

At their soft go-live, 50 emergency department physicians were enabled for EPCS. More than 300 physicians can prescribe controlled substances electronically, with the possibility of enrolling up to 500 more.

Results

El Camino had set out to ensure security and compliance at their organization without sacrificing workflow efficiency. With Imprivata Confirm ID in place, El Camino accomplished this while also:

  • Significantly improving security of remote access workflows
  • Ensuring end-to-end EPCS compliance
  • Providing consistent and efficient multifactor authentication
    experiences across workflows

“With Imprivata Confirm ID, we’ve solved for our multifactor authentication needs,” says Joseph. “We’re able to keep our organization and patients secure, while keeping our providers happy. It’s a win-win.”

PDF: