Configure Epic Rover with Imprivata MDA

Epic Rover benefits from the ability to clear the cache and force stop the application.

For a deployed Epic Rover app profile with forceStop as the logout method, with the following combination of the ConfigFlags values:

...,com.microsoft.teams:clearCache|forceStop, com.epic.rover:clearData, com.microsoft.teams:forceStop,....

it results in the following logout operation sequence:

1. Imprivata MDA triggers the force stop for Epic Rover.

2. Clears the cache for the Teams app.

3. Force stops the Teams app.

4. Clears all data for Epic Rover.

5. Force stops the Teams app again.

For Epic Rover logout, Imprivata recommends the clear cache/force stop method. However, Microsoft Intune when configured as a dedicated device with Managed Home Screen, does not support clear cache/force stop.

The alternative is to clear data (which is supported by Intune MHS) which will log out the user. The resulting impact is that a new user will need to accept new user prompts such as the EULA acceptance when they open the app.

When you are configuring the Imprivata mobile policy, you can customize the settings to specify which lock screen notifications can appear for Epic.

To remove Epic notifications when there is no logged in user:

1. In the Imprivata Admin Console, open the Computers menu, click Mobile policy, and configure the setting in the Customizations section.

   1. Select Allow lock screen notifications, and then in Messaging and other apps enter the package name for the Epic app where push notifications should be allowed.

      The following attributes are supported for the setting, separated by the pipe character "|":

      • cancelWhenNoUser indicates that MDA will not display a notification on the MDA lock screen when there is no logged in user.

      • skipSound indicates that MDA will not play a notification sound for the app.

      • skipEmptyCategory indicates that MDA will not display empty grouping notifications for alarm notifications and foreground service notifications that don't carry any useful information for the user.

      Example

      Click to enlarge

      

Configure the integration between Imprivata MDA and your Epic Rover application to support witness authentication for the administration of medication.

When used with Epic Rover, a second and unknown user can now tap their badge during the witness signing workflow to record authorization in the Medication Administration Record (MAR). Imprivata MDA ignores any card taps during the 10 seconds period after dual sign authentication with an NFC card.

Clinical Workflow

The following describes the workflow:

	User 1 is authenticated into Epic Rover using Imprivata MDA on the mobile device. User 1 uses the medication order workflow in Epic Rover, which requires that a second user (User 2) witness and sign off on a medication order. User 1 hands the mobile device to User 2.
	User 2 validates that the medication order information is correct, and clicks Sign Off in the Epic Rover interface.
	Imprivata MDA prompts User 2 to tap their badge.
	User 2 taps their badge. Imprivata MDA authenticates the user. Imprivata MDA injects the credentials for User 2 into the appropriate fields in Epic Rover. To complete the medication order in Epic Rover, User 2 clicks Submit.
	User 2 hands the mobile device back to User 1. User 1 continues to use Epic Rover.

Before You Begin

Requirements

• The latest releases of Epic Rover and Imprivata MDA must be installed.

• This workflow requires Imprivata Confirm ID for Clinical Workflows licenses. For more information see, Imprivata Licensed Features.

• An application profile specifically for the witness authentication workflow must be deployed to the users who will use this functionality.

  See Deploy an Application Profile for the Witness Authentication Workflow.

Limitations

• This workflow does not support multi-factor authentication.

• This functionality does not record an event within Imprivata Enterprise Access Management (formerly Imprivata Confirm ID), only in Epic.

  IMPORTANT:

  Evaluate any regulatory needs before deploying, to ensure it conforms to your regional requirements.

Deploy an Application Profile for the Witness Authentication Workflow

To enable the witness authentication workflow, you must deploy a second Epic Rover profile, specifically for the witness authentication workflow:

1. Download the application profiles from the Imprivata Customer Experience Center.

   1. Click Products > Imprivata OneSign. Open the Product Downloads list, and click Imprivata Mobile Device Access.

   2. Download the MDA Application profiles (all versions) package.

      Extract the package contents to a location accessible to the Imprivata Admin Console.

2. Import the application profile XML:

   1. In the Imprivata Admin Console, open the Applications menu, and click Single sign-on application profiles.

   2. Click Add App Profile> Import from file.

   3. Browse to the XML file, and import it.

3. Deploy the Epic Rover - Witness Auth profile to the appropriate users.