Configure Epic Rover

The Epic Rover app benefits from the ability to clear the cache and force stop the application.

When you have deployed Epic Rover app profile with forceStop as the logout method, with the following combination of the ConfigFlags values:

com.epic.rover:forceStop|clearData.

the following logout operation sequence occurs:

1. Imprivata MDA triggers the force stop for Epic Rover.

2. All data for Epic Rover is cleared.

For Epic Rover app logout, Imprivata recommends the clear cache/force stop method. However, Microsoft Intune when configured as a dedicated device with Managed Home Screen, does not support clear cache/force stop.

The alternative is to clear data (which is supported by Intune MHS) which will log out the user. The resulting impact is that a new user will need to accept new user prompts such as the EULA acceptance when they open the app.

Configure the integration between Imprivata MDA and your Epic Rover app to support witness authentication for the administration of medication.

When used with Epic Rover, a second and unknown user can tap their badge during the witness signing workflow to record authorization in the Medication Administration Record (MAR). Imprivata MDA ignores any card taps during the 10 seconds period after dual sign authentication with an NFC card.

Clinical Workflow

The following describes the clinical workflow for witness authentication:

	User 1 is authenticated into Epic Rover using Imprivata MDA on the mobile device. User 1 uses the medication order workflow in Epic Rover, which requires that a second user (User 2) witness and sign off on a medication order. User 1 hands the mobile device to User 2.
	User 2 validates that the medication order information is correct, and clicks Sign Off in the Epic Rover interface.
	Imprivata MDA prompts User 2 to tap their badge.
	User 2 taps their badge. Imprivata MDA authenticates the user. Imprivata MDA injects the credentials for User 2 into the appropriate fields in Epic Rover. To complete the medication order in Epic Rover, User 2 clicks Submit.
	User 2 hands the mobile device back to User 1. User 1 continues to use Epic Rover.

Before You Begin

Requirements

• Install the latest releases of the Epic Rover and Imprivata MDA apps

• Imprivata licenses. This workflow requires Imprivata Confirm ID for Clinical Workflows licenses. For more information see, Imprivata Licensed Features.

• An application profile specifically for the witness authentication workflow must be deployed to the users who will use this functionality.

  See Deploy an Application Profile for the Witness Authentication Workflow.

Limitations

• This workflow does not support multi-factor authentication.

• This workflow does not support Imprivata MDA's face recognition as an authentication method.

• This functionality does not record an event within Imprivata Enterprise Access Management (formerly Imprivata Confirm ID), only in Epic.

  IMPORTANT:

  Evaluate any regulatory needs before deploying, to ensure it conforms to your regional requirements.

Deploy an Application Profile for the Witness Authentication Workflow

To enable the witness authentication workflow, you must deploy a second Epic Rover profile, specifically for the witness authentication workflow:

1. Download the application profiles from the Imprivata Customer Experience Center.

   1. Click Product Downloads > Mobile and click Imprivata Mobile Device Access.

   2. Download the MDA Application profiles (all versions) package.

      Extract the package contents to a location accessible to the Imprivata Admin Console.

2. Import the application profile XML:

   1. In the Imprivata Admin Console, open the Applications menu, and click Single sign-on application profiles.

   2. Click Add App Profile> Import from file.

   3. Browse to the XML file, and import it.

3. Deploy the Epic Rover - Witness Auth profile to the appropriate users.

When you are configuring the Imprivata mobile policy, you can customize the settings to specify which lock screen notifications can appear for Epic.

To remove Epic notifications when there is no logged in user:

1. In the Imprivata Admin Console, open the Computers menu, click Mobile policy, and configure the setting in the Customizations section.

   1. Select Allow lock screen notifications, and then in Messaging and other apps enter the package name for the Epic app where push notifications should be allowed.

      The following attributes are supported for the setting, separated by the pipe character "|":

      • cancelWhenNoUser indicates that MDA will not display a notification on the MDA lock screen when there is no logged in user.

      • skipSound indicates that MDA will not play a notification sound for the app.

      • skipEmptyCategory indicates that MDA will not display empty grouping notifications for alarm notifications and foreground service notifications that don't carry any useful information for the user.

      Example

      Click to enlarge

      

Epic Rover for Android now supports automatically hiding the End User License Agreement for newly provisioned devices using appconfig keys.

For more information, see your Epic documentation: Automatically Accept the End User License Agreement (EULA) for Managed Devices.

To hide the EULA on newly-provisioned devices:

1. In your MDM, add the following key/value pair to the Epic Rover app config settings:

Key	Type	Description
EpicShowEula	boolean	Show or hide the Epic end user license agreement (EULA) screen. Valid values: true, false false - hides the EULA screen for newly-provisioned devices. true - shows the EULA screen for newly-provisioned devices.