Imprivata Documentation | Imprivata Enterprise Access Management (OneSign) 24.2 | Topic updated: June 04, 2024

Planning an Imprivata Confirm ID Implementation

Some aspects of the Imprivata Confirm ID implementation need to be planned in advance.

Familiarize Yourself with Imprivata Confirm ID User Types

Imprivata Confirm ID workflows impact several types of users within your organization. When planning your implementation, it is critical that you understand these different user types and the roles they perform. Later in your Imprivata Confirm ID implementation, ensure that each user is assigned to a user policy that is only associated with the workflows they need to use. Imprivata Confirm ID workflows and the allowed authentication methods for each are configured in the Imprivata Confirm ID workflow policy.

User Type	Role(s)
Enrollment supervisor	Witnesses and attests to a provider's enrollment of authentication methods
Provider	E-prescribes controlled substances E-prescribes non-controlled substances Signs orders Co-signs orders
Provider	E-prescribes non-controlled substances Signs orders Co-signs orders
DEA Registrant	From within the EMR application, approves providers who have enrolled authentication methods for e-prescribing controlled substances
Remote Access User	Any user who must log into your network remotely via a VPN gateway.

Confirm Your EMR Application's Supported Workflows

Contact your electronic medical record (EMR) application provider to confirm the workflows that their software has integrated with Imprivata Confirm ID. Additionally, review Imprivata Enterprise Access Management Supported Components for the supported versions of each EMR application and medical device.

Review Supported Enrollment and Authentication Devices

Imprivata Confirm ID requires the use of specific types of hardware for enrollment and authentication. See Imprivata Confirm ID Authentication Methods.

Fingerprint Readers

A fingerprint reader must be connected to each computer on which fingerprint enrollment and/or Imprivata Confirm ID authentication via fingerprint will occur.

A FIPS-compliant fingerprint reader is required for the following:

Enrolling authentication methods for e-prescribing controlled substances.
Authenticating providers when signing electronic orders containing controlled substances.

Hands Free Authentication Hardware Requirements

Signing electronic orders with Hands Free Authentication via Imprivata ID requires an Imprivata ID USB Receiver connected to each Windows endpoint on which order signing will occur. The USB receiver must be installed near where a provider will sign orders, and it cannot be obstructed, such as in a metal enclosure. An Imprivata ID USB Receiver is not required to be connected during Imprivata ID enrollment.

Providers who will be signing electronic orders with Hands Free Authentication via Imprivata ID require an iOS or Android device with the following:

iOS Requirements

iOS 11 or later installed.
An active Internet connection is required to enroll Imprivata ID, as well as to send log files to Imprivata.
Hands Free Authentication:
- Bluetooth enabled.
- Access to Location Services (Always).
- An active Internet connection is not required for Hands Free Authentication or manual token code entry.
Remote Access:
- Notifications enabled.
- An active Internet connection is required for push notifications.
Secure Walk Away
- iPhone 6s or later.
- Access to Location Services (Always), Bluetooth Sharing, and Motion & Fitness is required.
QR code for direct access to the download page on the iTunes App Store:

Android Requirements

Android 6 or later installed.
An active Internet connection is required to enroll Imprivata ID, as well as to send log files to Imprivata.
Hands Free Authentication:
- Bluetooth enabled.
- An active Internet connection is not required for Hands Free Authentication or manual token code entry.
Remote Access:
- Notifications enabled.
- An active Internet connection is required for push notifications.
Secure Walk Away:
- Samsung Galaxy S7 or later.
- Google Pixel 1 or later.
- OnePlus 6 or later.
- Bluetooth enabled.
QR code for direct access to the download page on Google Play:

For complete information and requirements for Hands Free Authentication for Imprivata Confirm ID, see Hands Free Authentication for Imprivata Confirm ID.

Proximity Card Readers

A proximity card reader must be connected to each computer on which proximity card enrollment and/or workflows with proximity card will occur.

OTP Tokens

Symantec VIP credentials, VASCO OTP tokens, and external OTP tokens can be used for authenticating with Imprivata Confirm ID.

NOTE: Providers who are identity proofed with DigiCert cannot be assigned RSA tokens or use RSA tokens to e-prescribe controlled substances.

CAUTION:

When configuring external OTP tokens that are allowed for e-prescribing controlled substances, you are required to attest that the OTP token server is FIPS-compliant and that OTP tokens are properly enrolled per DEA EPCS regulations. This action is logged in the Imprivata audit records. FIPS 140-2 Level 1 compliant tokens are required when used to e-prescribe controlled substances. See Configuring External OTP Tokens for more information.

Install and Configure Imprivata Confirm ID

Configuring Imprivata Confirm ID involves different steps depending on whether you are new to Imprivata or already have Imprivata OneSign.

See Configuring Imprivata Confirm ID