Epic EHR with Imprivata Enterprise Access Management

This resource provides the common clinical workflows and reference architectures for implementing Imprivata Enterprise Access Management for SSO and MFA (formerly OneSign and Confirm ID), and Imprivata Mobile Access Management (formerly GroundControl) solutions with Epic and is intended for:

  • New customers who are implementing for the first time.

  • Existing customers who are:

    • making new investments in clinical or mobile workflows

    • making significant architectural changes, such as migrating from another EMR/EHR

    • implementing Epic Community Connect

    • implementing a virtual desktop (VDI) solution with Enterprise Access Management and Epic EHR.

The reference architectures incorporate common technology components to deliver an end user computing experience that can include:

  • Windows and thin/zero clients

  • Virtual desktop infrastructure (VDI)

  • Application virtualization solutions

Download a PDF of this information.

It is recommended that this help should be used in conjunction with architectural design assistance from an Imprivata pre or post–sales consultant.

The purpose of this information is to help you:

Goal Where to Begin

Select a clinical workflow for your environment.

If you are involved in the design of the end user computing clinical workflow experience, begin with common clinical workstation workflows.

Each workflow includes a list of common clinical settings, such as use in exam rooms or private offices, as well as considerations for each setting.

Understand the Imprivata enterprise architecture

If you are tasked with implementing Imprivata begin with the Imprivata Digital Identity Solutions Overview and Architecture.

This topic describes the various components of the Imprivata digital identity solution and how they can be configured to scale and support thousands of clinical workstations and end users.

Select a technical reference architecture for implementation

 

If you have selected a clinical workstation workflow, review the respective reference architecture for implementation.

Workflows typically include several reference architectures in support of a variety of end-user computing and mobile technologies, including:

  • Application virtualization

  • VDI

  • Thin and zero clients

Imprivata has worked with Epic Systems to develop the Imprivata Connector for Epic Hyperdrive. The Connector leverages Epic's authentication API to provide single sign-on, single sign-off, and fast user switching for Epic Hyperdrive.

Imprivata Enterprise Access Management offers two different configuration options for Epic that can be enabled on a per-workstation basis:

  • SSO for Epic only workflow

    With this workflow, the Windows desktop is always unlocked. Users authenticate to Epic using their fingerprint or proximity card. This workflow is optimized for workstations on which Epic is the most frequently accessed application.

  • SSO for multiple applications including Epic

    With this workflow, the Windows desktop is secured by the Imprivata agent. Users authenticate to EAM using their fingerprint or proximity card. This workflow is optimized for workstations on which Imprivata Single Sign-On is required for multiple applications, including Epic.

EAM can be configured to secure Epic and maintain the patient context or log the user out of Epic with either of these workflows.

NOTE:

In scenarios where EAM performs Fast User Switching into the Epic EMR Hyperdrive client delivered via Citrix, we recommend that the Epic session remain active during times of clinician usage. The utilization of Citrix timeout settings for Epic sessions, or any closure of the Epic session, may impact login times for clinical users because they must wait for the Epic session to reconnect.

Citrix and VDI connection times are unaffected by EAM. When needed, EAM automates the connection to Citrix, but does not reduce the connection time.