Skip navigation

Effective October 28, 2019 Duo Security will be transitioning to Cisco's Privacy Statement. View the Duo Privacy Data Sheet.


Secure Remote Access to Patient Records

When your users log into your EHR, Duo’s two-factor authentication solution helps you identify an individual, then checks the security health of their device before granting access.

Trusted Endpoints lets you secure access to your EHR systems and support your BYOD policies by allowing you to detect personal, employee-owned devices. Administrators can use Duo’s out-of-the-box integration with Citrix Netscaler Gateway and VMware Horizon View.

Two-Factor Authentication for HIPAA Compliance

Duo’s solution can help you meet healthcare data regulatory compliance. The Health Insurance Portability and Accountability Act (HIPAA) recommends the use of strong access controls to any system providing access to patient data.

Two-Factor Authentication for EPCS Compliance

Healthcare organizations are required to meet federal regulations, known as Electronic Prescriptions for Controlled Substances (EPCS) compliance for e-prescribing, ID proofing, reporting and analysis.

Duo has partnered with to help healthcare organizations securely and accurately verify an individual physician’s identity remotely. A quick online identity verification allows busy healthcare professionals to continue work as usual.

After identity verification, physicians can enroll with Duo and digitally sign e-prescriptions via push notifications on their smartphones. With one tap, physicians can approve e-prescriptions using the Duo Mobile app. Doctors can also use a variety of other authentication methods, like soft or hard tokens and U2F.

Plus, administrators can use Duo’s out-of-the-box integration with Epic Hyperspace’s e-prescription workflow for quick and easy setup. Duo also provides security reports for auditing, tracking and compliance.

Note: [Duo’s one-time passcodes generated via SMS and callback methods are not FIPS-140-2 compliant. Current versions of Duo Mobile for iOS 6 and above, Android, and Windows Phone do generate FIPS 140-2 Level 1 validated OTP passcodes.

For the purposes of EPCS, choose between Duo Push, U2F (Yubikey hard tokens), OTP hard tokens, or FIPS 140-2 validated hardware token to help meet your compliance team’s interpretation of the Federal EPCS Guidelines.]

  • “Our primary gain was the implementation of electronic prescription of controlled substances, which requires a two-factor authentication by government mandate.”

    — Anonymous, Security Officer, Large Enterprise Healthcare Company
  • “We have increased awareness of the need for more secure access. We also are able to provide clients and patients with the knowledge that we employ leading systems.”

    — Anonymous, IT Vice President, Medium Enterprise Healthcare Company

Duo Security's Guide to Securing Patient Data

Download this guide to learn more about how to prevent a potential attack on patient data.

Get the Guide