VERGENCE TM : TECHNICAL DATA SHEET DATASHEET PRODUCT OVERVIEW With the move from paper charts to electronic medical records, caregivers have been slowed down by passwords and searching for the same patient in multiple applications. was purpose-built for healthcare to eliminate clicks, simplify authentication, and bring patient records to caregivers in about the time it takes to flip the page on a chart. It delivers this by unifying single sign-on, role-based application access, context management, multi-factor authentication and centralized auditing into a fully integrated, clinical workstation solution. Key features: Single sign-on with fast user switching Patient context management Re-authentication for rapid order signing Role-based access with patient-centric system navigation Fast application access Web-based administration Intuitive wizard for point-and-click application enablement Plug-and-play connectivity with over 120 HL7 CCOW-compliant applications including AllScripts, Cerner, Epic,and GE Extensible toolkit for connecting to any application Device independence via Citrix, Terminal Server, and VDI, including session roaming Scalable and reliable with automated load balancing and fail over 1
Way2Care TM Way2Care enables readers to work with to further simplify and speed access to electronic medical records. With the tap of a badge, physicians and other caregivers can unlock a workstation or thin client device, launch their primary EHR, call a roaming VDI session, sign orders, and then lock the device. It is simple, fast, and secure. Key features: Works with your existing passive proximity badges Simply tap to logon, sign orders, and lock a workstation Configurable and centrally controlled one tap authentication grace period Supports session roaming with a tap of the badge from Windows clients End user badge self-enrollment Privacy Auditor TM Privacy Auditor is an advanced auditing solution that allows healthcare organizations to monitor caregiver access to electronic health records. When used in conjunction with the clinical workstation solution which includes single sign-on (SSO), two-factor authentication, and context management, Privacy Auditor is able to track application access by user across the enterprise and provide analysis as to who has viewed what patient records, when, where, and how often. Key Features: Increase controls for regulatory compliance (e.g. HIPAA, SB 541, etc.) Accelerate time to complete external and internal audits Centrally monitor access to electronic patient records across multiple applications Help protect patient privacy and strengthen internal controls Gain insight into how systems are being used 2
ARCHITECTURE Figure 1. Architecture XP, Win 7, Citrix, RDS, VDI Authentication & Identification Devices Authenticator Web Tools SSO/Context Modules Vault Web Administration Reporting Bridge Wizard Launchpad / Application Management Server/Vault Active Directory User Network IDs & Credentials Workstation Group Membership Context Manager Way2Care Cache Vault Admin & Audit Services Central Configuration Services Application Bridge Store Encrypted Credential Store Load Balance, Fail-Over, Back-up, Synchronization, & SNMP Services AUDIT DATABASE Arising out of experience with fetal monitoring systems where uptime is critical and downtime intolerable, is a highly-available, fault-tolerant system. The core consists of a set of self-contained servers called Vaults, available as either physical or virtual appliances, that run a locked-down operating system with automated redundancy. Over the past twelve years, this architecture has been refined based on hundreds of deployments, including tens of thousands of users at some of the largest deployments of single sign-on (SSO) in healthcare, to provide caregivers with anytime access to this mission-critical system. On the client side, a small layer of software called Desktop Components resides on any combination of thick client computers, virtual desktops, and application presentation servers, including Citrix, Microsoft Hyper-V, VMware, and Windows Terminal Server (WTS). Application credentials are stored on the Vault using AES 128-bit encryption and transmitted securely to the point of care, providing single sign-on to participating applications. For a single view spanning multiple applications, Privacy Auditor captures and stores access and usage data in an external SQL database where beyond the five pre-packaged reports, the data is available for unfettered analysis. 3
PRODUCT SPECIFICATIONS Workstation Models Client Workstation OS Support Remote Desktop OS Support Virtualization Support Launchpad Shared Workstation for fast user switching with autologon Windows account, and Personal Workstation for full Windows profile; Multiple Sessions to support simultaneous, multiple users on same workstation with full Windows profile. Windows 7 (32-bit or 64-bit) Windows Embedded Standard 7 Windows XP, SP3 (32-bit only), or Windows XP Professional Tablet Edition (32-bit only) Windows XPe SP3, or Windows Embedded Standard 2009 (32-bit only) Windows Server 2003 SP2 (32-bit or 64-bit) Windows Server 2003 R2 (32-bit or 64-bit) Windows Server 2008 (32-bit or 64-bit) Windows Server 2008 R2 Published desktops and applications via Windows Terminal Services, Citrix, Clearcube and VMWare VDI. Role-based application toolbar, quick click patient list, lock and logoff buttons. Authentication Directory Active Directory 2003/2008 / 2008 R2. Way2Care Readers Way2Care Badge Support Active Directory Password Reset Passive RFID Card Provisioning Application Automated Provisioning Application Self Provisioning Application Bridge Building HL7 CCOW Support Number of Concurrent Sessions Vault Operating System Vault Datastore Vault Management Protocol RFIdeas and OMNIKEY readers Readers are compatible with nearly all 125kHz and 13.56MHz contactless cards/tags/labels. Partial list: AWID, HID, iclass, Indala, Casi-Rusco Yes, supports self-enrollment with administrator set options End user self-provisioning Native integration with Caradigm s provision TM solution or other provisioning solution via the provisioning API Password learning on first logon for bridged applications; passwords not required for HL7 CCOW compliant applications Visual point-and-click Wizard to build SSO and Context bridges for web, client, and terminal applications. Event based API can respond to any application event. Yes, out-of-the-box for both SSO and Patient Context 2,500 per vault Linux CentOS OpenLDAP. Password stored with AES 128-bit encryption SNMP Achievable Uptime 99.999% 3
SERVICES AND SUPPORT Installation Our fixed-fee implementation is a shared-risk model where the costs and scope are known up-front, and the focus is a successful go-live. Rather than the cookie-cutter approach common for SSO, a implementation is tailored to the needs of your organization including knowledge-transfer via hands-on training to ensure that your IT team is equipped to support and expand the solution for years to come. Support Caradigm s Product Support Team provides 24x7x365 support and is staffed by engineers who have an average of ten years experience providing technical support. We implement and support all elements proposed in our total solution via a single contract. Training We provide resources on-site during implementation to facilitate knowledge transfer to your local IT team. After your initial roll-out we offer a combination of self-paced online courses, instructor-led online classes, and instructor-led classes at our training facility in Andover, targeted to all levels of technical competency. MORE INFORMATION Visit us at www.caradigm.com or contact us at info@caradigm.com 3
About Caradigm Formed by GE Healthcare and Microsoft Corp. in June 2012, Caradigm is a 50 50 joint venture focused on enabling health systems and payers to drive continuous improvements in care. Caradigm software helps healthcare professionals across care settings to use data to gain critical insights, collaborate with each other and with patients, and to develop and implement innovative care solutions. Amalga, ehealth Information Exchange and and applications built by partners to extend these products allow clinicians, administrators and finance teams timely access to key information, helping them to take steps to solve some of healthcare s biggest problems, including chronic disease management, preventable hospital readmissions and hospital acquired conditions, and to advance integrated, accountable care. Caradigm is headquartered in Bellevue, Washington. For more information about the company, visit http://www.caradigm.com. 2012 Caradigm. All rights reserved. Caradigm, Amalga, provision, Privacy Auditor, Way2Care, and are trademarks of Caradigm USA LLC. This material is provided for informational purposes only. Caradigm makes no warranties, express or implied. Product specifications are subject to change.