top of page

Secure, remote access to MEDITECH Expanse

Apr 28, 2020

This article covers essential points of achieving secure, clinical mobility with MEDITECH Expanse. Each article in this four-part series will offer solutions and strategies to effectively merge convenience with security in an increasingly fast-paced, mobile world. Explore part 1, part 3, and part 4 of this series!


As your trusted advisor, Forward Advantage will work with you to build a strategy that maximizes your investment in MEDITECH Expanse and creates happier providers and patients. This week, we’re covering how to accommodate external workflows with two-factor authentication.

Q: What should customers consider to secure Expanse’s mobile environment?

When we talk about enterprise mobility and device mobility, we’re not just talking about what device your users use. Whether it’s an iPad, a Zebra device, or a Windows-based thin client, we’re not only concerned about the user’s experience across those devices, but we’re also considering where the user is accessing their data from. A lot of the time, endpoint strategies focus on user experience within the four walls of the organization. Previously, when we did want to accommodate external user workflows, we had to do so with technologies like VMware or Citrix to publish out MEDITECH as an application or use cumbersome VPN software where users probably had a Remote Desktop, and from there access to MEDITECH. It was a multi-step process.

Now, MEDITECH Expanse can be securely published, essentially as a webpage, for access within your organization and outside as well. Any user with a web browser (whether inside or outside the organization) can access a URL and authenticate into Expanse. That sounds great from the convenience side of things, but it raises a red flag for security teams when we talk about externally publishing your EMR software. We have to add security measures to accommodate the convenience of accessing your software outside hospital. This is accomplished through two-factor authentication.

Q: How does multifactor authentication work for remote access?

When we talk about multifactor authentication, we typically want something the user knows and something they have. This is typically their username and password and, in the case of Imprivata's Enterprise Access Management for Remote Access, a soft token that runs on their phone. Enterprise Access Management for Remote Access provides the ability to integrate with leading VPNs (for example Cisco ASA, Palo Alto, Juniper, Microsoft Active Directory Federated Services, etc.). Not only are we accommodating two-factor authentication for MEDITECH Expanse, but we have the ability to integrate with any of the gateways you use to facilitate remote access.

Key takeaways

MEDITECH Expanse comes with great browser-based convenience. It helps streamline workflow, expedite access to critical information, and enhance patient care. However, added convenience requires added security. If you grant the ability to access your resources from anywhere around the world, then it needs to be done in a secure fashion. If there are resources where you don’t want remote access to occur at all, you can lock those down within the policies we create with Enterprise Access Management for Remote Access. Don't forget to read the next part of this series!

Interesting in finding out more?

Related resources

bottom of page