Cisco Cisco Extended Care 1.0 White Paper
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
Access to the Epic applications are protected by existing clinical access policies and secure login through the
Hyperspace and MyChart client. The clinician’s session in Hyperspace requests Extended Care to join the video
Hyperspace and MyChart client. The clinician’s session in Hyperspace requests Extended Care to join the video
session. After the request is received by Extended Care, the video session is started with the Cisco UCM endpoint
that the clinician has selected.
Patient Information
Extended Care does not use or log any protected health information (PHI) or personally identifiable information
(PII). The only information passed to Extended Care for a telehealth session are the session parameters in the web
service, which do not include any PHI or PII.
Authentication/Access Control
Providers and patients can use Extended Care only after logging in to their respective EHR applications (that is, in
the case of Epic: Hyperspace for Providers and MyChart for patients). Extended Care does not require any
additional authentication. All communication between Epic and Cisco technology is encrypted using a shared key.
Further, Extended Care requires administrators to log in using a user name and password to access the admin
portal for Extended Care.
Data Security
The audio and video data exchanged during a session is not cached. This data is queued in memory and played
out by the video client. Further, Extended Care does not record or store the telehealth session; rather it is used
only as a communication conduit between the parties engaged in the telehealth session.
Application Hosting
Extended Care components are hosted on-
premises in the customer’s data center. The customer maintains
complete control of the physical access to the servers.
Cisco support engineers, in addition
to customer’s administrators, require access to the system and VPN access to
the Extended Care solution to remotely configure and debug any issues according to applicable support
agreements. System access is logged by the VPN system.
Application Security
Cisco engineers have performed vulnerability analysis on the Extended Care source code using Nessus. They
have not implemented any special mechanisms for malicious code protection, because it is a Linux-based system.
The platform uses 2048-bit encryption key and certifications, while Epic URL parameters are encrypted using AES.
Endpoints are provisioned in Extended Care and a password is associated with each endpoint. Access to an
endpoint is secured using it's password. When a Jabber client is in use as an endpoint, Extended Care stores the
Jabber client login ID; however, Extended Care does not store user passwords.
The Extended Care application is stateless. The EHR application (Hyperspace) uses an endpoint to start video
collaboration. This endpoint is un
ique and access to it is controlled using the endpoint’s password. When the EHR
application launches Extended Care with an endpoint E1, the previous endpoint session for the endpoint E1 is
reset, and a new session is created.