Facial Biometrics for mobile EPCS
Imprivata’s DEA-compliant solution for mobile e-prescribing of controlled substances
Overview
Imprivata introduced facial biometrics as a new factor of authentication for electronic prescribing of controlled substances (EPCS), compliant with the requirements set forth by the U.S. Drug Enforcement Administration (DEA).
Using facial biometrics as a factor of authentication, providers can scan their faces using mobile devices to easily sign EPCS orders (mobile EPCS).
Goals
Enable providers to quickly, easily, and securely enroll their facial biometric as a method of authentication
Enable providers to sign mobile EPCS orders using their enrolled facial biometric
Maintain compliance with the DEA’s requirements for EPCS
Users
The target users of this product are clinicians eligible to prescribe controlled substances.
Persona: Dr. Heidi Hernandez
Dr. Heidi Hernandez is a hospitalist physician at Maguire Hospital managing the care of admitted patients. She juggles administrative tasks with ensuring that patients receive the best medical care. Heidi wants to use technology to help facilitate her administrative work and her communication.
Project details
My role: Lead Product Designer
Project Duration: ~1 year (I worked on other related projects simultaneously)
Team: Product Manager, Scrum Master, Engineering Manager, 2 Engineers, Quality Engineer. Additional design support from Product Design Architect, Visual Designer, and Product Design Intern.
The Scrum Master and several members of the engineering team were located in Ukraine, so the team was geographically distributed.
Methodologies: Discovery research, user flows, wireframing, prototyping, design iteration, pilot testing
Tools: Sketch, InVision, Miro, Figma
Industry: Healthcare, Security, Compliance
Impact
This product was the first of its kind, allowing providers to prescribe controlled substances from their mobile devices, using facial recognition to satisfy the DEA two-factor authentication requirements. This approach not only saves providers’ time, but also makes it much more convenient for them to sign orders for controlled substances securely.
Imprivata partnered with Epic, the largest electronic health record provider in the United States, and gave providers the ability to send EPCS orders from their mobile devices via Epic Haiku (for iOS and Android phones) and Epic Canto (for iPads).
The iOS version was released in October 2023, and support for Android was announced in July 2025.
Background
EPCS could historically be completed only on laptops or desktops, which had several drawbacks
EPCS stands for electronic prescribing of controlled substances; this process is highly regulated by the DEA. Regulatory restrictions and technology challenges have historically prevented providers from prescribing controlled substances on mobile devices, which meant providers could only write these electronic prescriptions at a laptop or desktop computer. This posed several drawbacks, which include:
Inconveniencing providers
Delays in patients receiving their medications, which presented patient safety issues
Imprivata wanted to address these challenges by using facial recognition on mobile devices to allow providers to write EPCS orders from anywhere, at anytime, with a DEA-compliant mobile workflow.
DEA-compliant factors of authentication for EPCS fall into three categories
In order to be eligible for EPCS, providers must complete a highly regulated enrollment process. This includes verifying their identities, and enrolling at least two factors of authentication that are DEA-compliant.
There are three categories of authentication modalities: something you know, something you have, and something you are. The two factors of authentication that a provider may use to write an EPCS order must fall into two of these three categories. They cannot use two factors from the same category.
Facial biometrics is more reliable than fingerprints for the “something you are” factor
The introduction of facial biometrics as a DEA-compliant authentication method saves hospitals from having to invest in fingerprint readers, which can be expensive, and also can break or get lost.
Moreover, fingerprint readers often don’t work properly, especially if users have dry or sweaty skin, or any scars on their fingerprint surface area.
Facial biometrics for EPCS is mobile-friendly and can be used anywhere
Because providers can scan their faces on their mobile devices, they are able to securely sign EPCS orders from anywhere, including from home. This is much more convenient than needing to locate a working fingerprint reader within a hospital or clinic to sign an order. And it allows providers to sign orders wherever they are, without being restricted to the use of laptops or desktops.
Discovery research
We conducted discovery research with existing facial recognition vendors
Before starting the design of our product, a colleague and I did usability testing of existing mobile facial recognition apps to learn what worked well and what could be improved upon.
Shown here is my co-worker Sarah trying out the Knomi app, created by a third-party vendor called Aware. Sarah and I used this app for our initial discovery research.
We conducted our discovery research in the office, with Imprivata employees serving as our test participants. We recruited approximately 20 participants of varying ages, genders, and races. We had them scan their faces using the Knomi app, and asked follow-up questions about the experience.
Summary of discovery research findings
Do not show the captured image of the user’s face after the scan is done
“I really don’t like how it shows the picture because I look so ugly every time.”
Improve the feedback message copy to be more direct
“Have a message telling me to lift phone and fit face until it captures. Something that I don't have to hit any buttons."
Investigate ways to show users how to hold the phone for a successful face scan
"Tell me to take a selfie. A 3 second animation showing me how to hold the phone, something like that...”
Make the feedback message area more visibly obvious to users
"More obvious messaging. The many different elements here are distracting. It's distracting from where you need your face and eyes to be."
Iterative design for mobile screens
Initial design of facial scanning screens was based on discovery research findings
Based on the findings of the usability study with the Knomi app, these are my initial mockups for the facial scanning screen. The oval in which a user had to center their face would initially have a red border. This border would change from red to green to indicate that the face was being captured.
Design iteration #1 - change oval shape to face shape
The initial version was built, and we did usability testing of it with Imprivata employees. Many of the comments users made had to do with the oval in which they had to place their face:
“My face is not quite that shape.”
Based on this, I modified the oval subtly to be slightly more “face shaped” - e.g. wider and less pointy at the top, so it would be easier for the user to try to fit their face into this frame.
Design iteration #2 - give users clear and visual guidance on how to hold the phone
The initial text prompt in the grey box said: “Hold the phone upright at eye-level”.
Several users said they didn’t even notice this prompt because they were busy looking at themselves, and not at the text.
I decided to add an introductory screen with an icon that appeared before the facial scanning process began, to show users visually how they had to hold the phone in order for their faces to be scanned successfully.
Design iteration #3 - have camera take over entire screen, remove red border, move text hints over face
The only thing we wanted users to do on the facial scanning screen was to scan their faces without any distractions, or to cancel, if they decided to opt out.
With this in mind, I redesigned the screen such that the camera took over the entire screen. I removed everything on the screen except the Cancel button. I also removed the red border when the user was positioning their face, because I didn’t want to suggest that the user had somehow made an error by not having their face in the right position off the bat. The green border would still appear once the face was positioned properly to scan.
I made the face scanning window larger, and moved the text hints to appear right in this window, as opposed to above it. The text hints were placed right around where most user’s eyes would be, so no one could possibly miss seeing them.
Video of facial biometric enrollment process on mobile
I recorded a video of myself enrolling my face on my mobile device. This video shows the mobile portion of the user experience, including both the initial face capture and the subsequent face verification. During the verification step, I deliberately didn’t position my face properly at first in order to test out the text prompts that are displayed about how to position my face.
User flows for enrollment process
Enrolling a facial biometric involves switching between a PC and mobile device
The mobile facial scanning screens are part of a larger workflow for facial biometric enrollment, which uses Imprivata’s enrollment utility, a PC-based tool. This enrollment utility is also used to enroll other authentication methods, such as fingerprints and OTP tokens. I created this workflow in collaboration with the product design architect to show the steps specifically for enrolling a facial biometric.
Since facial scanning was only set up to be done on a mobile device, the entire enrollment workflow was a bit complex, involving switching back and forth between a computer and a mobile device. The part highlighted in the red rectangle shows where in the workflow the mobile device is used to scan and verify the face.
Facial biometric enrollment workflow was updated with images of actual screen designs
Once I designed all the screens - for both the PC-based enrollment utility, and the mobile-based facial scanning - I updated the workflow to show the progression from one screen to the next, as well as the switch from the PC to the mobile device and back again.
The facial biometric enrollment process was initiated on a PC, and then the user was directed to their mobile device to scan and verify their face. It was important to be really clear with the design and directions when these switches took place. I included the following in the design to facilitate this process:
Text on the PC telling users to follow instructions on their phone to continue
Text on the phone telling users to continue enrolling on the desktop, once the facial scan on the phone was completed
Same icons used on both the PC and the phone for “Success” (green checkmark) and “Something went wrong” (orange exclamation point). The design instructions to the developers specified that these icons should appear simultaneously on both the PC and the phone after the facial scan was completed.
Prototype aided in validation of facial biometric enrollment workflow with Imprivata clinical staff
One of the challenges of working in the healthcare space was getting time and attention from busy clinicians in order to validate our designs with real-world end users. Fortunately, Imprivata has a clinical team of nurses on staff who are intimately familiar with clinical environments and can use their expertise to advise on product design.
Before starting implementation, I created a prototype of the entire facial biometric enrollment process, including both the desktop and mobile screens, to mimic the switching back-and-forth from one device to the other. Along with the product design architect, I tested this prototype with our clinical staff to verify that it would be easily understood by users. They gave input on both the workflow and the language used on the screens to ensure that it was clear and would be easily understood by end users.
Pilot study
I conducted a pilot test of the facial scanning process on mobile
After facial biometric enrollment was developed and working well, the mobile developer built a small pilot test app that would allow anyone who had enrolled their face to practice scanning it over and over again in a variety of settings and with different lightings to see how well it worked under different conditions.
The product manager and I recruited internal Imprivata employees to participate in the pilot test. We had 9 active participants.
Here I have shown some of the feedback we collected during this study.
Survey feedback from pilot test of facial scanning
We collected additional feedback via a short survey that was linked within the pilot test app. This feedback shows what users liked best and worst about the experience of using the pilot test app.
Aspect that most needs improvement is processing speed
It was immediately evident that processing speed was by far the biggest issue users encountered during the pilot study. Any slowness or delays experienced while using the facial biometric solution were most often due to issues with Aware, the third party vendor we partnered with to do liveness detection. We therefore were dependent on Aware to fix these performance issues.
Our engineers collaborated with Aware to improve the processing speed, thereby improving the user experience
Users were satisfied overall with the ease of use of scanning their face, so we didn’t make any changes to the facial scanning design based on the pilot test.
Challenges
The COVID pandemic began in the midst of this project
The bulk of the work on this project took place over the course of a year; the COVID pandemic began after discovery research and the initial workflow and designs were already complete, but implementation had not yet begun. The team had to adjust to working fully remotely and collaborating entirely via Zoom.
We could no longer do usability testing in-person and had to figure out how to test remotely
It was more challenging to set up usability studies remotely than it had been in-person. It also became harder to recruit users, especially clinicians, for participation in our pilot tests. If not for the pandemic, I would have rather done a customer pilot study with real clinicians as participants, as opposed to internal Imprivata employees standing in for clinicians.
I also would have preferred to observe users enrolling and using facial biometrics in person. Over Zoom, I was more likely to miss nuances of the user experience, such as how users were holding their phones when scanning their faces, and what the lighting was like in the users’ locations.
Masks became a fixture in clinical settings
Facial biometric scanning usually doesn’t work when the user is wearing a mask. We had not considered this issue when the project first began. Users in clinical settings would need to briefly remove their masks to scan their faces for both facial enrollment and verification.
Results and next steps
DEA audit was successful
The DEA interim final rule outlines a series of specific, unique, and complex requirements that healthcare delivery organizations, providers, pharmacies, and technology vendors must meet in order to ensure the integrity and authentication for controlled substance prescriptions.
In order to get the stamp of approval for EPCS certification, we had to demonstrate our solution to auditors who represented the DEA.
The audit was successful and our mobile EPCS solution using facial recognition technology was deemed compliant with DEA requirements. This gave us the green light to move forward with releasing this feature.
Partnership with Epic
Imprivata partnered with Epic, the largest and most widely-used electronic health record (EHR) provider in the United States. We integrated our facial biometric solution with Epic’s mobile e-prescribing workflow on Epic Haiku (mobile app for iPhones and Android devices) and Epic Canto (mobile app for iPads).
Imprivata Mobile EPCS was the first and only solution to integrate with Epic, allowing providers to sign EPCS orders on mobile devices.
Released on both iOS and Android
The facial biometric solution was initially developed only for iOS; the iOS version was released in October of 2023. We also designed and developed an Android version, which I worked on as well. Android support was announced in July of 2025, thereby increasing the potential customer base for this feature.
