This page reviews frequently asked questions (FAQs) regarding the ProviderPass application.
Do we need to manage the identity proofing ourselves?
No. Exostar handles identity proofing with both automated and agent-guided options, ensuring full compliance.
What identity proofing methods are supported?
ProviderPass supports self-service remote identity proofing as well as live webcam-based sessions with trained agents. Both methods meet IAL2 standards.
What happens if a provider’s ID is rejected?
Providers can connect with our live agent team to complete the process via webcam, minimizing disruptions.
Do we need to purchase and distribute tokens?
No. Exostar provides both hardware and software token options and manages distribution as needed.
What certifications does ProviderPass hold?
ProviderPass is certified by the Kantara Initiative at Identity Assurance Level 2 (IAL2), fully aligning with DEA and NIST 800-63-3 requirements IAL2 and AAL2, and its PKI infrastructure is Federal Bridge-certified.
What two-factor authentication (2FA) methods are supported?
Providers can authenticate using:
– Hardware Tokens – ideal for secure, fixed clinical settings
– Authy Mobile App – for flexible, on-the-go authentication
– Hardware Tokens – ideal for secure, fixed clinical settings
– Authy Mobile App – for flexible, on-the-go authentication
How long does integration typically take?
With engaged stakeholders, integration can be completed in as little as 2–4 weeks.
Is there a published API or SDK available?
Yes. Exostar provides a documented API designed for rapid, secure integration into EHR platforms.
Can we control the provider experience/UI?
Yes. ProviderPass is designed to give EHR vendors full control over the user interface and workflow, maintaining a consistent provider experience.
Can the EPCS solution be white labeled?
Yes. ProviderPass can be embedded and branded to match your EHR’s look and feel.
Are you certified under NIST 800-63-3?
Yes. Identity proofing meets NIST 800-63-3 IAL2 and authentication meets AAL2 standards.
Are your digital certificates cross-certified with the Federal PKI Bridge?
Yes. Exostar’s PKI infrastructure is cross-certified, enabling secure and compliant digital signatures.
How do you help clients prepare for DEA audits?
Exostar provides audit support, including documentation, expert consultation, and ongoing compliance guidance.
Who owns and manages the identity data?
The EHR vendor retains ownership and control over provider identities. Exostar acts as a credentialing and identity assurance service – not the identity owner.
What logging or audit data is available?
Full audit logs are maintained for all identity proofing and signing transactions, readily accessible for compliance and forensic review.