Shared workstations force clinicians to authenticate repeatedly as they move between rooms, devices, and applications. That breaks workflow continuity, adds cognitive load, and turns short delays into accumulated lost time. In practice, the problem is not a single login event but the repeated reset of context across a clinical shift.
Why This Matters for Security Teams
Healthcare access friction is not just an inconvenience. When clinicians share workstations, every lock, logout, timeout, and re-authentication interrupts the clinical rhythm and increases the chance of workarounds such as sticky notes, shared sessions, or delayed charting. That creates both productivity loss and control failure. Current guidance suggests that identity controls must support the way care is delivered, not force staff to adapt to rigid session handling. The broader identity problem is well documented in Ultimate Guide to NHIs and the risk patterns behind repetitive access breakdowns are consistent with the attack surface described in the OWASP Non-Human Identity Top 10.
In practice, the issue is rarely a single bad login policy. It is the accumulation of small interruptions across a shift, especially when nurses, physicians, and technicians move between rooms and devices under time pressure. That context reset becomes a security issue when people choose convenience over process.
How It Works in Practice
Shared workstations create friction because each user transition has to re-establish trust in the session, the device, and the application. In an ideal design, users would authenticate once and retain an appropriate session context long enough to complete the task, but healthcare environments rarely get that luxury. Devices are mobile, users are interrupted constantly, and clinical applications often have different timeout rules. The result is repeated prompts for passwords, badges, MFA challenges, or badge tap-ins.
Security teams usually try to reduce the pain with a mix of SSO, tap-and-go badge authentication, fast lock screens, and shorter but predictable session handling. The goal is not to remove identity checks, but to make them less disruptive while keeping accountability intact. The best implementations treat the workstation as a shared access surface and the individual clinician as the authenticated principal, so the next user can start cleanly without inheriting the previous session. For background on how identity sprawl and session governance create operational risk, see Ultimate Guide to NHIs — Key Challenges and Risks and the breach patterns in 52 NHI Breaches Analysis.
- Use fast re-authentication methods that fit clinical movement, such as badge-based sign-on or proximity re-entry.
- Keep session timeouts short enough to reduce exposure, but long enough to avoid needless re-prompts between adjacent tasks.
- Separate user identity from device identity so the workstation can remain managed even as users change.
- Prefer role-aware workflows that reduce repeated approval steps for routine clinical actions.
These controls tend to break down when application timeout settings, EHR policy, and workstation lock behaviour are configured independently across departments.
Common Variations and Edge Cases
Tighter session control often increases delay, requiring organisations to balance stronger access hygiene against workflow interruption. That tradeoff is real in emergency departments, operating theatres, and high-turnover nursing stations, where clinicians cannot afford long authentication sequences. In those settings, best practice is evolving toward context-aware access that recognises location, device state, and task urgency while still preserving auditability.
There is no universal standard for this yet, but the direction is clear: reduce standing friction without creating standing access. Some organisations use shared device pools with rapid identity switching, while others rely on roaming profiles or tap-based re-entry tied to strong identity proofing. The wrong pattern is to leave workstations permanently unlocked or to let users stay logged in across shift changes. That may feel efficient, but it undermines both accountability and patient data protection.
Healthcare teams also need to watch for edge cases where a shared workstation is not the real problem. If the real issue is poorly tuned timeout policy, inconsistent MFA prompts, or application-level logout loops, fixing the workstation alone will not help. The access experience has to be designed across the whole clinical path, not just at the login screen.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Shared sessions expose identity and session handling weaknesses at the access layer. |
| NIST CSF 2.0 | PR.AA-01 | Clinician authentication flow must remain usable while preserving identity assurance. |
| NIST Zero Trust (SP 800-207) | PR.AC-1 | Zero Trust limits implicit trust in shared workstations and reused sessions. |
Minimise standing access and enforce clean session boundaries for every workstation handoff.
