Single sign-on in hospitals shows the access-security trade-off

At a glance

What this is: This is an analysis of hospital single sign-on and access management, showing that secure access can materially reduce clinician login friction and return time to care.

Why it matters: It matters because identity controls in healthcare must balance security, auditability, and workflow speed across human identity programmes, while also informing broader access design for shared workstations and privileged clinical systems.

By the numbers:

• A study across 55 hospitals in the UK and Ireland found that single sign-on and access management redirected 3.3 million clinician hours annually from logging in to patient care.
• The same study found a 60% reduction in desktop login time after deployment.
• 307 additional eligible hospitals could free up 71

👉 Read Imprivata's research on clinician time savings from hospital SSO and access management

Context

Single sign-on in hospitals is an access problem as much as a usability problem. When clinicians must move across many clinical applications, repeated authentication can slow care, encourage unsafe workarounds, and weaken privacy controls if users stay logged in or share access to keep work moving.

This article argues that hospital identity controls should be judged against workflow reality, not just compliance checklists. The relevant issue for IAM teams is whether access policy can preserve auditability, session integrity, and role-based control while removing unnecessary login friction for clinicians and other frontline users.

Key questions

Q: How should hospitals reduce login friction without weakening access control?

A: Hospitals should use single sign-on, strong multifactor authentication, and session controls together so clinicians authenticate less often without losing auditability. The goal is to remove unnecessary repetition, not to dilute identity assurance. If the secure path is also the fastest path, users are less likely to create workarounds that weaken privacy and accountability.

Q: Why do shared clinical workstations create identity governance risk?

A: Shared clinical workstations make session integrity a governance issue because the device is reused by multiple people in fast-moving care settings. If locking, reauthentication, and user switching are weak, the programme can lose clarity over who did what. That creates privacy, audit, and accountability problems even when the original login was valid.

Q: How can security teams tell whether access controls are actually helping clinicians?

A: Security teams should measure authentication time, access interruptions, and workaround behaviour alongside privacy and audit outcomes. If clinicians are still sharing logins, avoiding logouts, or delaying tasks to bypass controls, the access model is not working as intended. A control that looks good on paper but harms workflow is usually creating hidden risk.

Q: Which identity controls matter most when hospitals modernise clinical access?

A: The most important controls are SSO, multifactor authentication, automatic locking, reauthentication, and clear session audit trails. Together they reduce repetitive login burden while preserving accountability across EPRs and other clinical applications. Hospitals should prioritise controls that fit real clinical movement between devices and systems, not generic office access patterns.

Technical breakdown

How SSO changes hospital authentication flow

Single sign-on reduces repeated prompts by letting a clinician authenticate once and then move across multiple trusted applications within a governed session. In healthcare, that matters because EPR access is often fragmented across desktop, kiosk, and application layers, each with its own login burden. The technical value is not just fewer passwords. It is a controlled authentication fabric that can preserve identity assurance, reauthentication, and audit trails while lowering interruption rates. When paired with two-factor authentication and smartcard-backed access, SSO can reduce the temptation to share credentials or avoid logout steps that blur accountability.

Practical implication: map SSO to the exact clinical workflows and session boundaries that create login fatigue, then verify that audit requirements still hold.

Access management on shared clinical workstations

Hospital access management has to work on multi-user desktops and kiosk-style devices where the user is transient but the device is persistent. That creates a different control problem from a normal office login, because session handoff, automatic locking, and reauthentication become part of the security model. If these controls are weak, clinicians may leave sessions open, switch users informally, or rely on workarounds to maintain speed. A stronger model keeps the workstation usable while making identity changes explicit and logged. The point is to preserve accountability even in fast-moving care settings.

Practical implication: enforce automatic lock and reauthentication on shared clinical endpoints, and test user-switching behaviour under real ward conditions.

Why workflow speed and privacy can improve together

This study shows that access control and clinical efficiency are not opposing goals when the identity layer is designed around the actual task sequence. The improvement came from reducing login overhead without removing assurance controls, which means security was embedded in the workflow instead of being bolted on as a separate hurdle. That is an important pattern for healthcare IAM: controls fail when they are experienced as interruptions, because users create shortcuts. Well-designed access management reduces both delay and privacy risk by keeping the secure path the easiest path.

Practical implication: evaluate access controls by measuring both authentication time and workaround frequency, not compliance status alone.

NHI Mgmt Group analysis

Clinical access friction is an identity governance problem, not just an IT usability issue. When clinicians face repeated login steps across many systems, the programme starts to rely on behavioural workarounds such as shared access, delayed logouts, or credential reuse. That shifts risk from the policy layer into day-to-day practice, where auditability weakens and privacy exposure rises. The implication is that hospital IAM has to be assessed against workflow pressure, not only policy intent.

Healthcare SSO works when it preserves assurance while collapsing unnecessary authentication overhead. The study’s value case comes from combining faster access with two-factor authentication, smartcard integration, automatic locking, and reauthentication. That combination matters because it shows clinicians do not need weaker controls to work faster. The implication is that identity teams should treat secure convenience as a design requirement, not a trade-off to be accepted later.

Shared clinical endpoints make session integrity a core governance control. Multi-user desktop and kiosk models change the access problem from static login to controlled identity handoff. If session boundaries are not enforced, identity accountability becomes ambiguous at the point where care is moving fastest. The implication is that healthcare access policy must be built for user switching, not just individual authentication.

Hospitals need to judge access controls by time returned to care, not by login counts alone. The study’s 3.3 million hours redirected to patient care shows that access governance has operational value when it removes waste from frontline work. That does not mean security should be relaxed. It means the identity programme should be measured as part of clinical throughput, staff satisfaction, and privacy protection together. The implication is that IAM and clinical operations need shared success metrics.

Hospital SSO and access management belongs in the broader Zero Trust conversation for human identity. This is not about replacing clinical judgement with security policy. It is about making authenticated access continuous, auditable, and proportionate across a busy care environment. That aligns with NIST Cybersecurity Framework and Zero Trust thinking, where access decisions should be explicit and context-aware. The implication is that healthcare identity programmes should treat SSO as a governance control, not just a login utility.

From our research:

• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which shows how weak identity observability still is in many programmes.
• For the governance side of this problem space, NHI Lifecycle Management Guide shows how provisioning, rotation, and offboarding discipline changes the risk profile.

What this signals

Healthcare identity teams should expect more scrutiny of how access controls affect operational throughput, not just security assurance. As clinical environments move toward digitised care, the programme that cannot prove both speed and accountability will struggle to gain adoption. Clinician access efficiency: this is the point at which identity controls are judged by the time they return to frontline work, not by the number of policies they satisfy.

The broader lesson is that human identity programmes in high-pressure environments need to be measured against session integrity and exception behaviour. If users can only stay productive by bypassing the intended access model, the governance design has already failed in practice. That is why NIST Cybersecurity Framework thinking matters here, especially where access and recovery must both hold under clinical load.

Hospitals should also expect the access conversation to expand beyond passwords into lifecycle and device context. The controls that matter are the ones that make the secure path easier than the unsafe workaround, while still preserving traceability across shared endpoints. That is a strong fit with NIST Cybersecurity Framework 2.0 and the operational reality of clinical mobility.

For practitioners

• Measure login friction alongside care impact Track desktop login time, application access time, and workaround frequency before and after any SSO deployment. Use ward-specific data, because emergency departments, intensive care units, and office settings create different access pressures.
• Design for shared-workstation session integrity Require automatic locking, reauthentication, and explicit user switching on multi-user desktops and kiosks so the identity trail remains clear when devices are reused by different clinicians.
• Tie authentication controls to the clinical workflow Map where repeated logins interrupt medication ordering, chart review, and handover tasks, then align the access pattern to those workflows instead of forcing a single office-style login model.
• Review where workarounds are replacing policy Look for shared logins, delayed logouts, and credential reuse as indicators that access controls are not matching operational reality. Treat those behaviours as governance failures, not user convenience.

Key takeaways

• Hospital SSO succeeds when it reduces authentication burden without weakening session accountability or auditability.
• The evidence here is operational, not theoretical: login time fell by 60%, and 3.3 million clinician hours were redirected to patient care.
• IAM teams should treat shared-workstation access, reauthentication, and automatic locking as clinical governance controls, not user-experience extras.

Key terms

• Single sign-on: Single sign-on lets a user authenticate once and then access multiple systems within a controlled session. In healthcare, it reduces repeated logins across clinical applications while keeping identity assurance, auditability, and reauthentication requirements in place.
• Access management: Access management is the set of controls that decide how a user enters, moves through, and exits systems. In hospitals, it has to balance speed, shared-device realities, and traceable accountability so that clinicians can work efficiently without losing session control.
• Session integrity: Session integrity means the identity assigned to a device or application remains clear, current, and attributable for the full duration of use. On shared clinical workstations, it is what prevents access from becoming ambiguous when users change rapidly or work across kiosk-style environments.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Imprivata: clinician time savings and financial value of workstation single sign-on and access management in the United Kingdom and Ireland. Read the original.