Healthcare access management in Italy: what changes for IAM teams?

TL;DR: Italian healthcare providers are facing slower logins, shared workstation workarounds, and rising regulatory pressure as digital care expands, according to Imprivata. The access problem is no longer just user experience. It is a security, compliance, and productivity issue that demands stronger identity governance across clinicians, third parties, and AI agents.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• Imprivata supports more than 4,000 organizations globally and helps more than 4 million clinicians and other users access the systems they need every day.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should healthcare organisations reduce shared credential use without slowing clinicians down?

A: They should design access around the clinical workflow rather than the application boundary.

Q: Why do shared workstations create higher identity risk in hospitals?

A: Shared workstations increase risk because multiple staff members, devices, and shifts can collapse into the same session context.

Q: How should teams govern vendor and AI access to clinical systems?

A: They should require named ownership, task-scoped elevation, session logging, and revocation procedures that work when the task ends.

Practitioner guidance

• Map clinical access paths by workflow, not by system. Inventory how clinicians move between EHRs, shared workstations, mobile devices, and remote applications, then identify where session breaks or login delays trigger unsafe workarounds.
• Separate privileged access for vendors and AI agents from standing administrative rights. Require task-scoped elevation, session recording, and explicit offboarding for every third-party or machine identity that can touch sensitive healthcare systems.
• Use risk-based authentication for high-impact access paths. Apply step-up checks to actions involving patient data, privileged tools, and off-network access, but avoid forcing extra prompts into routine bedside workflows.

What's in the full announcement

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• How the platform handles badge-tap access, SSO, and session continuity across shared clinical devices.
• The specific combination of privileged access, mobile access, and risk-based authentication capabilities described for healthcare workflows.
• The Italy market context, including the PNRR-driven digital transformation backdrop and the NIS2 compliance angle.
• The vendor's own examples of how access friction affects clinician burnout, support load, and patient care timing.

👉 Read Imprivata's analysis of healthcare access management in Italy →

Healthcare access management in Italy: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →