Notifications
Clear all
Topic starter
06/06/2026 2:07 am
TL;DR: Healthcare IAM must balance clinician speed with stronger assurance, role precision, and Zero Trust-aligned access governance, as Imprivata says its expanded Enterprise Access Management platform adds facial recognition, high-assurance identity verification, and AI-powered behavioural analytics to help NHS organisations strengthen access controls, support audit evidence, and reduce dependence on shared credentials.
NHIMG editorial — what this means for IAM teams
Questions worth separating out
Q: How should healthcare teams reduce dependence on shared credentials without slowing clinicians down?
A: Start with the workflows that depend most on shared workstations, rapid handoffs, and repeated sign-ins.
Q: Why do shared clinical devices create problems for standard IAM controls?
A: Shared devices weaken the assumption that one account maps cleanly to one person and one session.
Q: What do security teams get wrong about passwordless authentication in regulated environments?
A: They often treat passwordless as a convenience layer instead of a governance control.
Practitioner guidance
- Map shared-device access paths first Identify where clinicians and support staff share devices, then document where current sign-in patterns depend on reusable credentials or weak fallback recovery.
- Tie verification to audit evidence Make sure onboarding, help desk recovery, and access changes produce logs that explain who was verified, what policy applied, and why access was granted.
- Use behavioural signals to change outcomes Define in advance which anomalous behaviours should trigger step-up checks, session restriction, or case review.
What's in the full announcement
Imprivata’s full article covers the implementation detail this post intentionally leaves for the source:
- The specific NHS and healthcare workflow scenarios the expanded EAM platform is designed to support.
- The full explanation of facial recognition, identity verification, and behavioural analytics within the product context.
- The compliance framing around CAF-aligned DSPT and Spine Authentication evidence expectations.
- The webinar, demo, and live briefing details for teams evaluating the platform in practice.
👉 Read Imprivata’s overview of expanded NHS access management and passwordless controls →
Passwordless NHS access management: what changes for IAM teams?
Explore further
06/06/2026 3:36 am
Healthcare identity is still struggling with the shared-device problem. NHS environments cannot rely on identity patterns built for one person, one device, and one session. Shared-use workstations, fast handoffs, and urgent access to patient systems create a control environment where reusable secrets and slow sign-in flows are structurally weak. The implication is that healthcare IAM must be judged on how well it handles communal access, not just how well it protects a single user account.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- That visibility gap matters because 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: How do you know if behavioural analytics are actually improving access security?
A: Look for whether the analytics change decisions, not just alert volume. A useful programme uses risk signals to drive step-up authentication, session restriction, or targeted review, and can show that those actions reduce exposure without disrupting care. If the signal never changes an access outcome, it is not doing control work.
👉 Read our full editorial: Passwordless NHS access management changes the identity control set
