Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Clinician login burden and access management: what changes for IAM teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: A study across 55 hospitals in the UK and Ireland found clinicians sometimes authenticate into up to 20 applications per shift, with desktop login times falling 60% and application access becoming more than 50% faster after single sign-on and advanced access management, according to Imprivata and AHISP research. The finding shows access management is now an operational control for healthcare IAM, not just a convenience layer.

NHIMG editorial — based on content published by Imprivata: growing pressures on hospitals and clinicians put access management at the center of patient care and security strategies

By the numbers:

Questions worth separating out

Q: How should healthcare teams reduce login friction without weakening identity assurance?

A: Healthcare teams should reduce repeated authentication by centralising sign-on, tightening session handling, and removing unnecessary prompts across core clinical applications.

Q: Why do clinicians end up using shared credentials or delayed logouts?

A: Clinicians usually adopt those workarounds when authentication is too frequent or too slow for the pace of care.

Q: How do identity teams know if access management is actually improving governance?

A: Look for fewer repeated logins, fewer access workarounds, stronger session traceability, and cleaner attribution in audit logs.

Practitioner guidance

  • Map authentication burden by clinical role Measure how many separate logins each role completes per shift, where delays occur, and which applications trigger the most workarounds.
  • Centralise session handling across clinical applications Use single sign-on and automated session management to reduce repeated prompts while preserving audit trails and user attribution across downstream systems.
  • Treat logout enforcement as a governance control Define where sessions must end, how inactivity is handled, and which exceptions are allowed.

What's in the full article

Imprivata's full article covers the study detail this post intentionally leaves for the source:

  • The hospital-by-hospital methodology behind the 55-site study across the UK and Ireland.
  • The time-and-motion analysis that underpins the reported reductions in login burden and application access time.
  • The clinical workflow context behind the shift away from shared credentials and delayed logout practices.
  • The national implications for NHS digital strategy, workforce pressure, and security posture.

👉 Read Imprivata's study on clinician access management and workflow impact →

Clinician login burden and access management: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Clinician login friction is an identity governance problem, not just a UX problem. When staff are forced through too many authentication steps, they do not stop working. They improvise around the control, which means the organisation starts governing actual behaviour instead of intended policy. In healthcare, that gap can weaken auditability, increase shared access, and create hidden exceptions in environments that already depend on tight accountability. The practical conclusion is that access design must be treated as a core identity control, not an interface polish issue.

A few things that frame the scale:

  • 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
  • Only 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months.

A question worth separating out:

Q: Who is accountable when access controls create unsafe clinical workarounds?

A: Accountability sits with the teams that design, approve, and govern the access model, not with clinicians alone. If repeated authentication drives shared access or persistent sessions, the control design is misaligned with the working environment. Governance teams should be measured on whether their controls can be followed under real clinical pressure.

👉 Read our full editorial: Clinician access management is becoming a care delivery control



   
ReplyQuote
Share: