Clinician login burden and access management: what changes for IAM teams

TL;DR: A study across 55 hospitals in the UK and Ireland found clinicians sometimes authenticate into up to 20 applications per shift, with desktop login times falling 60% and application access becoming more than 50% faster after single sign-on and advanced access management, according to Imprivata and AHISP research. The finding shows access management is now an operational control for healthcare IAM, not just a convenience layer.

NHIMG editorial — based on content published by Imprivata: growing pressures on hospitals and clinicians put access management at the center of patient care and security strategies

By the numbers:

• Time-and-motion analysis showed that desktop login times fell by 60 percent after implementation.
• Application access became more than 50 percent faster after implementation.

Questions worth separating out

Q: How should healthcare teams reduce login friction without weakening identity assurance?

A: Healthcare teams should reduce repeated authentication by centralising sign-on, tightening session handling, and removing unnecessary prompts across core clinical applications.

Q: Why do clinicians end up using shared credentials or delayed logouts?

A: Clinicians usually adopt those workarounds when authentication is too frequent or too slow for the pace of care.

Q: How do identity teams know if access management is actually improving governance?

A: Look for fewer repeated logins, fewer access workarounds, stronger session traceability, and cleaner attribution in audit logs.

Practitioner guidance

• Map authentication burden by clinical role Measure how many separate logins each role completes per shift, where delays occur, and which applications trigger the most workarounds.
• Centralise session handling across clinical applications Use single sign-on and automated session management to reduce repeated prompts while preserving audit trails and user attribution across downstream systems.
• Treat logout enforcement as a governance control Define where sessions must end, how inactivity is handled, and which exceptions are allowed.

What's in the full article

Imprivata's full article covers the study detail this post intentionally leaves for the source:

• The hospital-by-hospital methodology behind the 55-site study across the UK and Ireland.
• The time-and-motion analysis that underpins the reported reductions in login burden and application access time.
• The clinical workflow context behind the shift away from shared credentials and delayed logout practices.
• The national implications for NHS digital strategy, workforce pressure, and security posture.

👉 Read Imprivata's study on clinician access management and workflow impact →

Clinician login burden and access management: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →