Healthcare offboarding failures: what lingering access really means

TL;DR: A nurse who left a health system a year earlier still had a working login and tried to retrieve a patient’s records, illustrating how failed offboarding turns routine care into a compliance and privacy risk, according to SailPoint. Lingering access is unmanaged identity risk, and healthcare is only the clearest example.

NHIMG editorial — based on content published by SailPoint: Blog Facepalm Files, on a nurse retaining access after leaving a health system

By the numbers:

• 15% to 30% in just one year., ty and non-employee access doubled from 15% to 30% in just one year.

Questions worth separating out

Q: What breaks when offboarding fails for regulated systems?

A: When offboarding fails, a former user can still authenticate into systems that should have been closed to them, which creates privacy, audit, and compliance exposure.

Q: Why do stale accounts create more risk than teams expect?

A: Stale accounts create risk because they preserve a working path into production systems even when nobody is actively monitoring the identity anymore.

Q: How do security teams know whether lifecycle governance is actually working?

A: Lifecycle governance is working only when identity termination is verified end to end, including downstream applications, federated access, and privileged exceptions.

Practitioner guidance

• Bind offboarding to authoritative termination events Remove access automatically when employment, contract, or clinical assignment ends, and verify that the revocation touches every system that can expose regulated records.
• Audit dormant identities for still-working logins Look for accounts that remain active after role change or departure, especially in systems that handle patient data, because stale access often survives on exception paths.
• Separate approval for records retrieval from authentication state Require that current business relationship be validated before any access to protected records proceeds, rather than assuming a valid login is sufficient.

What's in the full article

SailPoint's full blog post covers the operational detail this post intentionally leaves for the source:

• The original first-person incident narrative and the exact sequence of events at the clinic.
• The vendor's framing of why lifecycle mistakes in human identity management are easy to miss during routine workflows.
• The article's discussion of compliance implications for healthcare records access and offboarding.
• The broader identity-security lesson the author draws from the anecdote.

👉 Read SailPoint's Facepalm Files post on lingering healthcare access and offboarding →

Healthcare offboarding failures: what lingering access really means?

Explore further

View Full Forum →  |  NHI Foundation Course →