TL;DR: A peer-reviewed study across 55 hospitals in four nations found clinicians can lose millions of hours a year to logins, with SSO and access management reducing fatigue, improving job satisfaction, and reclaiming 3.3 million hours of time according to Imprivata's cited research. In healthcare IAM, authentication is no longer just a security control, but a workflow and resilience issue.
NHIMG editorial — based on content published by Imprivata: New Data Shows Hospitals Lose Millions of Hours to Logins, Driving Demand for Single Sign-On
By the numbers:
- the study covered 55 hospitals across four nations
- some clinicians juggle up to 20 separate credentials per shift
Questions worth separating out
Q: How should hospitals reduce login friction without weakening security?
A: Hospitals should centralise authentication with single sign-on, then apply session governance, role-based access, and reauthentication rules where data sensitivity demands it.
Q: Why does repeated authentication create risk in healthcare environments?
A: Repeated authentication creates risk because it increases cognitive load, slows care delivery, and encourages workarounds.
Q: How do you know if SSO is actually improving identity governance?
A: SSO is working when login counts fall, clinicians spend less time reauthenticating, and workaround behaviour declines without a rise in unauthorised access.
Practitioner guidance
- Map login-heavy clinical workflows end to end Identify where clinicians reauthenticate across EHRs, lab systems, prescribing tools, and shared workstations.
- Pair SSO with session governance Define when reauthentication should occur, how long sessions remain valid, and which applications need stricter step-up checks.
- Measure authentication friction as an operational metric Track login counts per shift, time lost per user group, and the rate of workarounds such as shared sessions or delayed logout.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The study methodology behind the 55-hospital, four-nation research sample
- The hospital-by-hospital productivity and value calculations behind the 3.3 million hours figure
- Additional context on clinician burnout, screen-time fatigue, and workflow satisfaction outcomes
- The practical access management framing used in the source article for healthcare IT decision-makers
👉 Read Imprivata's analysis of hospital login friction and SSO access management →
Hospital login friction and SSO: what IAM teams need to know?
Explore further
Authentication is now a care-delivery control, not just an access gate. In hospitals, repeated login prompts consume clinician attention at the exact moment it is most expensive. That turns identity friction into an operational constraint that affects throughput, staff fatigue, and the reliability of privacy practices. The implication is that IAM decisions in healthcare must be judged against clinical workflow impact, not only against policy compliance.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- In the same study, 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which shows how quickly delegated access can outrun governance.
A question worth separating out:
Q: Who is accountable when hospital access controls create unsafe workarounds?
A: Accountability sits with the identity, clinical operations, and security teams together, because workflow design and access policy are inseparable in healthcare. If access controls push users toward insecure shortcuts, the programme owner must treat that as a governance failure, not a user discipline problem. Regulators and auditors will care whether the control was usable in practice.
👉 Read our full editorial: Single sign-on is becoming a clinical performance lever in hospitals