Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Hospital SSO and access management: what changes for IAM teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: A peer-reviewed study across 55 hospitals in the UK and Ireland found that single sign-on and access management cut desktop login time by 60%, sped application access by more than 50%, and redirected 3.3 million clinician hours to patient care, according to Imprivata. The core lesson is that healthcare IAM succeeds when it reduces friction without weakening auditability or session control.

NHIMG editorial — based on content published by Imprivata: clinician time savings and financial value of workstation single sign-on and access management in the United Kingdom and Ireland

By the numbers:

Questions worth separating out

Q: How should hospitals reduce login friction without weakening access control?

A: Hospitals should use single sign-on, strong multifactor authentication, and session controls together so clinicians authenticate less often without losing auditability.

Q: Why do shared clinical workstations create identity governance risk?

A: Shared clinical workstations make session integrity a governance issue because the device is reused by multiple people in fast-moving care settings.

Q: How can security teams tell whether access controls are actually helping clinicians?

A: Security teams should measure authentication time, access interruptions, and workaround behaviour alongside privacy and audit outcomes.

Practitioner guidance

  • Measure login friction alongside care impact Track desktop login time, application access time, and workaround frequency before and after any SSO deployment.
  • Design for shared-workstation session integrity Require automatic locking, reauthentication, and explicit user switching on multi-user desktops and kiosks so the identity trail remains clear when devices are reused by different clinicians.
  • Tie authentication controls to the clinical workflow Map where repeated logins interrupt medication ordering, chart review, and handover tasks, then align the access pattern to those workflows instead of forcing a single office-style login model.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

  • The study design across 55 hospitals, including which wards and device types were measured.
  • The time-and-motion methodology used to capture login duration, user-switching events, and access workarounds.
  • The economic model behind the 307 additional eligible hospitals and the £1.1 billion annual productivity estimate.
  • The direct quotations and journal context from the AHISP paper and associated research collaboration.

👉 Read Imprivata's research on clinician time savings from hospital SSO and access management →

Hospital SSO and access management: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Clinical access friction is an identity governance problem, not just an IT usability issue. When clinicians face repeated login steps across many systems, the programme starts to rely on behavioural workarounds such as shared access, delayed logouts, or credential reuse. That shifts risk from the policy layer into day-to-day practice, where auditability weakens and privacy exposure rises. The implication is that hospital IAM has to be assessed against workflow pressure, not only policy intent.

A few things that frame the scale:

  • 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows how weak identity observability still is in many programmes.

A question worth separating out:

Q: Which identity controls matter most when hospitals modernise clinical access?

A: The most important controls are SSO, multifactor authentication, automatic locking, reauthentication, and clear session audit trails. Together they reduce repetitive login burden while preserving accountability across EPRs and other clinical applications. Hospitals should prioritise controls that fit real clinical movement between devices and systems, not generic office access patterns.

👉 Read our full editorial: Single sign-on in hospitals shows the access-security trade-off



   
ReplyQuote
Share: