TL;DR: NHS trusts are pooling budgets, teams, and technology to make digital transformation more achievable, with shared IAM rollouts helping hospitals widen access to patient data and standardise care delivery across organisations, according to Imprivata. The governance challenge is not just consolidation, but making identity controls, access consistency, and operational accountability work across trust boundaries.
NHIMG editorial — based on content published by Imprivata: Andy Kinnear on NHS trust collaboration and digital transformation
Questions worth separating out
Q: How should NHS trusts govern shared IAM across multiple organisations?
A: They should treat shared IAM as a federated governance model with one policy standard and clearly assigned local ownership.
Q: What breaks when access governance is not standardised across a hospital group?
A: Approvals, audits, and offboarding become inconsistent, which creates duplicate controls and gaps in evidence.
Q: Why does collaboration increase the importance of identity lifecycle management?
A: Because shared services create more cross-organisation access paths and more chances for access to outlive the person’s role or contract.
Practitioner guidance
- Define a cross-trust identity operating model Document who owns policy, who approves exceptions, and who maintains evidence when access spans multiple NHS trusts.
- Standardise access reviews across the group Use one review cadence, one entitlement vocabulary, and one escalation path so local differences do not produce inconsistent recertification outcomes.
- Build lifecycle controls into shared services Tie joiner, mover, and leaver processes to the shared IAM design so access is removed when staff change role, site, or employment status.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- How group-wide NHS IAM rollouts are structured across multiple trusts and implementation teams
- The practical benefits of shared procurement, pooled budgets, and common deployment plans
- Examples of how collaborative leadership supports digital transformation across hospital networks
- The organisational conditions that help smaller trusts attract and retain IT talent
👉 Read Imprivata's analysis of how NHS trust collaboration affects digital transformation →
NHS trust collaboration and IAM: what changes for shared care?
Explore further
Shared-care IAM only works when trust boundaries are made explicit. The article shows that collaboration is being used to solve delivery constraints, but that does not remove the need for distinct control ownership. In identity terms, a group model expands the blast radius of any access decision unless policy, review, and exception handling are clearly divided. The practitioner lesson is that collaboration must be governed as a multi-domain identity model, not as a single flattened enterprise.
A few things that frame the scale:
- Companies are dedicating an average of 32.4% of their security budgets to secrets management and code security, with US organisations leading at 40.8%, according to The State of Secrets in AppSec.
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who should be accountable for access decisions in a shared NHS operating model?
A: Accountability should stay with the organisation that owns the clinical or operational context, even when the technology is shared. Central teams can standardise policy and evidence, but local leaders should own exceptions and clinical need. That split keeps governance aligned to care delivery rather than to infrastructure convenience.
👉 Read our full editorial: NHS trust collaboration is reshaping identity and access governance