Notifications
Clear all
Topic starter
06/06/2026 11:26 am
TL;DR: Seven East Midlands trusts have standardised nursing documentation workflows across EPR programmes to reduce duplication, improve assessment consistency, and strengthen role-based access discussions around mobile devices, kiosks, and shared records, according to Imprivata. The real governance lesson is that documentation standardisation and secure access design now need to move together, not in sequence.
NHIMG editorial — based on content published by Imprivata: shared nursing documentation standardisation across East Midlands trusts
Questions worth separating out
Q: How should organisations govern access when shared workflows span multiple trusts or sites?
A: They should define a common access model first, then allow only tightly controlled local variations.
Q: Why do standardised documentation programmes still need IAM review?
A: Because standardisation changes how people work, but not automatically how they are authorised.
Q: What breaks when role-based access does not reflect the care environment?
A: Role-based access becomes too coarse when the same staff member uses kiosks, mobile devices, and different trust configurations.
Practitioner guidance
- Map documentation roles to device-specific access paths Document which nursing roles use kiosks, mobile devices, or shared stations, then align entitlements to each access path rather than to the job title alone.
- Standardise approved assessment workflows before expanding access scope Treat the assessment template as the governed object, then allow local trust variations only where a documented exception is required and reviewed.
- Build cross-trust auditability into shared record design Make sure identity, device, and action attribution remain intact when records are shared between organisations so that oversight does not disappear at collaboration boundaries.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The trust-by-trust rollout context behind the digital design collaborative and how the shared team was funded.
- The specific nursing assessment standardisation work that was used as the first deployment tranche.
- The practical discussion around role-based access, mobile devices, and ward kiosks in real clinical settings.
- The collaboration model for extending the approach from nursing documentation into broader EPR records.
👉 Read Imprivata's analysis of shared nursing documentation standardisation and EPR governance →
Nursing documentation standardisation: what it means for IAM teams?
Explore further
06/06/2026 12:14 pm
Shared clinical workflows expose a governance truth: standardisation without identity alignment still leaves control variation in place. The article shows that the trusts could harmonise assessment logic while still carrying different access patterns, device estates, and implementation maturity. That is an identity governance issue, not just a process one. When documentation is shared across organisations, the control model has to be shared with it, or security becomes a local implementation detail instead of a regional standard.
A few things that frame the scale:
- 15% of commit authors have leaked at least one secret in their contribution history, according to The State of Secrets Sprawl 2025.
- In the same research, 4.6% of all public GitHub repositories contain at least one hardcoded secret, which shows how quickly exposed credentials can become normalised across development environments.
A question worth separating out:
Q: How do security teams support regional collaboration without weakening governance?
A: They should standardise the shared control baseline, then document exceptions, device differences, and rollout sequencing clearly. Collaboration works when the identity model is reusable across organisations, not when every trust invents its own version of the same access pattern.
👉 Read our full editorial: Shared nursing documentation standardisation tightens EPR governance
