Notifications
Clear all
Topic starter
04/06/2026 6:44 pm
TL;DR: Healthcare organisations are moving toward passwordless authentication, adaptive access, and Zero Trust to reduce clinician friction while tightening identity assurance, according to Imprivata’s webinar on Enterprise Access Management. The real shift is that access control now has to fit clinical workflow, not force clinicians into password workarounds that weaken security.
NHIMG editorial — based on content published by Imprivata: How healthcare organizations are adopting passwordless authentication, adaptive access, and Zero Trust security
Questions worth separating out
Q: How should healthcare teams implement passwordless access without weakening security?
A: Healthcare teams should pair passwordless access with identity verification, credential governance, and explicit device policy.
Q: Why do adaptive access controls matter in clinical environments?
A: Adaptive access matters because healthcare users do not operate in a uniform risk state.
Q: What breaks when shared clinical workstations rely on fragmented authentication tools?
A: Fragmented authentication tools create inconsistent policy, repeated logins, and workarounds that undermine both security and usability.
Practitioner guidance
- Map clinical workflows before changing authentication Document where login friction creates unsafe workarounds, especially around shared workstations, shift handover, and roaming staff.
- Restrict allowed credential types by policy Define which badges, biometrics, mobile methods, and RFID variants are permitted, and block unsupported or third-party credentials unless they are explicitly governed.
- Bind step-up rules to contextual risk signals Use user identity, device trust, location, and behavioural signals to trigger stronger checks only when the session context changes materially.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The webinar discussion between Sean Kelly and Chip Hughes on how health systems are applying passwordless and adaptive access in practice
- The specific clinician workflow scenarios where friction drives workarounds and why that changes identity design decisions
- The access-control examples around badge types, unsupported RFID credentials, and policy enforcement
- The real-world framing of how Zero Trust, identity verification, and clinical usability are being combined in enterprise access management
👉 Read Imprivata's webinar recap on passwordless and adaptive healthcare access →
Passwordless access in healthcare: can IAM keep up?
Explore further
04/06/2026 6:56 pm
Healthcare passwordless is not a convenience project. It is a control-plane redesign. The article shows that password friction is driving unsafe clinician behaviour, which means the access model itself is part of the risk. When users bypass controls to do their jobs, the governance failure is not user discipline, it is workflow misalignment. Practitioners should treat authentication design as clinical risk control, not just IAM tuning.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why access governance failures persist even when controls look mature on paper.
A question worth separating out:
Q: Who is accountable when passwordless access fails in a healthcare workflow?
A: Accountability sits with the identity and access team, clinical IT, and operational owners together, because workflow design and access policy are now linked. If clinicians bypass controls to do their jobs, that signals a governance failure in access design, not just a user mistake. Zero Trust and access assurance only work when the organisation owns the whole workflow.
👉 Read our full editorial: Passwordless healthcare access is reshaping identity security
