Notifications
Clear all
Topic starter
07/06/2026 7:54 pm
TL;DR: Password-heavy authentication in healthcare creates measurable operational friction, with leaders reporting delays in patient care, wasted clinical time, and user frustration as clinicians repeatedly log into shared workstations and clinical applications, according to Imprivata. The access model matters because even small authentication delays compound into workflow fragmentation, cognitive load, and avoidable care disruption.
NHIMG editorial — based on content published by Imprivata: Passwordless access in healthcare and the clinical workflow impact of password friction
By the numbers:
- 41% cite delays in patient care.
- 35% report wasted clinical time.
- 32% identify user frustration as a significant consequence.
Questions worth separating out
Q: How should hospitals reduce password friction without weakening access security?
A: Hospitals should replace repeated password entry with passwordless access, context-aware step-up verification, and session continuity on shared devices.
Q: Why do shared workstations create so much access friction in healthcare?
A: Shared workstations force clinicians to authenticate repeatedly as they move between rooms, devices, and applications.
Q: What do security teams get wrong about biometric access in clinical settings?
A: They often treat biometrics as a blanket replacement for passwords, when they are better used as step-up verification for higher-risk tasks.
Practitioner guidance
- Measure authentication burden by workflow, not by login count. Track how many times clinicians authenticate during a shift, where resets occur, and which applications create the most interruption.
- Prioritise session continuity on shared workstations. Implement roaming or context-preserving sessions where clinicians move between rooms and devices, and ensure automatic locking follows them when they leave a workstation.
- Use step-up authentication only for high-risk tasks. Apply stronger verification for actions such as medication administration or access to sensitive records, while keeping lower-risk routine access as frictionless as possible.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step examples of how clinicians move between shared workstations and mobile devices during a shift.
- Specific descriptions of badge tap, facial recognition, and biometric access flows in clinical environments.
- The access model details behind offline MFA and adaptive authentication in high-acuity care settings.
- The workload and usability discussion that connects access friction to clinician frustration and overtime.
👉 Read Imprivata's analysis of passwordless access for clinical workflows →
Passwordless clinical access: are password prompts delaying care?
Explore further
07/06/2026 9:39 pm
Password friction is a clinical governance problem, not a user-experience inconvenience. The article shows that repeated authentication interrupts care, creates cognitive load, and wastes time across a shift. In human identity programmes, that means access design directly affects operational performance, not just login success rates. Practitioners should treat access friction as a measurable control issue inside clinical governance.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant behaviour gap in application environments.
A question worth separating out:
Q: How do you know if adaptive authentication is actually helping clinicians?
A: Look for fewer unnecessary prompts, lower help desk volume, reduced lockouts during mobility or outages, and less overtime caused by authentication delays. If clinicians still lose time to repeated logins or workarounds, the policy is not aligned to the workflow. Effective adaptive access should be nearly invisible in routine care.
👉 Read our full editorial: Passwordless access in healthcare: reducing clinical workflow friction
