Notifications
Clear all
Topic starter
06/06/2026 2:31 am
TL;DR: Wales’ shared care record approach now holds health records for 3.1 million people and is used by over 45,000 clinicians, showing how centralised data can support direct care, research, and mobile working across NHS services, according to Imprivata. The governance lesson is that useful, usable, and used systems depend on identity controls that let the right people access the right record at the right moment.
NHIMG editorial — based on content published by Imprivata: Rhidian Hurle on Wales' shared care records and digital transformation in healthcare
By the numbers:
- The Welsh Clinical Portal is used by over 45 thousand clinicians across all areas of Wales.
Questions worth separating out
Q: How should health systems govern shared care record access across multiple sites?
A: Health systems should govern shared care record access by combining role-based access, clinical context, and strong audit trails.
Q: Why do shared patient records create new identity governance risks?
A: Shared patient records create new identity governance risks because one central data store serves many teams, locations, and care pathways.
Q: What breaks when healthcare IAM is designed for local systems instead of shared records?
A: When healthcare IAM is designed for local systems, clinicians often face duplicated logins, inconsistent permissions, and delayed access to patient history.
Practitioner guidance
- Map shared record access to clinical context Define which roles can view which patient data in direct-care settings, and make clinical context part of access decisioning rather than relying on static application membership.
- Align lifecycle governance with cross-site working Treat locum cover, temporary rotation, and service movement as first-class entitlement events so joiner-mover-leaver processes follow the care model, not just the HR record.
- Test access against real clinical workflows Validate login, record lookup, and mobile session behaviour with frontline users so controls do not drive shadow workarounds or delayed care decisions.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The Welsh shared care record operating model and how the national repository supports direct care across health boards.
- The change-management realities of rolling out digital care records to clinicians, care workers, and locum staff.
- The practical role of standardised nursing care records in supporting mobile working and less-than-full-time working.
- The governance thinking behind building, buying, and blending systems in a national healthcare environment.
👉 Read Imprivata's analysis of Wales' shared care record model →
Shared care records in Wales: what it means for health IAM?
Explore further
06/06/2026 4:15 am
Centralised care records shift the IAM problem from access creation to access governance. When patient data is held in one place and consumed across many settings, the core question becomes who can see what, when, and under which clinical context. That is a much harder governance problem than isolated application access because the same record may be needed by multiple teams over time. Practitioners should treat the shared record as a governed access layer, not just a storage platform.
A few things that frame the scale:
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant behaviour gap in identity-adjacent controls.
A question worth separating out:
Q: How do you balance secure access and usability in clinical environments?
A: You balance secure access and usability by testing identity controls against real clinical tasks, including shift handovers, mobile use, and locum coverage. If the workflow is too slow or awkward, users will look for shortcuts. Good clinical IAM reduces friction while preserving traceable, least-privilege access.
👉 Read our full editorial: Welsh shared care records show why centralised patient data matters
