TL;DR: A peer-reviewed study across 55 hospitals in four nations found clinicians can lose millions of hours each year to repeated logins, with SSO/AM freeing 3.3 million hours and £54.1 million in value according to Imprivata and AHISP. Authentication is no longer just a security gate in healthcare, because login friction directly affects care delivery, compliance, and staff burnout.
NHIMG editorial — based on content published by Imprivata: New Data Shows Hospitals Lose Millions of Hours to Logins, Driving Demand for Single Sign-On
By the numbers:
- Research across 55 hospitals in four nations found clinicians can lose millions of hours each year to logging in, with some staff juggling up to 20 separate credentials per shift.
Questions worth separating out
Q: How should hospitals reduce login friction without weakening security controls?
A: Hospitals should reduce login friction by centralising access with SSO while keeping strong session governance, shared-device rules, and role-based access controls in place.
Q: Why do repeated logins create both security and burnout risk in healthcare?
A: Repeated logins interrupt clinical workflows, increase cognitive load, and make compliant behaviour harder to sustain.
Q: What should identity teams measure after deploying single sign-on in hospitals?
A: Identity teams should measure time saved, sign-out compliance, password reset volume, exception requests, and staff-reported workflow friction.
Practitioner guidance
- Prioritise the highest-friction clinical workflows Identify the systems where clinicians repeatedly authenticate during a shift, especially EHR, lab, prescribing, and shared workstation access.
- Measure compliance impact alongside productivity gains Track sign-out behaviour, password reset rates, login completion time, and bypass incidents before and after SSO rollout.
- Standardise access policy before broadening access Use SSO as part of a wider access management redesign so authentication simplification does not leave inconsistent entitlement rules behind.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The peer-reviewed AHISP study methodology across 55 hospitals in four nations, including how clinician time loss was measured.
- The full breakdown of the 3.3 million clinician hours saved and how that translated into £54.1 million in value.
- The healthcare workflow context behind the SSO/AM outcomes, including screen-time fatigue and clinician satisfaction effects.
- The source article’s own framing of why identity access management is becoming a care-delivery issue, not only a security issue.
👉 Read Imprivata's analysis of single sign-on, clinician time loss, and healthcare workflow friction →
Single sign-on in healthcare: what it means for IAM teams?
Explore further
Login friction is an identity governance problem, not just a user-experience problem. When clinicians must manage up to 20 credentials per shift, the identity programme is shaping whether policy is followed or bypassed. That makes authentication design part of operational resilience, not a back-office control. Practitioners should treat workflow friction as a measurable governance signal, not a soft complaint.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to The 2024 Non-Human Identity Security Report.
A question worth separating out:
Q: Who should own authentication usability in a healthcare IAM programme?
A: Authentication usability should be owned jointly by IAM, clinical informatics, and operational leadership. In hospitals, login design affects patient care, staff morale, and compliance behaviour, so it cannot sit with security alone. The right owner is the team responsible for both access assurance and workflow continuity.
👉 Read our full editorial: Single sign-on is becoming a clinical security control in hospitals