Single sign-on in hospitals: are access controls helping care?

TL;DR: A UK and Ireland study across 55 hospitals found that single sign-on and access management cut desktop login time by 60%, sped application access by more than 50%, and redirected 3.3 million clinician hours annually to patient care, according to Imprivata. The core lesson is that human IAM controls in clinical settings must be judged on both security and workflow impact, because friction itself becomes a governance risk.

NHIMG editorial — based on content published by Imprivata: single sign-on and access management in hospitals in the UK and Ireland

By the numbers:

• 3.3 million clinician hours were redirected annually from logging-in to patient care across the 55 participating hospitals.
• 60% reduction in desktop login time was measured after deployment of the single sign-on and access management solution.
• Over 50% faster application access was recorded after the solution was deployed.

Questions worth separating out

Q: How should hospitals reduce login friction without weakening access control?

A: Hospitals should reduce login friction by centralising authentication through single sign-on while keeping strong identity assurance at session start and reauthentication points.

Q: Why do repeated passwords create security risk in clinical environments?

A: Repeated passwords create security risk because they encourage fatigue, workarounds, and inconsistent session discipline.

Q: What do identity teams get wrong about user convenience in healthcare?

A: Identity teams often treat convenience as separate from security, but in healthcare the two are linked.

Practitioner guidance

• Measure authentication friction as a control risk Track login duration, frequency of reauthentication, and the rate of shared-account workarounds across clinical workflows.
• Consolidate repeated application access into controlled sessions Use single sign-on to reduce redundant credential prompts while preserving strong initial assurance, automatic locking, and reauthentication where the workflow demands it.
• Pair access simplification with strong identity assurance Integrate two-factor authentication and trusted device or card-based controls so reduced friction does not lower confidence in who is accessing patient systems.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• The study design and time-and-motion method used across 55 hospitals in the UK and Ireland.
• The hospital-by-hospital productivity model behind the clinician time and financial value estimates.
• The access workflow details for multi-user desktop and kiosk environments.
• The research context linking the findings to the NHS 10-year plan and digitally enabled care.

👉 Read Imprivata's study on single sign-on and access management in hospitals →

Single sign-on in hospitals: are access controls helping care?

Explore further

View Full Forum →  |  NHI Foundation Course →