TL;DR: A UK and Ireland study across 55 hospitals found that single sign-on and access management cut desktop login time by 60%, sped application access by more than 50%, and redirected 3.3 million clinician hours annually to patient care, according to Imprivata. The core lesson is that human IAM controls in clinical settings must be judged on both security and workflow impact, because friction itself becomes a governance risk.
NHIMG editorial — based on content published by Imprivata: single sign-on and access management in hospitals in the UK and Ireland
By the numbers:
- 3.3 million clinician hours were redirected annually from logging-in to patient care across the 55 participating hospitals.
- 60% reduction in desktop login time was measured after deployment of the single sign-on and access management solution.
- Over 50% faster application access was recorded after the solution was deployed.
Questions worth separating out
Q: How should hospitals reduce login friction without weakening access control?
A: Hospitals should reduce login friction by centralising authentication through single sign-on while keeping strong identity assurance at session start and reauthentication points.
Q: Why do repeated passwords create security risk in clinical environments?
A: Repeated passwords create security risk because they encourage fatigue, workarounds, and inconsistent session discipline.
Q: What do identity teams get wrong about user convenience in healthcare?
A: Identity teams often treat convenience as separate from security, but in healthcare the two are linked.
Practitioner guidance
- Measure authentication friction as a control risk Track login duration, frequency of reauthentication, and the rate of shared-account workarounds across clinical workflows.
- Consolidate repeated application access into controlled sessions Use single sign-on to reduce redundant credential prompts while preserving strong initial assurance, automatic locking, and reauthentication where the workflow demands it.
- Pair access simplification with strong identity assurance Integrate two-factor authentication and trusted device or card-based controls so reduced friction does not lower confidence in who is accessing patient systems.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The study design and time-and-motion method used across 55 hospitals in the UK and Ireland.
- The hospital-by-hospital productivity model behind the clinician time and financial value estimates.
- The access workflow details for multi-user desktop and kiosk environments.
- The research context linking the findings to the NHS 10-year plan and digitally enabled care.
👉 Read Imprivata's study on single sign-on and access management in hospitals →
Single sign-on in hospitals: are access controls helping care?
Explore further
Human identity governance fails when security controls create routine workarounds: In clinical environments, repeated password prompts are not a minor inconvenience. They push staff toward shared logins, delayed sign-outs, and other behaviours that weaken auditability and privacy protection. The governance failure is that policy assumes users will tolerate friction that real care delivery cannot absorb. The implication is that IAM design in hospitals must be judged against actual clinician workflow, not against control intent alone.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity inventory remains incomplete in practice.
A question worth separating out:
Q: How do security teams know whether access management is working in hospitals?
A: They should look for shorter login times, fewer authentication interruptions, fewer workarounds, and preserved audit trails. If clinicians can move through their shifts without sharing accounts or delaying logout, the access model is supporting both care delivery and governance. Success is measured in behaviour, not only in policy design.
👉 Read our full editorial: Single sign-on in hospitals: security and workflow gains in care