TL;DR: Single sign-on and access management cut desktop login time by 60%, sped application access by more than 50%, and redirected 3.3 million clinician hours annually across 55 hospitals, according to Imprivata research from Imprivata and George A. Gellert, published in AHISP. The security lesson is clear: in healthcare, access friction is itself an operational and privacy risk, not just a user-experience issue.
NHIMG editorial — based on content published by Imprivata: clinician time savings and financial value of workstation single sign-on and access management in the United Kingdom and Ireland
By the numbers:
- Across 55 hospitals, over 3.3 million hours of clinician time were redirected annually from logging in to patient care.
- The study found a 60% reduction in desktop login time after SSO and access management deployment.
- Full-scale use across 307 additional eligible hospitals could free up over 71 million hours of clinician time each year.
Questions worth separating out
Q: How should hospitals reduce login friction without weakening identity controls?
A: Hospitals should use single sign-on with strong authentication, session locking, and reauthentication so clinicians can move quickly without losing accountability.
Q: Why do repeated logins create security risk in clinical environments?
A: Repeated logins increase fatigue and encourage behaviours such as shared credentials, delayed logout, and session reuse.
Q: What should identity teams measure after deploying SSO in hospitals?
A: Teams should measure login duration, application access time, user-switching events, and the frequency of workarounds.
Practitioner guidance
- Map login friction to clinical workflow risk Measure how many authentication events each role faces per shift, then compare that with observed workarounds such as shared logins or staying signed in.
- Pair SSO with strong assurance controls Deploy single sign-on together with two-factor authentication, smartcard integration, automatic locking, and reauthentication so that faster access does not reduce session integrity.
- Treat workarounds as control failures If clinicians are bypassing logout or sharing accounts, classify that as an access governance defect and redesign the workflow before expanding the rollout.
What's in the full report
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The full study methodology, including how login times were measured across 55 hospitals and multiple clinical settings.
- The hospital-by-hospital financial value model behind the reported clinician time savings.
- The workflow differences between multi-user desktops, kiosks, and roaming clinician environments.
- The research paper's published findings and supporting context in AHISP.
👉 Read Imprivata's analysis of clinician time savings from single sign-on and access management →
Single sign-on in hospitals: what it means for IAM teams?
Explore further
Clinical access friction is a governance failure, not a usability annoyance. The study shows that repeated logins, password fatigue, and shared-workstation behaviours are symptoms of an identity model that does not fit clinical work. In high-throughput care settings, identity controls must support accountability without forcing clinicians into unsafe shortcuts. The implication is that access governance has to be judged against real workflow, not policy intent.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, which shows how slowly identity-related exposure can be remediated in practice.
A question worth separating out:
Q: How can organisations tell whether access management is improving care delivery?
A: They should look for reduced login time, fewer interruptions, and more time returned to frontline work. If the control is effective, clinicians spend less time authenticating and more time on patient care, while security and privacy requirements remain intact.
👉 Read our full editorial: Single sign-on and access management reduce clinical friction