
elenabs/istock via Getty Images
How flawed security implementation drives clinician burnout
Properly implemented cybersecurity technology strikes a balance between security and usability, enabling quality patient care and privacy without adding to clinician burnout.
Good technology can empower clinicians to deliver quality care and connect with their patients. However, poorly implemented technology can be a bottleneck to care delivery and a contributor to clinician burnout, suggests Sean Kelly, M.D., chief medical officer at security company Imprivata and emergency physician at Beth Israel Deaconess Medical Center.
"I think it's long been thought that clinicians don't like technology in healthcare, but it's not true at all. I think clinicians love good technology," Kelly said. "Technology is like any other tool in medicine. It's like a stethoscope. If a stethoscope helps me, I want to use it. If it's not a good stethoscope and I can't hear anything, I don't want to use it, I'll use something else, or I'll get a new one or work around it."
While this logic applies to a variety of tech used in healthcare settings, there is a particularly notable friction between security technology and healthcare, Kelly acknowledged. Spending more than a few minutes per day logging into workstations and verifying identities repeatedly can be a time sink for clinicians.
However, strict security protocols are warranted in the highly regulated healthcare industry, in which sensitive health data is sought after by hackers.
"Cybersecurity is a big issue. Privacy and compliance are big issues. And at the same time in healthcare, we're all really under pressure to work harder, work faster, get paid more with fewer resources, and we're still held to a really high standard of care," Kelly said.
Since these crucial security mechanisms are not going away, it is important for healthcare leaders to prioritize seamless implementation to reduce burnout risk and improve the clinician experience.
Clinician burnout woes worsened by tech hurdles
Clinician burnout has remained a troubling trend in healthcare for decades, and technology challenges are just one element that can contribute to it. The swift expansion of EHR use and the COVID-19 pandemic particularly intensified burnout risk, a 2025 study published in Mayo Clinic Proceedings noted.
"Healthcare consolidation has resulted in most physicians being employed by large organizations, contributing to loss of control, flexibility, and autonomy," the study noted. "Demands to increase productivity have translated into shorter visits and less time with each patient, even as the complexity of care has increased."
More than 40% of study respondents reported at least one symptom of burnout in 2023, compared to 63% in 2021. Despite the notable drop in burnout levels, the study stated that U.S. physicians "remain at higher risk for burnout relative to other U.S. workers."
It is well-documented that the volume of data clinicians deal with daily within their EHR systems can contribute to burnout, adding additional administrative burden to their workloads.
Authentication tools, if poorly implemented, can similarly fuel tech woes.
"If we have bad tools that delay us by an hour or two over the course of a day, simply because of logging in and waiting for systems to boot up or getting locked out because of password reset issues, of course, that can lead to burnout," Kelly said.
In time-sensitive situations, clinicians cannot afford to spend time troubleshooting technology rather than focusing on patient care. This can result in frustration and impact clinical decision-making. Even so, these tools are essential to maintaining security, requiring healthcare leaders and vendors to strike a balance between security and usability.
Reimagining the security-usability tradeoff in health IT
In healthcare environments, the relationship between security and usability is often perceived to be at odds -- picture a lengthy multi-factor authentication process that temporarily prevents clinicians from interacting with patients.
However, Kelly believes that security and usability need not exist in opposition.
"I think that's actually incorrect," he stated. "If you have really good technology, you can actually give providers more of both."
Modern authentication solutions demonstrate this principle. Rather than relying solely on complex passwords and tokens that create friction, healthcare organizations can implement passwordless solutions that leverage trusted devices and biometrics.
"We can now put passkeys on trusted devices. So, if you have a laptop and it's a corporate device or even your own device, that can be a trusted device. That's one factor right there, which is passwordless," Kelly explained.
"And we could even use something like facial biometrics with liveness detection, and your laptop has a camera, therefore that's factor number two. Suddenly, you just created two factors that are completely passwordless and almost effortless to use."
Good technology, with careful implementation, is just one way that organizations can enhance security while improving the clinician experience. But it is not the only way, nor can it be used in isolation.
A framework for improvement
Organizations looking to enhance their security posture without contributing to burnout should consider a three-pronged approach, following the well-known people, process and technology solution framework.
Starting with people, Kelly recommended involving the clinical, informatics and operational teams in tech decision-making, alongside IT and security teams.
"There is always room for improvement for the whole team to work in a complementary and synergistic fashion. You don't know what's happening on the front lines unless you go to the front lines," Kelly said.
"And the best way to do that is to work with your colleagues who work in that atmosphere and can give you direct feedback and say, listen, here's how it's working or not working. Here's where we can improve. And then of course, going together and reviewing that systematically is incredible."
On the process side, organizations should consider the unique workflows across clinical environments. Ideally, security solutions should be tailored to the specific needs of each setting.
Finally, the right technology, implemented with care, should enable clinicians to do their jobs with minimal obstructions.
"You have to analyze what technology is already in place, [and] how you can either complement, replace or augment it with other technologies," Kelly noted.
By rethinking the relationship between security and usability and implementing technology in a way that helps, rather than hinders, clinicians, healthcare organizations can protect patient data while supporting the clinicians who deliver patient care.
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.