This is an interesting paper (and definitely worth your time!)
Failure to have automatic de-authentication is also a usability problem. A nurse
reports that one hospital’s EMR prevented users from logging in if they were already
logged in somewhere else, although it would not meaningfully identify where the
offending session was. Unfortunately, the nursing workflow included frequent
interruptions—unexpectedly calling a nurse away from her COW. The workflow also included burdensome transitions, such as cleaning and suiting up for surgery. These
security design decisions and workflow issues interacted badly: when a nurse going
into surgery discovered she was still logged-in, she’d either have to un-gown—or yell
for a colleague in the non-sterile area to interrupt her work and go log her out.
These issues arise from the lack of UX specialists in the workflow. Technology is “burdensome” because it imposes additional burdens interrupting the workflows. Technology should get the work done in the background, instead of having “dedicated users” to “refresh” and manually enter “lab-values”. I am surprised that UX specialists (and “software specialists”) don’t factor in automating workflows.
Do read this succinct PDF.