Authr
← Customers
Healthcare · 52,000 clinicians

Halcyon Health cut clinician login time by 71% — under HIPAA, at 3 a.m.

A national telehealth network gave 52,000 clinicians passkey sign-in across 340 hospital partner systems, while shrinking its HIPAA audit surface to a single pane.

71%
reduction in time-to-first-patient-record
92%
passkey adoption in 6 months
340
hospital partner systems federated
6 wks
SOC 2 + HIPAA evidence cycle, now automated

Security friction is a clinical outcome

Halcyon's problem wasn't a breach — it was 40 seconds. That was the median time a clinician spent authenticating across the EHR, imaging, scheduling, and telehealth systems before each patient encounter. Multiplied across 52,000 clinicians and millions of encounters, authentication friction was measurably delaying care.

The obvious fix — relaxing security — was legally impossible. Halcyon needed authentication that was simultaneously faster and stronger, across 340 hospital partner identity systems it didn't control.

Passkeys, with a risk engine behind them

Authr's Adaptive MFA replaced password-plus-OTP with passkeys bound to hospital-managed devices. The risk engine handles the hard cases: a shared workstation in an ICU behaves differently from a personal laptop at home, and policy follows the context rather than punishing the common case.

Fine-Grained Authorization mapped Halcyon's break-glass rules into policy-as-code: emergency access is granted instantly, flagged loudly, and reviewed within 24 hours — the exact posture HIPAA auditors ask for and almost never see implemented.

The audit that took an afternoon

Halcyon's most recent HIPAA security assessment closed in six weeks instead of the customary five months. Every access decision, break-glass event, and deprovisioning action was already in Audit Fabric, exportable with its verification chain intact.

Clinician satisfaction with 'IT systems' — a metric that had never once moved — rose nine points in the first survey after rollout. The CMIO's office now co-owns the identity roadmap with security. Nobody at Halcyon calls login a back-office concern anymore.

Night-shift physicians used to type passwords into four systems before seeing a chart. Now they touch a sensor once. Clinical leadership tracks login latency like a vital sign — because it is one.

AC
Dr. Amara Chen
Chief Medical Information Officer, Halcyon Health

Your security review will ask about identity. Have the good answer.

Talk to an identity architect about your stack, your compliance surface, and your migration path. Technical from the first call.

Enterprise only · No self-serve tier · Typical procurement to production: 6 weeks