Healthcare systems are complex, and with clinical systems there’s a balance to strike between security controls, usability, and processes. Inactivity timeouts is one example. What is appropriate and acceptable may vary significantly depending on how you authorise in the first place (password, SSO, 2FA etc.), and which devices are used - for example, are shared devices used on the wards, or does everyone within the organisation login via their own mobile device with Face ID or similar used for device unlocking?
This release makes it possible for each organisation to configure what’s right for them in terms of inactivity timeouts and session duration.