[pif]

> It's one of many instances where there's a valid reason for the technology to be implemented as such but since doctors usually aren't thinking about the technology or security aspects they just perceive it as annoying.

No, there is never a good reason to prevent a professional from doing his job. If the user finds it annoying, it is annoying: that's it!

Learn to work for the user rather than against the user, and you'll become a better developer.

[htechenjoyer]

That's simply not true. The user is not the only stakeholder. The example I gave opens up the hospital to fines from the government and in the worst case scenario a massive legal judgement from the patient who's data was breached by a physician leaving his workstation with a patient record opened and it was compromised by a malicious actor.

edit: in any case this is very likely a security configuration by the hospital infosec team, not the developer of the EMR.

[seized]

The specific example isn't a developer decision. It's a combination of vendor risk management teams, hospital InfoSec/security/compliance, legal teams, laws, and location of computers. Nevermind that setting is just as often a workstation GPO to lock the screen and not even the choice of the software.

(Work for a PACS vendor, subject to the same stuff).