Why NOT single sign on for MSP Technicians accessing HIPAA networks?

In this Facebook/Gmail/Outlook365 oriented world there is a lot of talk about single sign on for accessing various networks. This might seem like a good solution to allow technicians to access the various networks that they service, but there are some pretty significant downsides. Since it is a single username and password for multiple HIPAA clients, it does not meet the requirements. It is also pretty unsafe. The loss of a single password can jeopardize the all the patient information to which that tech has access across multiple clients networks. 

TechIdentityManager prevents this by having different usernames and passwords for all the different networks. And since this password is changing every day, the loss of a single password only allows, at worst, access to a single site for the remainder of the day on which the password is lost. Even if you don’t know it was lost, you are automatically protected within an average of 12 hours.