It's hard to justify whether it is common or not, as it's unlikely one could come up with a reliable statistics.
What is for sure is that such an approach clearly exists. A security solution applied by a company depends heavily on its threat model, and there is such thing as insider threat (basically, when a malicious employee steals or modifies your data on purpose). Some organizations take it very seriously and choose complicated paths to deal with it, including permanent video recording in all rooms of their back office, screen recording, or, yes, key logging.
As a person who have once seen a surveillance camera in a restroom of a company also related somehow to healthcare by the way, I'm not surprised at all by what you've seen today. Healthcare companies always try to take the privacy issues of their customers very seriously, sometimes even overcaring about those.
Keylogger, which is, yes, usually meant to be a malware, is just a tool here. As with a gun, you can use it to steal something or to protect yourself. Guns don't kill people, people do; and keyloggers don't steal your data. Criminals do.
All that being said, under most circumstances for most of the aspects of the insider issue there are more effective solutions, and there are of course numerous pitfalls of such an approach, ranging from privacy issues (leading finally to low workforce motivation) to assumed inefficiency of such solutions without proper SIEM and UEBA systems, properly integrated with each other. See, when you're collecting all the key strokes from all your workstations, it's a huge amount of data a human can't look through on a regular basis, so you basically need to thoroughly analyse typical user behaviour models with some algorithms to track down what's unusual. This is a task generally rather hard to solve.
Once again, it depends on a threat model whether an organization will accept all the challenges, some of which are outlined above, and go this way or will stick to other options. Of course, if this way is too much for you, you're probably free not to accept a job offer.
(There's a chance by the way the organization you're talking about doesn't really accept those challenges and is just tricking you into thinking you're being watched and recorded, while in fact you're not. You'll probably never know that for sure, unless some amount of binge drinking with members of your information security team will happen eventually.)