TL;DR: Shared mobile devices in healthcare are frequently left signed in, with 79% of staff sharing credentials and 74% of devices often remaining authenticated after use, according to Imprivata research. The security problem is not device mobility itself but weak identity governance around shared access, which turns workflow convenience into patient-data exposure.
At a glance
What this is: This Imprivata research highlights how shared mobile devices in healthcare create identity and access gaps, with credential sharing and persistent sign-ins undermining patient-data protection.
Why it matters: It matters because healthcare IAM teams have to balance clinical speed with controlled access, and shared-device governance affects both human authentication and the wider identity lifecycle.
By the numbers:
- 74% of shared-use devices are often left signed in after use.
- 79% of staff admit to sharing credentials.
- 87% of clinicians report access issues on shared mobile devices.
- 26% of organizations still rely on traditional usernames and passwords to access shared devices.
👉 Read Imprivata's research on shared mobile device security in healthcare
Context
Shared mobile devices are endpoint-sharing problems, but the security failure is really an identity problem. When a device remains signed in or staff share credentials, access controls no longer map cleanly to a person, a role, or a session, which weakens accountability and raises the risk of unauthorized patient-record access.
In healthcare, that gap becomes operational as well as security-relevant. Clinicians need fast access to systems at the point of care, but traditional username-and-password patterns create friction that encourages workarounds, while shared-device governance has to support both usability and traceability.
For IAM and security teams, the issue sits squarely in human identity governance, with implications for shared workstations, mobile clinical devices, and access lifecycle controls. The typical starting position in many hospitals is still reactive rather than designed for secure, friction-light access.
Key questions
Q: How should healthcare organisations secure shared clinical devices without slowing care delivery?
A: Use per-user authentication, automatic session termination, and single sign-on so clinicians can reach records quickly without sharing credentials. Shared clinical devices should be governed as high-frequency identity touchpoints, not generic endpoints. The best control design reduces the number of steps while preserving attribution, which improves both auditability and bedside workflow.
Q: Why do shared devices create more identity risk than standard workstation logins?
A: Shared devices create identity risk because one device can serve many users in a short period, which makes it easy for sessions to persist after handoff and for credentials to be shared informally. That weakens accountability and makes access logs less reliable for investigations, reviews, and compliance reporting.
Q: What breaks when clinicians use shared passwords on mobile devices?
A: Shared passwords break individual accountability and make access reviews almost meaningless because the system cannot prove who performed each action. They also encourage reuse and informal handoff behaviour, which increases the chance that patient data is exposed through an authenticated but untraceable session.
Q: Who is accountable when a shared device is left signed in and data is exposed?
A: Accountability sits with the organisation because the access model allowed an identity boundary to remain open after use. Security, IAM, and clinical operations all share responsibility for session termination, device handoff policy, and authentication design, because this is a governance failure, not just a user mistake.
Technical breakdown
Why shared devices break session accountability
Shared devices collapse the assumption that one device session equals one identity session. If a clinician leaves a device signed in, the next user inherits active access without a fresh authentication event, so audit logs no longer reflect who actually used the application. That creates a mismatch between technical control and operational reality, especially where patient-record systems remain open across shift changes. In practice, shared-device governance has to treat session termination, re-authentication, and device handoff as separate control points rather than a single login event.
Practical implication: enforce automatic session timeout and explicit handoff controls on every shared clinical device.
Why shared credentials weaken healthcare IAM
Credential sharing turns authentication into a pooled trust model, which removes individual accountability and makes access reviews less meaningful. Traditional passwords are especially weak in shared environments because they are easy to transmit, reuse, or write down, and they do not distinguish between the original owner and the person using the device at the bedside. Stronger IAM in this context is not just about better login methods. It is about ensuring the identity that authenticates is the identity that performs the work, even under time pressure.
Practical implication: replace shared passwords with per-user authentication and traceable access at the point of use.
How passwordless and single sign-on reduce clinical friction
Passwordless authentication and single sign-on reduce the number of steps between a clinician and patient data, which is why they matter operationally. In shared environments, the goal is not convenience alone. It is to shorten the time window in which a device is authenticated, reduce workarounds that lead to credential sharing, and improve the reliability of access logging. If authentication is slow or repetitive, staff will bypass it. If it is fast and attributable, the security model aligns more closely with care delivery.
Practical implication: prioritise passwordless access and SSO for clinical devices that are shared across shifts.
NHI Mgmt Group analysis
Shared-device governance fails when session ownership is assumed rather than enforced: In healthcare, a device left signed in is not just a usability issue, it is a broken access-control boundary. The control failure is that authentication is being treated as a one-time event instead of a per-user, per-session assertion. That breaks traceability across the care workflow, and practitioners should treat shared-device handoff as an identity control point, not an endpoint convenience problem.
Credential sharing is a symptom of IAM friction, but it also creates audit debt: Once staff begin sharing passwords, access reviews and incident investigation lose fidelity because the system no longer records who actually accessed the application. That undermines both clinical accountability and security response. The relevant framework lens is NIST Cybersecurity Framework 2.0 for governance and protection, because the issue sits in control design rather than device inventory alone.
Positive healthcare outcomes and strong identity controls are not in conflict: The report’s finding that comprehensive shared mobile programs can improve return on investment shows that secure access can reduce operational drag. That matters because healthcare often frames security as a productivity tax, when the deeper problem is poor identity design. Practitioners should view friction reduction and stronger assurance as the same programme outcome.
Traditional usernames and passwords are a poor fit for shared clinical mobility: They were designed for stable individual logins, not high-turnover bedside workflows with shared endpoints. In that model, password reuse, visibility gaps, and stale sessions become normalised rather than exceptional. The implication is that shared-device programmes should be built around attributable, low-friction access rather than retrofitting consumer-style login patterns onto clinical operations.
From our research:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to the 2024 Non-Human Identity Security Report.
- Another finding from the same report shows that 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge.
- For the related control pattern, see Ultimate Guide to NHIs , Key Challenges and Risks for the governance issues that emerge when access must stay attributable across changing operating contexts.
What this signals
Shared-device programs now need identity telemetry, not just endpoint hygiene: When clinicians share mobile devices, the real question is whether the identity layer can still prove who accessed what, when, and under which session. That means IAM teams should track handoff quality, reauthentication behaviour, and lockout rates as operational signals, not peripheral service metrics.
Clinical security programmes should expect passwordless and SSO to become governance requirements, not convenience features: The more a care team depends on shared devices, the more every extra login step encourages workarounds. In practice, low-friction identity controls reduce the conditions that drive credential sharing, which makes them a resilience measure as much as an authentication choice.
Access governance for shared care devices should be treated as a lifecycle problem: The device is not the identity, and the shift change is not the offboarding event. Programmes that separate login, session ownership, and device handoff will be better positioned to reduce both patient-data exposure and help-desk load.
For practitioners
- Enforce automatic sign-out on every shared device Set idle timeout and session termination rules so a device cannot remain authenticated across handoffs. Pair that with application-level reauthentication for patient-record access so one unlocked device does not become a standing session.
- Eliminate shared credentials from clinical workflows Give each clinician a unique identity and use SSO or passwordless authentication so access is attributable at the point of care. That removes the incentive to share passwords and improves auditability.
- Treat device handoff as an IAM event Build shift-change procedures that require explicit logout, confirmation of session closure, and local clean-up before the next user begins work. This is especially important for tablets and mobile carts used by multiple care-team members.
- Measure access friction alongside security control performance Track help-desk lockout rates, shared-device sign-in failures, and credential-sharing workarounds together. If clinicians cannot reach systems quickly, they will bypass controls, so usability has to be part of governance.
Key takeaways
- Shared clinical devices become security liabilities when session ownership is unclear and credentials are reused across staff.
- The report shows that access friction and weak identity controls reinforce each other, creating both security exposure and operational drag.
- Healthcare teams should prioritise attributable, low-friction authentication on shared devices because that is where usability and governance meet.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Shared-device access must remain attributable to the right clinician. |
| NIST SP 800-63 | Passwordless and SSO options address authentication friction in shared workflows. | |
| NIST Zero Trust (SP 800-207) | Zero trust principles help limit trust in persisted sessions on shared devices. |
Map clinical shared-device access to PR.AC-1 and require unique authentication per user, not shared credentials.
Key terms
- Shared-device session governance: The set of controls that determine who can use a shared endpoint, how long access persists, and what happens at handoff. In healthcare, it includes logout enforcement, reauthentication, and auditability so one clinician’s session does not become another’s implicit access path.
- Credential sharing: The practice of multiple people using the same login details to reach a system. It reduces accountability, weakens audit trails, and often appears when authentication is too slow or cumbersome for operational workflows. In regulated environments, it is a governance failure as much as a user behaviour problem.
- Passwordless authentication: An authentication method that removes the need to type a reusable password, typically using biometrics, device-bound credentials, or secure cryptographic sign-in. For shared clinical devices, it can lower friction while preserving individual attribution and reducing the incentive to share secrets.
- Session termination: The act of ending an authenticated session so the next user cannot inherit active access. In shared-device environments, it is a core security boundary because leaving a session open effectively turns a short-term login into standing access for whoever uses the device next.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Imprivata: The Hidden Security Risk Undermining Healthcare Efficiency. Read the original.
Published by the NHIMG editorial team on 2025-11-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
