TL;DR: Shared-use mobile devices in healthcare deliver an average $1.1 million in annual savings, but the 2025 Imprivata survey of 400 leaders found that organisations with fully implemented policies see 63% greater ROI, while 44% still lack a formal management policy. Weak credential practices and signed-in devices are eroding both financial and clinical value.
At a glance
What this is: This is an analysis of why shared mobile device programmes in healthcare lose value when policy, identity control, and lifecycle oversight are weak.
Why it matters: It matters because shared devices sit at the intersection of human IAM, privileged clinical workflows, and endpoint governance, so weak controls can raise both operational risk and patient-care exposure.
By the numbers:
- $1.1 million annually
- 44% of healthcare respondents say their organisation has no formal policy to manage shared mobile devices.
- 79% of staff share credentials and 74% leave devices signed in after use, creating avoidable access risk in shared mobile workflows.
- 23% of shared mobile environments annually and clinicians, ually and clinicians spend 13 minutes per shift assigning devices.
👉 Read Imprivata's report on shared mobile device governance in healthcare
Context
Shared mobile devices are a workforce identity problem as much as an endpoint problem. In healthcare, the same device may pass between clinicians, carry access to sensitive systems, and support time-critical care, which means the governance model has to cover who is using it, what they can reach, and how access ends after each handoff.
The failure pattern here is straightforward: adoption is rising faster than policy maturity. When shared devices stay signed in, credentials are reused, and lifecycle management is informal, the organisation absorbs both security exposure and workflow drag, which reduces the value of the mobile programme even when the hardware itself is saving money.
Key questions
Q: How should healthcare teams govern shared mobile devices without slowing clinical work?
A: Use a policy-led model that treats every handoff as an identity event. Require re-authentication at reassignment, automated session reset at return, and clear ownership for exceptions, loss reporting, and deprovisioning. The goal is to preserve speed at the bedside while preventing persistent access from drifting between clinicians.
Q: Why do shared mobile devices increase security risk in healthcare settings?
A: They increase risk because the device can remain signed in after one clinician finishes, then carry access into the next interaction. If credentials are shared or sessions persist, the organisation loses certainty about who is using the device, which creates exposure to data misuse, compliance gaps, and workflow errors.
Q: What do healthcare teams get wrong about shared device ROI?
A: They often count the hardware savings while ignoring the control costs that come from informal handling. If policy enforcement, authentication, and tracking are weak, savings are offset by device loss, support burden, and slower workflows. ROI depends on governance maturity, not just device reuse.
Q: Who is accountable when a shared clinical device is left signed in?
A: Accountability should sit with the programme owner that governs the device lifecycle, not with frontline staff alone. Security, IAM, and clinical operations must share ownership because the failure is structural: the organisation allowed access to persist beyond the intended user session.
Technical breakdown
Why shared mobile devices become an identity control problem
Shared mobile devices break the assumption that one device equals one stable user. In clinical settings, access often changes hand to hand, but many workflows still rely on persistent sessions, cached credentials, or informal sign-out habits. That creates a gap between the physical device lifecycle and the identity lifecycle. If authentication does not reassert the user at handoff, the device becomes a portable access container rather than a controlled clinical tool.
Practical implication: define explicit re-authentication and session-reset rules for every device handoff.
Formal policy and lifecycle governance for shared devices
A shared device programme needs more than procurement rules. It needs policy for assignment, charging, loss reporting, sign-out enforcement, exception handling, and deprovisioning when devices move between departments or roles. In identity terms, this is lifecycle control for a shared endpoint estate, not just asset management. Without that governance layer, support teams end up improvising access decisions at the point of care, which increases risk and inconsistency.
Practical implication: document and enforce a device lifecycle process that includes ownership, exceptions, and offboarding.
Why automation and tracking matter in healthcare mobility
Automated asset tracking and identity-driven authentication reduce the reliance on human memory in fast-moving clinical environments. Smart hubs, charging workflows, and management telemetry help teams know which devices are available, which are in use, and whether they were left in a signed-in state. That matters because the reported losses are not just technical. They are operational, compliance, and patient-safety issues that compound when no one can see the full device state.
Practical implication: pair authentication controls with tracking telemetry so signed-in devices and missing assets are visible quickly.
Threat narrative
Attacker objective: The objective is to exploit unattended or reused access on shared clinical devices to reach sensitive systems, disrupt workflows, or expose patient data.
- Entry occurs when staff share credentials or leave a shared mobile device signed in after use, allowing the next user to inherit an active session.
- Escalation follows when the device is reassigned without re-authentication or lifecycle checks, extending access beyond the intended clinician and shift.
- Impact is realised through lost devices, exposed workflows, delayed care coordination, and weaker compliance posture across the shared mobility programme.
Breaches seen in the wild
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
- IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Shared mobile devices expose an identity lifecycle gap, not just a device management gap. The article shows that healthcare teams can realise savings from shared mobility while still losing control over authentication, session persistence, and handoff discipline. That is an IAM problem because the same device repeatedly carries access between users without a clean lifecycle boundary. Practitioners should treat each handoff as an access event, not an asset event.
Formality matters because informal sharing turns clinical access into shadow IAM. When 44% of organisations lack a formal policy, the programme depends on local habit rather than enforceable governance. That creates inconsistent sign-out behaviour, uneven accountability, and hidden exceptions that never reach review. The practical conclusion is that policy is the control plane for shared-device identity, not paperwork after the fact.
Credential reuse on shared devices is a standing-access failure mode. The reported behaviour of shared credentials and persistent sign-in means access is surviving beyond the intended user session. In NIST CSF and zero-trust terms, this weakens both protect and identify functions because the environment no longer knows who is operating the device at any point in time. Teams should recognise that the control gap is not device availability but uncontrolled access continuity.
Identity-driven mobile programmes only produce ROI when lifecycle control matches clinical workflow. The survey's savings figures are real, but they are conditional on policy enforcement, authentication discipline, and automated tracking. Without those controls, financial value erodes into device loss, support overhead, and slower clinical workflows. Practitioners should evaluate shared mobility as a governed identity service, not a convenience layer.
Shared-device governance is now part of healthcare privacy and patient-safety practice. The article links device handling failures to HIPAA exposure, operational delay, and clinician frustration. That broadens the control conversation beyond IT efficiency into risk, compliance, and care quality. Security and IAM teams should align mobile governance with clinical operations, not run it as a separate endpoint project.
From our research:
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems, according to the 2026 Infrastructure Identity Survey.
- Also from our research: 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to the 2026 Infrastructure Identity Survey.
- Forward look: For teams modernising identity governance across humans, devices, and agents, the NHI Lifecycle Management Guide is the next practical reference point.
What this signals
Shared-device programmes need to be governed as identity services, not fleet assets. The operational question is no longer whether mobile devices save money, but whether the organisation can prove who had access, when access ended, and what happened at handoff. That is a lifecycle problem, so the same governance discipline used for privileged access should apply to shared clinical devices.
Policy enforcement will increasingly determine whether mobility programmes remain defensible. As shared devices become routine, auditors and security teams will look for evidence of sign-out enforcement, tracking, and exception handling rather than informal assurances. Organisations that cannot show those controls will find that the savings narrative is weak on its own.
With 70% of organisations already granting AI systems more access than human employees, per the 2026 Infrastructure Identity Survey, the governance lesson is broader than healthcare mobility: access that outlives its intended context is the common failure pattern across shared devices, service accounts, and agentic systems.
For practitioners
- Enforce handoff re-authentication Require every shared device to reauthenticate at each user switch, with automatic session termination when the device is returned to a hub or marked idle.
- Publish a shared-device lifecycle policy Define assignment, exceptions, loss reporting, sign-out, and deprovisioning rules so shared mobile devices are governed like any other access-bearing identity surface.
- Instrument signed-in-device telemetry Track which devices are in use, which remain signed in, and which have missed return or charging steps so support teams can intervene before access persists too long.
- Tie mobile governance to compliance controls Map shared-device workflows to HIPAA, audit logging, and privacy requirements so policy violations are visible as governance failures, not just operational issues.
Key takeaways
- Shared mobile devices only deliver full value when identity and lifecycle controls match the pace of clinical handoffs.
- The biggest loss driver is not the device itself but persistent access, weak sign-out discipline, and unmanaged exceptions.
- Healthcare teams should treat policy enforcement, re-authentication, and tracking telemetry as the controls that preserve ROI and reduce risk.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Shared devices fail when users remain signed in across handoffs. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access must extend to clinical mobile workflows and shared endpoints. |
| NIST Zero Trust (SP 800-207) | Zero trust requires continuous verification as users change on the same device. |
Require re-authentication at every device handoff and remove persistent sessions promptly.
Key terms
- Shared Mobile Device Governance: The policy and control set that defines how shared clinical devices are assigned, used, signed out, tracked, and retired. In healthcare, it has to align device handling with identity lifecycle rules so access does not persist beyond the intended user or care task.
- Session Persistence: The condition where a login remains active after the original user has finished. In shared-device environments, session persistence is a security and governance problem because the next person may inherit access without fresh authentication or accountability.
- Identity-Driven Authentication: Authentication that is tied to the current user and the current access context, rather than leaving a device effectively trusted for everyone. On shared devices, this helps ensure the system knows who is acting at each handoff and can enforce policy accordingly.
- Lifecycle Offboarding: The process of ending access, ownership, or operational use when an identity, device, or relationship is no longer active. For shared mobile devices, offboarding means more than collecting hardware. It means revoking any lingering access state and updating control records.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Imprivata: Lack of Formal Policies Undermines Up to $1.1M Annual Savings from Shared-Use Mobile Devices. Read the original.
Published by the NHIMG editorial team on 2025-08-15.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
