TL;DR: Healthcare leaders report that shared mobile devices save an average of $1.1 million annually and that 92% now see them as essential to care delivery, but 44% still lack a formal policy and 79% of staff share credentials, according to Imprivata research. The governance gap is no longer about device availability; it is about access control, accountability, and operational discipline.
At a glance
What this is: This report examines how shared mobile devices have become essential in healthcare and shows that policy, access, and tracking gaps are limiting their security and operational value.
Why it matters: It matters because shared device programmes now sit inside both clinical workflow and identity governance, so weak allocation, authentication, and oversight can affect care delivery, patient privacy, and IAM control design.
By the numbers:
- 92% of healthcare leaders now consider mobile devices essential to care delivery.
- 44% of organizations lack a formal policy to manage device allocation and usage.
- 79% of staff admit to sharing credentials when accessing shared-use devices.
👉 Read Imprivata's report on shared mobile devices in healthcare
Context
Shared mobile devices are shared-use endpoints that move between staff members and are supposed to support fast clinical access without weakening security. The problem is that many programmes still treat them like ordinary assets instead of identity-controlled access points, which leaves allocation, sign-in, and accountability poorly governed.
For IAM, this is a human identity and lifecycle issue as much as a device-management issue. When clinicians fall back to shared passwords, manual sign-out sheets, or personal phones, the access model becomes inconsistent, hard to audit, and easier to bypass at the exact point care teams need speed.
The article shows that healthcare leaders understand the operational value, but governance maturity has not kept pace. That is a typical pattern in shared-device environments: usage scales faster than policy enforcement, and the security model lags behind the clinical workflow.
Key questions
Q: How should hospitals govern shared mobile devices without slowing clinical work?
A: Hospitals should govern shared mobile devices as identity-controlled access points, not as simple shared hardware. Each handoff needs an attributable session, a clear allocation rule, and a reset process before the next user takes over. If clinicians can predictably access the device without shared credentials, security improves without forcing workarounds.
Q: Why do shared credentials become such a problem in clinical environments?
A: Shared credentials remove user accountability at the point of care and make it impossible to tell who performed an action on a device. They also encourage informal workarounds when speed matters more than policy. In healthcare, that creates privacy, audit, and workflow risk at the same time.
Q: What breaks when shared device allocation is managed informally?
A: Informal allocation breaks chain of custody, weakens auditability, and leaves devices signed in after use. It also makes missing devices harder to detect and recover. Over time, the programme loses control over who had access, when they had it, and whether the device was properly reset before reassignment.
Q: Who should own shared-device policy in a hospital?
A: Identity, security, and operational leaders should own the policy together, because the problem spans access governance, workflow design, and endpoint control. Clinical teams can define the practical constraints, but IAM and security teams should set the access rules, audit requirements, and accountability model.
Technical breakdown
Shared-use device access control and authentication
Shared mobile devices need to be treated as high-churn access endpoints, not as ordinary workstations. If multiple clinicians use the same device across shifts, the control problem becomes session handoff, authentication assurance, and rapid re-assignment without credential sharing. In practice, usernames and passwords are a weak fit because they cannot reliably distinguish one user’s access from another’s on a fast-moving ward. The device may be shared, but the identity session still has to be individual, auditable, and time-bounded. Practical implication: replace shared logins with identity-aware access flows that preserve user attribution at handoff.
Practical implication: replace shared logins with identity-aware access flows that preserve user attribution at handoff.
Device allocation, loss, and lifecycle oversight
A shared device programme is only as strong as its allocation and offboarding discipline. When devices go missing, are manually tracked in spreadsheets, or remain signed in after use, the organisation loses chain of custody and weakens accountability. That creates both operational drag and privacy exposure because the system can no longer reliably show who had which device, when, and under what access conditions. Lifecycle governance here means assignment, return, reset, and reissuance must be controlled as part of the access model. Practical implication: define device custody rules and make reallocation depend on verified sign-out and session reset.
Practical implication: define device custody rules and make reallocation depend on verified sign-out and session reset.
Why BYOD workarounds raise the access risk surface
When shared devices are hard to find or slow to access, clinicians move to personal phones or ad hoc workarounds. That is not just a usability issue. It fragments the access surface across unmanaged endpoints, blurs corporate and personal boundaries, and creates more places where sensitive data can be handled outside the intended control plane. In identity terms, the security model is no longer limited to the managed device fleet because user behaviour routes around it. Practical implication: reduce the incentives for shadow access by making the shared-device path faster, cleaner, and easier to use than personal-device workarounds.
Practical implication: reduce the incentives for shadow access by making the shared-device path faster, cleaner, and easier to use than personal-device workarounds.
NHI Mgmt Group analysis
Shared mobile devices are no longer a convenience problem. They are an identity governance problem. Once a device becomes a shared access point, the real control question is who can access it, under what identity, and with what accountability at handoff. The article shows that many hospitals still rely on manual allocation and shared credentials, which means the governance model has not caught up with the operational model. The implication is that healthcare IAM teams need to treat shared devices as part of the access lifecycle, not as peripheral endpoint inventory.
Shared credentials are the clearest sign that access assurance has collapsed at the point of care. A workforce that shares usernames and passwords to keep patient flow moving is telling you that the access model is too slow for the environment. That is not a user behaviour problem alone; it is a design failure in how identity, device, and workflow are connected. The implication is that clinical access must be designed around frictionless attribution, not around generic authentication controls that break under time pressure.
Device allocation without formal policy creates identity blast radius. When shared devices are signed out through spreadsheets or informal handoffs, one missing control can affect many users, shifts, and patients. The article’s numbers show that the operational savings are real, but the blast radius of weak oversight is also real. The implication is that hospitals should measure access governance at the device handoff point, where policy failure becomes both a care-delivery and privacy issue.
Shared mobile governance sits at the intersection of human IAM, privileged workflow access, and lifecycle discipline. The same programme that manages clinician access, session continuity, and offboarding discipline should also cover device return, reissuance, and post-use reset. This is where NIST CSF style governance and access accountability matter most, because the problem is not a lack of mobility, but a lack of controlled mobility. The implication is that identity teams should own the policy layer even when endpoint teams own the hardware.
Clinical mobility exposes a named concept: shared-session trust debt. The more an organisation depends on informal sign-in behaviour, the more it accumulates trust debt between the intended access model and the way work actually gets done. That debt shows up as shared passwords, missed attribution, and workarounds to personal phones. The implication is that leaders should redesign the access path so the secure option is also the operationally easiest one.
From our research:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- NHIs outnumber human identities by 25x to 50x in modern enterprises, according to NHI Mgmt Group research.
- For the lifecycle angle, see NHI Lifecycle Management Guide for the governance processes that keep access attribution and offboarding under control.
What this signals
Healthcare identity teams should expect shared-device governance to move closer to the centre of access strategy, because workflow speed and auditability now depend on the same control plane. The practical risk is not only credential sharing but the normalisation of exceptions that make policy hard to enforce at scale.
Shared-session trust debt: every time a clinician is forced into a workaround, the organisation accumulates more distance between the intended control model and the way access actually happens. That debt will show up in audit findings, privacy exposure, and user resistance unless the managed path becomes faster than the bypass.
The strongest programmes will align clinical mobility with identity lifecycle discipline, using access attribution, device return, and reset events as measurable controls rather than informal handoffs. That is the point at which shared mobile devices stop being a security exception and become a governed access pattern.
For practitioners
- Replace shared logins with attributable access sessions Require each clinician to authenticate individually even when the device is shared across shifts, and preserve user attribution at every handoff so activity can be traced without relying on a common password.
- Formalise device allocation and return policy Define who can assign devices, how custody is recorded, when sessions must end, and what reset steps are mandatory before the next user receives the device.
- Measure sign-in friction as a security signal Track how long it takes clinicians to obtain a shared device, because repeated delays often predict credential sharing, workarounds, and reduced control adherence.
- Eliminate incentives for shadow BYOD access Make the managed shared-device path faster and easier than personal-phone workarounds, and review where staff are bypassing the intended access flow because of device shortages or slow check-out.
Key takeaways
- Shared mobile devices have become a core clinical access pattern, which means they now need identity governance instead of informal tracking.
- The report’s biggest control gap is not device availability alone, but the combination of shared credentials, missing policy, and weak custody discipline.
- Hospitals that make attributable sessions and formal handoff rules easier than workarounds will reduce privacy risk without slowing care delivery.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Shared-device access needs least-privilege and session attribution controls. |
| NIST SP 800-63 | Healthcare identity assurance matters when staff share endpoints across shifts. | |
| NIST Zero Trust (SP 800-207) | Shared devices fit a continuous verification model rather than trusted shared sessions. |
Use stronger authentication and session attribution where shared devices support clinical access.
Key terms
- Shared-use mobile device: A shared-use mobile device is a managed endpoint that multiple people access in sequence rather than owning individually. In healthcare, the identity problem is not the device itself but the need to preserve user accountability, session integrity, and secure handoff across shifts.
- Access handoff: Access handoff is the controlled transfer of a device or session from one user to another. It requires sign-out, reassignment, and reset steps so the next person starts with a clean, attributable state instead of inheriting the previous user’s context.
- Shared-session trust debt: Shared-session trust debt is the accumulation of risk created when users keep bypassing the intended access model to stay productive. Each workaround increases the gap between policy and practice, making it harder to audit, attribute, and secure shared access over time.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Imprivata: New Imprivata Report on shared mobile devices in healthcare. Read the original.
Published by the NHIMG editorial team on 2025-07-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
