Shared mobile devices are reshaping clinical identity governance

At a glance

What this is: This report argues that shared mobile devices are becoming the operating model for clinical workflows, with identity-driven access and tracking now central to both speed and security.

Why it matters: It matters because shared-device programmes sit at the intersection of human IAM, device accountability, and NHI-adjacent workflow controls, making them relevant to security, operations, and governance teams alike.

By the numbers:

• 92% of healthcare leaders say mobile devices are essential tools in care facilities.
• 99% expect the use of shared mobile devices to increase over the next two years.
• 79% of employees share credentials, undermining identity security.
• 23% of devices are lost annually.

👉 Read Imprivata's report on shared mobile devices in healthcare

Context

Shared mobile devices in healthcare are no longer a convenience layer. They are part of the identity plane for clinicians, because the device, the user, and the application access pattern now move together across shifts and departments. When access is slow or ambiguous, staff work around the process, and the organisation inherits both care-delivery delays and identity risk.

The report’s core point is that shared mobile only works when assignment, authentication, and tracking are managed as a single control surface. That is especially important in clinical settings, where a missed sign-out, a shared credential, or a lost device can affect both patient workflow and protected health information.

For healthcare IAM teams, the issue is not whether shared devices are desirable. The issue is whether the programme can enforce accountability without adding friction that pushes staff back to personal-device workarounds. The starting position described in the report is common, not exceptional, across healthcare mobility programmes.

Key questions

Q: How should healthcare organisations manage shared mobile devices without weakening identity security?

A: Treat shared mobile as a governed identity workflow, not a convenience pool. Require named-user authentication, automated check-in and check-out, and central tracking so every session can be attributed. If staff can pick up any device without a clear handoff trail, the programme will drift toward shared credentials and unsigned sessions.

Q: Why do shared devices often improve care but still create security risk?

A: Shared devices reduce friction and speed access, but they also compress the trust model. When multiple users rely on the same endpoint, signed-in sessions, manual assignment, and credential sharing become more likely. The result is faster clinical work paired with weaker accountability unless the access model is explicitly designed for reuse.

Q: What do security teams get wrong about shared-device programmes?

A: They often focus on the hardware lifecycle and ignore the identity lifecycle. The real control question is who is authorised at the moment of use, how that access is revoked, and whether the system can prove it. Without that, lost devices and open sessions become governance failures, not just asset issues.

Q: Who is accountable when a shared mobile device exposes patient data?

A: Accountability should be shared across the operational owner of the device programme, the IAM or identity governance team, and the clinical manager responsible for local process compliance. If access is not attributable to a named user and a specific handoff, incident response becomes slower and disciplinary review becomes unreliable.

Technical breakdown

Shared-device identity workflows in clinical settings

A shared mobile device is effectively a pooled access endpoint. Unlike 1:1-issued devices, the control problem is not long-term ownership but rapid, auditable handoff between users, often across shift changes and care locations. That means authentication, session teardown, and device assignment have to be tied together. In practice, tap-and-go access, automated checkout, and centralized tracking reduce the gap between who is holding the device and who is authorized to use it. Without that linkage, the device becomes a reusable session container with weak accountability, especially where clinical pressure encourages shortcuts.

Practical implication: treat device handoff as an identity event, not an asset-management task.

Credential sharing and signed-in sessions

Credential sharing on shared devices collapses identity assurance because the system can no longer distinguish the authorised clinician from the last user. A signed-in session left open is functionally equivalent to standing access on a shared endpoint, especially when multiple staff members can pick up the same device during a shift. In healthcare, this weakens auditability and increases the chance of unauthorized PHI exposure. The report’s access findings show that usability gaps are not just operational defects. They directly shape whether identity controls are followed or bypassed.

Practical implication: eliminate shared credentials and enforce automatic session closure after task completion.

Why workflow friction becomes a security control issue

Workflow friction changes behaviour. If device assignment takes minutes, devices are broken, or staff cannot get back into clinical apps quickly, clinicians will use personal devices or reuse someone else’s access to keep care moving. That turns convenience workarounds into security exposure. The deeper control issue is not the device itself but whether access policy is tuned to the realities of clinical pace. In this environment, security failures often start as usability failures, then become identity failures, then become compliance failures.

Practical implication: design access policy around clinical turnaround time, not around administrative convenience.

NHI Mgmt Group analysis

Shared mobile devices have become an identity governance problem, not just an endpoint problem. The report shows that clinical mobility now depends on how fast and accurately organisations can bind a user, a device, and a session together. When that binding is weak, the programme loses both accountability and control over PHI access. The practitioner conclusion is that shared-device governance belongs inside IAM and workflow policy, not only in mobile device management.

Credential sharing is the clearest sign that access policy is failing at the point of care. If 79% of employees are sharing credentials and 74% of devices are left signed in, the control gap is not theoretical. Those behaviours indicate that staff are compensating for process design that is too slow or too brittle for clinical work. The practitioner conclusion is that identity policy must be usable at bedside speed or it will be bypassed.

Identity-driven shared mobility creates a named concept we should call clinical access handoff debt. That is the accumulation of friction, lost accountability, and workaround behaviour created when shared devices are not reassigned and signed out cleanly. The debt shows up as delayed care, weaker audit trails, and higher exposure to unauthorized access. The practitioner conclusion is that every unresolved handoff increases future risk and operational drag.

Shared-device programmes expose a governance truth that applies across human identity and NHI-style operational controls. The same discipline that governs lifecycle, access assignment, and revocation for service accounts also matters for clinicians using pooled devices. The difference is speed: human identity controls in healthcare must work in seconds, not in review cycles. The practitioner conclusion is that lifecycle governance should be measured by whether access is transferred cleanly under operational pressure.

Security and productivity are not competing outcomes in this model. The report ties faster care, lower burnout, and lower support burden to the same operational changes that improve identity control. That means the real decision is not whether to harden access, but whether to harden it in a way staff can actually use. The practitioner conclusion is that the best control is the one clinicians will still follow when the ward is busy.

From our research:

• Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
• 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
• Shared-control environments need stronger lifecycle discipline, as shown in the Ultimate Guide to NHIs - Standards, where access policy and auditability are treated as continuous controls.

What this signals

Clinical access handoff debt: shared mobility fails when the organisation treats device reuse as a logistics issue instead of an identity event. Once handoff friction starts pushing staff into personal-device workarounds, the programme has already lost control of the access model.

With 6 distinct secrets manager instances on average in fragmented environments, centralised governance breaks down quickly, according to The State of Secrets in AppSec. The same lesson applies here: if shared devices are managed as separate islands, auditability and revocation become inconsistent across wards and shifts.

Healthcare teams should align shared-device policy with the access-control discipline described in NIST Cybersecurity Framework 2.0. The practical signal is simple: if staff can still work faster by bypassing the process, the control design is not operationally real.

For practitioners

• Make device handoff an identity-controlled workflow Use badge-tap or equivalent authentication tied to automated checkout and check-in so every handoff produces an auditable user-to-device mapping. This removes first-come, first-served assignment and makes lost accountability visible before the next shift starts.
• Eliminate shared credentials on pooled devices Assign access to named users and force session closure after clinical use, even when the same device will be reused by another clinician. Shared passwords create attribution gaps and make PHI exposure harder to investigate.
• Track device status centrally in real time Maintain live visibility into device location, sign-in state, battery, and assignment so support teams can intervene before clinicians fall back to personal devices. Centralized tracking also shortens the time needed to recover missing devices.
• Set assignment policies that remove ad hoc distribution Replace first-come, first-served handling with formal allocation rules for wards, shifts, and device pools. Formal policy reduces handoff disputes and makes it easier to prove who had access when an incident occurs.

Key takeaways

• Shared mobile devices only reduce risk when user handoff, session control, and device tracking are managed as one identity workflow.
• The report’s numbers show a large gap between perceived value and actual control, with credential sharing and open sessions undermining accountability.
• Healthcare organisations should design shared-device programmes around clinical speed, but enforce identity attribution tightly enough to prevent workarounds.

Key terms

• Shared Mobile Device: A shared mobile device is a pooled endpoint used by multiple staff members across shifts or roles. In healthcare, the security challenge is not long-term ownership but ensuring each use is attributable, authenticated, and closed cleanly before the next person takes over.
• Identity-Driven Access Management: Identity-driven access management ties access decisions to the specific user, session, and context rather than to a device alone. In shared-device environments, it makes the handoff auditable and reduces the chance that one clinician inherits another clinician's access state.
• Clinical Access Handoff Debt: Clinical access handoff debt is the accumulated operational and security risk created when shared devices are reassigned without clean sign-out, attribution, or policy enforcement. It shows up as delays, workarounds, open sessions, and weak accountability for protected data.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Imprivata: The 2025 state of shared mobile devices in healthcare report. Read the original.