Shared mobile devices expose the governance gap in healthcare IAM

At a glance

What this is: This is an analysis of how shared-use mobile programs in healthcare change cost, compliance, and clinical workflow, with the key finding that governance gaps can erase much of the value.

Why it matters: It matters because mobile access in hospitals sits at the intersection of human identity, shared device control, and sensitive patient data, so IAM teams need to govern access patterns, not just endpoints.

By the numbers:

• The 2025 Imprivata state of shared mobile devices in healthcare report reveals that organizations save an average of $1.1 million annually by adopting shared-use devices instead of 1:1 or bring-your-own-device (BYOD) models.
• (99%) anticipate usage will increase in the next, icipate usage will increase in the next two years.
• The report highlights that 44% of healthcare organizations lack a comprehensive mobile policy.

👉 Read Imprivata's analysis of shared mobile devices in healthcare

Context

Shared mobile devices are pooled, hospital-owned endpoints that clinicians authenticate to on demand rather than keeping one device assigned to one person. In healthcare, the governance question is not whether the device is available, but whether identity controls, device handling, and access policy can support fast care delivery without creating compliance gaps.

The article argues that shared-use models can outperform 1:1 and BYOD approaches because they improve utilisation, reduce support overhead, and strengthen visibility. The problem is that those gains disappear quickly when access is handled manually, devices go missing, or organisations rely on inconsistent handoffs instead of identity-driven control.

For IAM and security teams, this is a lifecycle problem as much as an endpoint problem. Shared devices change how accounts are checked out, how sessions are ended, how access is reassigned, and how auditability is maintained across shifts and departments.

Key questions

Q: How should hospitals govern shared mobile devices without slowing clinicians down?

A: Hospitals should govern shared mobile devices with identity-driven authentication, automated check-in and check-out, and a clear policy for device custody and session closure. The goal is to make access fast at the bedside while keeping the device pool auditable, supportable, and recoverable when shifts change or devices go missing.

Q: Why do BYOD models create more governance risk in healthcare?

A: BYOD increases governance risk because hospitals lose standardisation over device configuration, app versions, and data handling. That makes it harder to enforce policy, investigate incidents, and prove compliance when clinicians access sensitive records from endpoints the organisation does not fully control.

Q: What breaks when shared device handoffs are handled manually?

A: Manual handoffs break accountability and create avoidable delays because no one can reliably prove who had the device, whether access was closed, or whether a return was completed cleanly. In a clinical setting, that becomes both a workflow problem and a security problem.

Q: Who should own shared mobile governance in a hospital?

A: Shared mobile governance should be owned jointly by IAM, security, and clinical operations, because the control problem spans access, device custody, and workflow readiness. If any one group owns it alone, the programme usually drifts into either poor usability or weak enforcement.

Technical breakdown

Why shared mobile beats 1:1 and BYOD for identity governance

A shared mobile programme pools hospital-owned devices across users and shifts, which changes the economics and the control model at the same time. With 1:1 devices, the organisation carries the cost of underused endpoints and inconsistent maintenance. With BYOD, security loses standardisation, visibility, and policy enforcement because unmanaged personal devices sit outside the same control boundary. Shared-use mobile works when identity is tied to the session, not the person’s private hardware, so access can be granted, monitored, and removed within the hospital’s own governance model.

Practical implication: treat shared mobile as an identity and governance programme, not just a device procurement choice.

How passwordless SSO and check-in and check-out reduce access friction

The report points to passwordless authentication, streamlined single sign-on, and automated device check-in and check-out as the mechanisms that make shared devices workable at bedside speed. These controls reduce the temptation to reuse passwords, share credentials, or bypass workflow steps during a busy shift. They also narrow the gap between access grant and access removal, which matters in environments where multiple clinicians touch the same endpoint across a day. In practice, the control objective is not merely convenience. It is reliable, auditable access handoff across users.

Practical implication: align authentication and session transfer with clinical workflow so shared devices do not push staff into insecure workarounds.

Why mobile policy failure becomes an access and compliance issue

When 44% of organisations lack a comprehensive mobile policy, the device model becomes ad hoc governance by default. Manual handoffs, first-come, first-served allocation, and inconsistent maintenance create gaps in traceability, lockout handling, and device readiness. In healthcare, that quickly becomes a compliance issue because sensitive data can remain reachable on unmanaged or inconsistently controlled endpoints. The deeper technical issue is that access governance and endpoint governance are being separated when they need to operate together as one control plane.

Practical implication: define a mobile policy that binds access, device custody, and session closure into one enforceable process.

Threat narrative

Attacker objective: The practical objective is not a single exploit but persistent access friction reduction that undermines security and operational reliability across the hospital environment.

1. Entry occurs when clinicians fall back to personal devices or shared endpoints without consistent identity controls, creating inconsistent access paths and weaker enforcement points.
2. Escalation occurs when poor handoff, missing devices, or manual processes leave active sessions, shared credentials, or unmanaged access patterns in place longer than intended.
3. Impact occurs through delayed care, reduced visibility, compliance exposure, and avoidable help desk load that drains time and budget from clinical operations.

Breaches seen in the wild

• Azure Key Vault privilege escalation exposure — Azure Key Vault Contributor role misconfiguration enabled privilege escalation.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Shared mobile governance is the real control plane, not the handset. The article makes a familiar but often ignored point: device strategy succeeds or fails on identity-driven governance, not on hardware count alone. In healthcare, the moment a shared device can be reassigned safely, audited cleanly, and locked down between users, it becomes a governed asset rather than an unmanaged convenience. The practitioner takeaway is that mobile strategy belongs inside IAM and lifecycle governance, not only endpoint management.

Session-bound access is the named concept that matters here. Shared devices work when identity is attached to a controlled session that can be checked out, used, and returned without residual access. That is materially different from treating a device as if it belongs to one clinician all day or assuming a personal device can be brought under hospital control later. The implication is that hospitals need to measure handoff quality, not just device inventory.

BYOD shifts compliance risk outside the organisation’s direct control boundary. Once clinicians use personal devices for hospital work, the security team loses standardisation over operating system state, app versions, and local data handling. That weakens both HIPAA posture and incident response because the organisation cannot reliably prove where data sat or who could reach it. The practitioner conclusion is that visibility and policy enforcement must be designed, not presumed.

Governance gaps turn efficiency programmes into hidden access debt. The reported savings are real, but so are the costs of missing devices, lockouts, and manual workarounds. Those costs do not just reduce ROI, they signal that access lifecycles are being managed informally across clinical operations. The field should read this as evidence that mobile programmes need explicit lifecycle controls for assignment, return, and session termination.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities -- 46% confirmed, 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
• Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to The 2024 ESG Report: Managing Non-Human Identities.
• That pattern reinforces the need to study lifecycle and access governance in depth, which is explored in Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.

What this signals

Session-bound access is the operational issue hospitals now have to model. Shared mobile only works when identity can be granted and withdrawn cleanly across shifts, departments, and clinical contexts. When that lifecycle is informal, the result is hidden access debt that shows up later as lockouts, lost devices, and staff workarounds.

With 72% of organisations reporting or suspecting NHI breaches in our research, the broader lesson is that governance failures accumulate quickly when pooled access is treated as a convenience layer rather than a control plane. Hospitals should expect the same pattern if they manage shared mobile devices without explicit lifecycle ownership.

For practitioners, the next step is to align mobile strategy with identity policy, auditability, and return workflows. That means linking access, custody, and logging to one programme rather than relying on local process variation, and using the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs as a lifecycle reference point.

For practitioners

• Bind mobile access to identity and session control Use passwordless authentication and single sign-on so clinicians can open a session quickly, but require automated check-in and check-out so access is returned cleanly when the device changes hands.
• Write a mobile policy that covers custody and closure Define who can receive a shared device, how it is handed off, when sessions must be terminated, and what audit evidence is retained when devices go missing or are reassigned.
• Eliminate BYOD for workflows that touch PHI If clinicians need access to sensitive records, move that activity onto hospital-managed endpoints where configuration, logging, and access enforcement are consistent and supportable.
• Track operational friction as a governance signal Measure lockouts, missing-device delays, and fallback-to-personal-device behaviour as indicators that the access model is undermining both security and care delivery.

Key takeaways

• Shared mobile devices improve both cost and workflow in healthcare, but only when identity and session governance are built into the operating model.
• The main failure mode is not device scarcity, but weak policy, manual handoffs, and incomplete access closure that erode ROI and compliance.
• Hospitals should treat shared devices as governed identity assets, with passwordless access, automated check-in and check-out, and clear custody rules.

Key terms

• Shared Mobile Device: A hospital-owned device that multiple clinicians use across shifts rather than being permanently assigned to one person. The control challenge is to make access fast and auditable while ensuring the device is reset, reassigned, and monitored correctly between users.
• Session-bound Access: An access model where the right to use a device or application is tied to a specific authenticated session, not a permanent assignment. In healthcare, this helps preserve speed at the bedside while reducing residual access between handoffs and users.
• Bring Your Own Device: A model in which staff use personal phones or tablets for work access. It can improve convenience, but it reduces organisational control over configuration, logging, and data handling, which makes compliance and incident response harder when sensitive records are involved.
• Device Handoff: The process of transferring a shared device from one user to another in a controlled way. Good handoff practice includes authentication, session closure, and audit evidence so the organisation can prove who had access and when.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by Imprivata: how shared mobile programs outperform 1:1 and BYOD models in cost, compliance, and clinical efficiency. Read the original.