Notifications
Clear all
Topic starter
04/06/2026 2:59 pm
TL;DR: Healthcare mobile devices now support core clinical workflows, yet they are frequently lost, misplaced, or left unaccounted for, creating security, compliance, and productivity risk, according to Imprivata. The deeper issue is not device loss itself but the lack of reliable visibility, ownership, and control across shared clinical assets.
NHIMG editorial — based on content published by Imprivata: Mobile device loss in healthcare and the case for asset management
By the numbers:
Questions worth separating out
Q: What breaks when shared clinical devices are not tied to clear ownership?
A: When shared clinical devices lack clear ownership, organisations lose the ability to answer basic questions about who used the device, where it is, and what access it carried.
Q: Why do lost healthcare devices create both security and workflow risk?
A: Lost healthcare devices interrupt bedside work because clinicians cannot access charts, medication tools, or communication systems at the right time.
Q: How do organisations know whether mobile asset controls are actually working?
A: They should measure how quickly missing devices are recovered, how often devices are unassigned, and whether remote containment actions are based on verified state.
Practitioner guidance
- Map each shared device to a named owner and clinical purpose Require an accountable business owner, last-known user, and current location state for every shared tablet and phone.
- Join MDM data to real-time location and utilization signals Correlate enrollment records with live telemetry so IT can distinguish idle, misplaced, and truly missing devices before locking or wiping them.
- Define a missing-device response path that starts with access state Before remote wipe or replacement, check whether the device still has active sessions, cached credentials, or direct access to patient data.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The practical breakdown of how device loss affects clinicians, IT teams, and executives in different ways.
- The article's own examples of misplaced, forgotten, and offsite devices that create governance gaps.
- The feature set used to connect location tracking, utilization analytics, and lifecycle management in healthcare mobility.
- The specific ways shared device visibility changes remote lock, wipe, and replacement decisions.
👉 Read Imprivata's analysis of lost clinical devices and mobile asset governance →
Lost clinical devices: what IAM and IT teams need to fix?
Explore further
04/06/2026 3:10 pm
Lost clinical devices are governed identities, not just missing assets. In healthcare, a shared phone or tablet often carries active access into clinical systems, which makes ownership and status governance as important as physical tracking. The control failure is the absence of a reliable link between the device, the user, and the current access state. Practitioners should treat each device as a lifecycle-managed access object, not a disposable endpoint.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.
A question worth separating out:
Q: Who is accountable when a shared clinical device exposes patient data?
A: Accountability should sit with the operational owner of the device fleet, the clinical team using it, and the security function that defines response thresholds. In practice, the organisation is accountable for proving that its mobile asset governance was strong enough to limit PHI exposure and operational disruption.
👉 Read our full editorial: Healthcare mobile device loss exposes identity and workflow gaps
