Password resets in healthcare: what IAM teams need to fix

TL;DR: Healthcare password resets are still consuming IT capacity and creating avoidable security risk, with Imprivata research showing 40% of healthcare IT leaders cite increased help desk workload and 43% report high reset volume as a top authentication challenge. The problem is not convenience alone: password-centered workflows turn identity verification into a pressure point that attackers can exploit.

NHIMG editorial — based on content published by Imprivata: reducing password reset tickets and the case for passwordless access in healthcare

By the numbers:

• 40% of healthcare IT leaders cite increased IT and help desk workload as one of the top negative impacts from password management at their organization.
• 46% of healthcare organizations report risky password workarounds.

Questions worth separating out

Q: How should healthcare teams reduce password reset burden without weakening access security?

A: They should replace password-dependent recovery with phishing-resistant authentication and tighter identity verification, starting with the most disruptive clinical workflows.

Q: Why do password resets create security risk as well as support overhead?

A: Because every reset asks a human to make an access decision under pressure, often with limited context.

Q: What do healthcare organisations get wrong about passwordless access?

A: They often treat passwordless as a convenience layer instead of a governance change.

Practitioner guidance

• Reclassify password resets as privileged workflows Put reset approval, identity proofing, and recovery logging under the same governance discipline used for elevated access.
• Prioritise passwordless access for high-friction clinical paths Start with the logon journeys that create the most resets, especially shared workstations and remote clinical access.
• Measure reset demand as an identity risk indicator Track reset volume, recovery approvals, and workaround rates together so the organisation can see where access policy is causing avoidable friction.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• How passwordless access changes help desk demand across clinical and remote workflows.
• Why self-service password reset still depends on strong identity verification controls.
• Which authentication patterns reduce clinician friction without increasing recovery risk.
• How IT teams can frame password management as a productivity and security issue.

👉 Read Imprivata's analysis of password resets and passwordless access in healthcare →

Password resets in healthcare: what IAM teams need to fix?

Explore further

View Full Forum →  |  NHI Foundation Course →