TL;DR: Healthcare leaders overwhelmingly view passwordless access as critical, but only 7% report full adoption, according to Imprivata’s survey of more than 200 IT and security leaders. The gap shows that identity modernization is now a governance and integration problem, not a question of awareness.
NHIMG editorial — based on content published by Imprivata: passwordless access in healthcare and the adoption gap
By the numbers:
- 85% of survey respondents say that passwordless authentication is very important or mission-critical to the future of healthcare IT security and efficiency.
- Only 7% of organizations report that they’ve fully adopted passwordless access for clinical and nonclinical staff.
- 54% of respondents use three or more authentication vendors, and 16% use four or more.
Questions worth separating out
Q: How should healthcare teams roll out passwordless access without disrupting clinical work?
A: Start with one workflow that has high login volume but limited operational complexity.
Q: Why do healthcare environments struggle to move beyond passwords?
A: Healthcare organisations often depend on legacy applications, shared workstations, offline access patterns, and tightly controlled audit requirements.
Q: What breaks when authentication tools are added without consolidation?
A: Policy consistency breaks first, followed by telemetry quality and recovery simplicity.
Practitioner guidance
- Inventory and rationalise authentication methods Map every authenticator in use, including badges, biometrics, mobile prompts, and FIDO2-style methods.
- Pilot passwordless in one contained clinical workflow Choose a high-volume use case with limited complexity, then measure login time, error rates, clinician acceptance, and help desk impact before expanding to other care settings.
- Centralise policy and telemetry across authenticators Use one governance model for audit logs, step-up rules, and recovery paths so that every authentication method is visible and enforceable under the same control plane.
What's in the full article
Imprivata's full post covers the operational detail this post intentionally leaves for the source:
- Breakdown of the survey response mix across healthcare IT and security leaders, including how the findings were segmented
- Specific implementation examples for shared workstations, clinical workflows, and offline-capable access patterns
- Measured business-case inputs such as login-time savings, ticket reduction, and adoption tracking methods
- Detailed product-oriented access capabilities described by the vendor, including unified authenticators and adaptive controls
👉 Read Imprivata’s survey analysis of passwordless access in healthcare →
Passwordless access in healthcare: what is holding teams back?
Explore further
Passwordless failure in healthcare is mostly a governance and integration problem, not an awareness problem. The survey shows overwhelming agreement on the destination, but adoption stalls because healthcare environments still depend on legacy workflows, shared terminals, and compliance-heavy exception handling. That means the hard part is not convincing leaders that passwords are weak, but reconciling identity policy with clinical reality. Practitioners should treat passwordless as an operating model change, not an authentication swap.
A few things that frame the scale:
- 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Yet the average estimated time to remediate a leaked secret is 27 days, which shows how confidence and operational control can diverge in practice.
A question worth separating out:
Q: How do security teams know passwordless access is actually working?
A: Look for measurable reductions in password resets, faster access times, lower support tickets, and fewer authentication-related incidents. If users still rely on password fallback or if audit trails are fragmented, the programme has not yet achieved operational maturity.
👉 Read our full editorial: Passwordless access in healthcare: why adoption still lags