Passwordless access in healthcare: what is holding teams back?

TL;DR: Healthcare leaders overwhelmingly view passwordless access as critical, but only 7% report full adoption, according to Imprivata’s survey of more than 200 IT and security leaders. The gap shows that identity modernization is now a governance and integration problem, not a question of awareness.

NHIMG editorial — based on content published by Imprivata: passwordless access in healthcare and the adoption gap

By the numbers:

• 85% of survey respondents say that passwordless authentication is very important or mission-critical to the future of healthcare IT security and efficiency.
• Only 7% of organizations report that they’ve fully adopted passwordless access for clinical and nonclinical staff.
• 54% of respondents use three or more authentication vendors, and 16% use four or more.

Questions worth separating out

Q: How should healthcare teams roll out passwordless access without disrupting clinical work?

A: Start with one workflow that has high login volume but limited operational complexity.

Q: Why do healthcare environments struggle to move beyond passwords?

A: Healthcare organisations often depend on legacy applications, shared workstations, offline access patterns, and tightly controlled audit requirements.

Q: What breaks when authentication tools are added without consolidation?

A: Policy consistency breaks first, followed by telemetry quality and recovery simplicity.

Practitioner guidance

• Inventory and rationalise authentication methods Map every authenticator in use, including badges, biometrics, mobile prompts, and FIDO2-style methods.
• Pilot passwordless in one contained clinical workflow Choose a high-volume use case with limited complexity, then measure login time, error rates, clinician acceptance, and help desk impact before expanding to other care settings.
• Centralise policy and telemetry across authenticators Use one governance model for audit logs, step-up rules, and recovery paths so that every authentication method is visible and enforceable under the same control plane.

What's in the full article

Imprivata's full post covers the operational detail this post intentionally leaves for the source:

• Breakdown of the survey response mix across healthcare IT and security leaders, including how the findings were segmented
• Specific implementation examples for shared workstations, clinical workflows, and offline-capable access patterns
• Measured business-case inputs such as login-time savings, ticket reduction, and adoption tracking methods
• Detailed product-oriented access capabilities described by the vendor, including unified authenticators and adaptive controls

👉 Read Imprivata’s survey analysis of passwordless access in healthcare →

Passwordless access in healthcare: what is holding teams back?

Explore further

View Full Forum →  |  NHI Foundation Course →