Passwordless access in healthcare: why adoption is still so slow

TL;DR: Healthcare IT leaders overwhelmingly rate passwordless authentication as vital, but only 7% of organisations have fully adopted it, according to Imprivata’s survey of more than 200 healthcare leaders. The gap shows that integration, clinical training, and compliance issues are now blocking identity modernisation more than strategic intent.

NHIMG editorial — based on content published by Imprivata: New Imprivata Survey Finds 85% of Healthcare IT Leaders Think Passwordless Authentication is Vital, but Adoption Lags Significantly

By the numbers:

• 85% of healthcare IT leaders view passwordless authentication as very important or mission-critical to the future of healthcare.
• Only 7% of organizations have fully implemented passwordless access for clinical and non-clinical staff.
• 60% of HDOs still rely heavily on passwords, resulting in risky password workarounds for 46% of respondents.

Questions worth separating out

Q: How should healthcare organisations roll out passwordless authentication without disrupting clinical work?

A: Start with a workflow map, not a technology switch.

Q: Why does passwordless adoption stall even when leaders support it?

A: Adoption stalls when integration, compliance, and clinical training are not treated as programme design constraints.

Q: What do security teams get wrong about passwordless in healthcare?

A: They often treat passwordless as a login replacement rather than an access model.

Practitioner guidance

• Map application dependencies before rollout Identify every clinical and administrative application that still requires password entry, then classify which systems can move to passwordless first and which need exception handling or remediation work.
• Pilot passwordless on high-friction workflows Start with use cases that create the most login pain and help desk load, such as shared workstations, repeated shift handoffs, and frequent reauthentication paths.
• Pair authentication changes with session controls Add continuous session monitoring and risk-based step-up checks so that passwordless access remains accountable after login.

What's in the full report

Imprivata's full report covers the operational detail this post intentionally leaves for the source:

• Survey breakdown by role and organisation type, useful for comparing how CIOs, CISOs, and clinical leaders prioritise passwordless access.
• Detailed ranking of advanced access capabilities such as continuous session monitoring, risk-based authentication, and offline multifactor authentication.
• The specific integration and compliance barriers cited by healthcare delivery organisations, which help translate strategy into rollout planning.
• Methodology details on the 206 respondents and the mix of hospital systems, IDNs, and academic medical centers.

👉 Read Imprivata's survey on passwordless authentication in healthcare →

Passwordless access in healthcare: why adoption is still so slow?

Explore further

View Full Forum →  |  NHI Foundation Course →