Passwordless authentication in healthcare: why adoption still lags

TL;DR: Healthcare IT leaders overwhelmingly see passwordless authentication as mission-critical, yet only 7% of organisations have fully adopted it and 60% still rely heavily on passwords, according to Imprivata’s survey of more than 200 healthcare respondents. The gap shows that authentication modernisation now hinges on integration, clinical workflow fit, and governance, not just security intent.

NHIMG editorial — based on content published by Imprivata: New Imprivata Survey Finds 85% of Healthcare IT Leaders Think Passwordless Authentication is Vital, but Adoption Lags Significantly

By the numbers:

• 85% of healthcare IT leaders think passwordless authentication is very important or mission-critical to the future of healthcare.
• Only 7% of organizations have fully implemented passwordless access for clinical and non-clinical staff.
• 60% of HDOs still rely heavily on passwords, resulting in risky password workarounds for 46% of respondents.

Questions worth separating out

Q: How should healthcare teams implement passwordless authentication without disrupting clinical work?

A: Start with the workflows that create the most login friction, then test passwordless in real clinical scenarios such as shared workstations, roaming staff, and interrupted shifts.

Q: Why do password-heavy environments remain risky even when users know better?

A: Because user behaviour follows workflow pressure, not policy intent.

Q: What signals show that passwordless adoption is actually working?

A: Look for fewer password resets, fewer help desk unlock requests, lower use of workarounds, and stable clinician throughput during login-heavy periods.

Practitioner guidance

• Map passwordless to clinical workflow realities Test passwordless journeys against shared devices, shift changes, emergency logins, and application switching before expanding rollout.
• Pair passwordless with recovery and monitoring controls Deploy continuous session monitoring, risk-based authentication, offline MFA, and self-service unlock together so access does not fail when users lose connectivity or devices.

What's in the full report

Imprivata's full report covers the operational detail this post intentionally leaves for the source:

• Survey methodology across 206 healthcare delivery organisation respondents, useful if you need to assess how representative the findings are.
• Breakdowns of which advanced access capabilities leaders value most, including session monitoring, risk-based authentication, and offline MFA.
• The specific barriers organisations reported for passwordless adoption, including integration, training, and compliance constraints.
• The reported outcomes healthcare leaders most want from modern access, such as phishing resistance, faster logins, and lower help desk demand.

👉 Read Imprivata's survey on passwordless authentication in healthcare →

Passwordless authentication in healthcare: why adoption still lags?

Explore further

View Full Forum →  |  NHI Foundation Course →