Notifications
Clear all
Topic starter
25/06/2026 2:48 pm
TL;DR: Shared mobile devices have become critical to bedside care, but the 2025 Imprivata state of shared mobile devices in healthcare report shows that 74% of devices are frequently left signed in, 79% of staff report credential sharing, and 81% resort to personal devices when access is slow. Convenience without governed access creates both security and workflow risk.
NHIMG editorial — based on content published by Imprivata: The 2025 state of shared mobile devices in healthcare report
By the numbers:
- 92% of healthcare IT and clinical leaders agree that mobile devices are critical to bedside care.
- 62% of staff struggle with device accessibility.
Questions worth separating out
Q: How should healthcare teams govern shared mobile device access without slowing clinicians down?
A: They should make authentication fast, device state visible, and session handoff explicit.
Q: Why do shared clinical devices create identity and access risk?
A: Because the device is reused by multiple people across shifts, so the organisation must prove who had access, when the session ended, and whether the endpoint was reset.
Q: How do security teams know whether shared device controls are working?
A: Look for reduced sign-out delays, fewer help desk tickets, lower rates of personal-device workarounds, and a complete record of device custody.
Practitioner guidance
- Map shared-device handoffs as identity events Record who authenticated, what device they used, when the handoff occurred, and whether the device returned to a clean state before the next shift.
- Remove incentives for credential sharing Reduce sign-in delay with badge tap, single sign-on, and biometric access so staff do not bypass controls through shared passwords or personal devices.
- Tie device compliance to each checkout Require posture checks, lost-mode handling, and remote wipe readiness before a shared device can be reassigned.
What's in the full report
Imprivata's full report covers the operational detail this post intentionally leaves for the source:
- The quantitative breakdown of shared-device adoption, clinician preferences, and financial impact by healthcare environment
- The workflow examples behind badge tap, single sign-on, and biometric access in clinical settings
- The device tracking and compliance model used to support lost mode, remote wipe, and reissue decisions
- The report's fuller discussion of collaboration between clinical, IT, and security stakeholders
👉 Read Imprivata's report on shared mobile devices in healthcare →
Shared clinical devices: what it means for identity and access?
Explore further
25/06/2026 3:57 pm
Shared mobility is now an identity governance problem, not a device procurement problem. The report shows that shared devices can save money and improve workflow, but only when access is accountable across the full device lifecycle. That means identity assurance, session control, and device management have to be designed together rather than treated as separate workstreams. Practitioners should read shared mobility as a governance model that spans clinical operations and access control.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
- In the same research, 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
A question worth separating out:
Q: Who is accountable when a shared device is lost or left signed in?
A: Accountability should sit with the operational owner of the shared fleet, the identity team that governs access, and the clinical manager responsible for shift usage. The control question is whether the organisation can identify the last authenticated user and enforce return and wipe procedures.
👉 Read our full editorial: Shared mobile devices in healthcare expose identity and access gaps
