Shared hospital mobile access: what IAM teams need to know

TL;DR: Shared-use mobile devices are now central to UK hospital workflows, but Imprivata reports that 77% of respondents share credentials, 74% leave devices signed in, and 54% have seen breaches from unauthorised mobile access. The security case is no longer abstract: identity controls must keep pace with clinical speed, not fight it.

NHIMG editorial — based on content published by Imprivata: Tech and Innovation Improve Care and Deliver Tangible Savings for UK Hospitals

By the numbers:

• 54% of organisations experienced a data breach due to unauthorised access via employees’ mobile devices.
• 77% of respondents admitted to sharing credentials, while 74% said devices were frequently left signed in after use.
• The 2025 Imprivata State of Shared Mobile Devices in Healthcare Report found that hospitals with shared mobile programs save an average of £522,000 annually.

Questions worth separating out

Q: How should hospitals secure shared mobile devices without slowing clinicians down?

A: Hospitals should make access fast for the individual clinician and strict for the device state.

Q: Why do shared credentials create more risk in healthcare than in many other sectors?

A: Shared credentials weaken attribution in environments where timing, responsibility, and patient safety all matter.

Q: What breaks when mobile devices stay signed in after clinical handoff?

A: When devices stay signed in, the next user may inherit access without re-authenticating, which undermines accountability and can expose patient data to the wrong person.

Practitioner guidance

• Enforce per-user session termination Require automatic sign-out and session reset on every shared clinical device so the next user never inherits the previous identity state.
• Remove shared credentials from ward workflows Replace shared usernames and passwords with individually attributable authentication so access can be tied to a named clinician in audit and incident review.
• Map shared devices into access reviews Include shared mobile endpoints in recurring access recertification, with special attention to contractor use, shift handoffs, and any device that persists across users.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• The hospital mobile workflow findings behind the reported savings, adoption, and compliance metrics.
• The practical detail on shared-device access, sign-in behaviour, and how clinical teams are using mobility at scale.
• The source framing around secure access, SSO, and passwordless authentication in healthcare environments.
• The specific survey results and device-management observations that underpin the article's conclusions.

👉 Read Imprivata's analysis of shared mobile devices and healthcare access risk →

Shared hospital mobile access: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →