Notifications
Clear all
Topic starter
25/06/2026 3:05 pm
TL;DR: Healthcare organisations are losing an average of 13 minutes per clinician shift to mobile device setup, with 87% reporting access challenges and 79% saying credentials are shared on devices, according to Imprivata's 2025 State of Shared Mobile Devices in Healthcare report. Shared mobile works only when identity, device readiness, and auditability are managed as one workflow.
NHIMG editorial — based on content published by Imprivata: shared mobile access in healthcare and the 13-minute shift-start problem
By the numbers:
- Clinicians waste an average of 13 minutes per shift just getting mobile devices ready to use.
- 87% report access challenges such as clinicians getting locked out of devices.
- 79% of respondents report that users share credentials on shared devices.
Questions worth separating out
Q: How should healthcare teams secure shared mobile devices without slowing clinicians down?
A: Use identity-driven checkout that binds the clinician, the device, and the session in one step.
Q: Why do shared devices often create credential-sharing risk in clinical environments?
A: Because if device handoff is slow, clinicians will protect patient flow by reusing logins or passing devices with sessions still open.
Q: What signals show that shared mobile access is not working properly?
A: Look for repeated lockouts, frequent help desk calls, devices left signed in, personal devices used as workarounds, and missing or low battery at handoff.
Practitioner guidance
- Replace password-led shared mobile login with badge-tap checkout Use a fast identity assertion tied to a trusted credential so clinicians can start a session without repeated password entry.
- Automate clean session return for every shared device Wipe app state, terminate the session, and re-lock the device on return so the next clinician does not inherit residual access.
- Bind app access to clinician personas, not generic device pools Load role-appropriate apps, communication groups, and notification rules at checkout so the device is ready for the next task immediately.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step shared mobile workflow design for badge-tap checkout and session start.
- Persona-based app and settings orchestration that personalises devices for each clinician role.
- Charging, health, and location controls that support readiness and device retrieval.
- Audit trail details that show who used which device, when, where, and for which apps.
👉 Read Imprivata's analysis of shared mobile access in healthcare →
Shared mobile access in healthcare: what identity teams need to fix?
Explore further
25/06/2026 4:23 pm
Shared mobile access is a human IAM governance problem disguised as device operations. The article is really about whether identity can keep pace with clinical movement across shift boundaries, device availability constraints, and user turnover. When access control is reduced to manual handover steps, the organisation gets both friction and weak accountability. The practitioner takeaway is that mobile fleets need identity governance, not just asset management.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when a shared device still contains the prior user's access?
A: Accountability sits with the programme that owns device lifecycle, session termination, and access governance, not with the clinician who inherits the problem. Shared mobility requires an explicit owner for allocation, reset, and audit evidence. Without that ownership, compliance reports describe the issue without actually containing it.
👉 Read our full editorial: Shared mobile access in healthcare is an identity problem
