Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Shared mobile devices in healthcare: what IAM teams should fix


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Hospitals adopting shared mobile devices save an average of $1.1 million annually, with mature governance lifting yearly savings to $1.4 million, while clinician satisfaction with mobile access still sits only between 56% and 60%, according to Imprivata. Shared-device programmes now need tighter identity and access governance, not just device rollout, because operational value depends on secure, low-friction access.

NHIMG editorial — based on content published by Imprivata: Shared Mobile Devices Unlock Million Dollar Savings in Healthcare

By the numbers:

Questions worth separating out

Q: How should hospitals govern shared mobile device access across clinical shifts?

A: Hospitals should govern shared mobile device access by treating each sign-in as a distinct identity event, not a casual device reuse.

Q: Why do shared devices create more access risk than single-user devices?

A: Shared devices create more access risk because the device persists while the user context changes repeatedly.

Q: How do organisations know whether shared-device governance is working?

A: They should look for short access times, low workaround behaviour, clean audit trails, and consistent session resets at handoff.

Practitioner guidance

  • Define session handoff rules for every shared device Set explicit rules for who can reuse a device, how the previous user is terminated, and what state must be cleared before the next clinician signs in.
  • Tie access policy to clinical shift patterns Model access around shifts, wards, and on-call escalation paths instead of generic user groups.
  • Measure clinician friction as a security control signal Track failed sign-ins, time-to-access, and workaround behaviour alongside audit logs.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

  • The survey framing behind the $1.1 million average savings figure and the conditions that separate mature from immature programmes.
  • The five priorities Imprivata lists for successful shared-device deployment, including governance, loss prevention, identity controls, system integration, and ROI tracking.
  • The clinician productivity and care-delivery arguments used to connect access design with operational outcomes.
  • The article's broader healthcare efficiency context, which helps teams explain the programme internally without over-rotating on security language.

👉 Read Imprivata's analysis of shared mobile devices and healthcare savings →

Shared mobile devices in healthcare: what IAM teams should fix?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Shared mobile devices expose a human identity governance problem, not just an endpoint problem. The value proposition depends on frequent user transitions, which means access attribution, session continuity, and revocation discipline all matter more than on single-user devices. When programmes ignore that, they save on hardware while accumulating identity risk. Practitioners should treat shared-device design as a human IAM control surface.

A few things that frame the scale:

  • 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
  • The same report found that 46% of organisations confirmed a breach and 26% only suspected one, which shows how often identity failures persist below the level of clear detection.

A question worth separating out:

Q: What should security and clinical teams do before scaling shared mobile programmes?

A: They should agree on the identity workflow, the session lifecycle, and the exception process before deployment expands. Governance must be defined jointly, because security controls that ignore clinical urgency will be bypassed while clinical workflows without access discipline create audit and attribution gaps.

👉 Read our full editorial: Shared mobile devices in healthcare need stronger identity governance



   
ReplyQuote
Share: