Notifications
Clear all
Topic starter
25/06/2026 2:44 pm
TL;DR: Shared mobile devices are now standard clinical infrastructure, and the combined AHISP and Imprivata 2025 evidence shows they improve efficiency, reduce burnout, and unlock ROI only when access, checkout, and auditing are identity-driven. The governance problem is not the device fleet itself; it is the friction, credential sharing, and weak accountability built into unmanaged shared access.
NHIMG editorial — based on content published by Imprivata: Shared mobile devices in healthcare and the role of identity-driven access
By the numbers:
- 92% of respondents agreed that mobile devices are essential care tools.
- 87% reported access challenges on shared devices.
- 63% greater ROI came from fully implemented shared-device policies.
Questions worth separating out
Q: How should healthcare teams govern shared mobile devices without slowing clinical work?
A: They should make identity the control plane for the entire shared-device workflow.
Q: Why do shared credentials on clinical devices create security risk?
A: Shared credentials destroy attribution and make it impossible to prove which person accessed which system at a given moment.
Q: What breaks when shared mobile devices stay signed in between users?
A: The organisation loses session ownership, which means the next clinician may inherit access without a clean authentication boundary.
Practitioner guidance
- Replace manual device handoffs with identity-based checkout Tie each shared device to an authenticated clinician at issue and return, and log that ownership change in the access trail so audit evidence is available after the shift.
- Eliminate shared logins and persistent signed-in states Disable credential sharing on clinical devices, force reauthentication at appropriate intervals, and remove any workflow that allows a device to stay signed in across users.
- Measure shift-start friction as a control signal Track time to assign devices, time to first clinical app use, and the rate of missing or uncharged devices so the programme can show where process breakdowns are creating risk.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Survey breakdown of how 400 leaders across IT and clinical functions view shared mobile adoption and governance.
- Specific ROI comparisons between shared-use, one-to-one, and BYOD mobile models in healthcare settings.
- Detailed discussion of device loss, checkout friction, and the operational savings linked to identity-based tracking.
- The article's own framing of how mobile access management supports secure authentication and interoperability.
👉 Read Imprivata's analysis of shared mobile devices in healthcare →
Shared mobile devices in healthcare: what identity teams need to know?
Explore further
25/06/2026 3:50 pm
Shared mobile devices are now an identity governance problem, not just an endpoint problem. The operational debate is no longer about whether clinicians will use shared devices, because the article shows they already do. The real question is whether identity, checkout, and audit state travel with the device lifecycle or remain fragmented across manual processes. Practitioners should treat shared mobility as a governance plane that spans access, device custody, and accountability.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when a shared clinical device is lost or misused?
A: Accountability sits with the organisation unless the programme can prove who checked out the device, who last used it, and whether access was revoked at return. Without identity-based lifecycle controls, the device becomes a shared risk object rather than a governed asset, and the audit trail is too weak to support response.
👉 Read our full editorial: Shared mobile devices in healthcare need identity-driven control
