Notifications
Clear all
Topic starter
25/06/2026 2:42 pm
TL;DR: Shared-use mobile devices in UK healthcare save hospitals an average of £522,000 annually, but 47% of organisations still lack a formal management policy, leaving security and workflow gaps, according to Imprivata research. The operational case for streamlined clinical access is clear, but the governance model has not caught up with shared-device reality.
NHIMG editorial — based on content published by Imprivata: The Dual Reality of Shared-Use Mobile Devices in UK Healthcare
By the numbers:
Questions worth separating out
Q: How should healthcare teams govern shared-use mobile devices across wards and shifts?
A: Treat shared-use mobile devices as governed identity surfaces, not general-purpose endpoints.
Q: Why do shared clinical devices create more access risk than personal devices?
A: Shared devices break the assumption that one device maps to one person and one session.
Q: How do you know if shared-device access controls are actually working?
A: Look for fewer repeated logins, lower credential sharing pressure, consistent logout behaviour, and clear audit trails that identify each session by user and context.
Practitioner guidance
- Define a formal shared-device policy Set explicit rules for provisioning, user handoff, session timeout, logout behaviour, and exception handling across every ward and shift.
- Replace repeated login flows with stronger access patterns Use passwordless authentication and SSO where clinically appropriate, then add step-up checks only when role or context changes.
- Centralise mobile device management Maintain a known device state with standard provisioning, patching, and retirement controls so shared endpoints do not drift between users.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The underlying UK healthcare research context behind the £522,000 annual savings figure.
- The device-management and workflow approach used to reduce repeated logins in shared ward environments.
- The practical balance between usability, security, and accountability in clinical settings.
- The broader NHS digital transformation context that frames shared-use mobile adoption.
👉 Read Imprivata's analysis of shared-use mobile devices in UK healthcare →
Shared-use mobile devices in UK healthcare: what teams are missing?
Explore further
25/06/2026 3:50 pm
Shared clinical devices are an identity governance problem first and an endpoint problem second. Imprivata's numbers show that hospitals can realise large cost savings while still failing at formal policy coverage, which means the governance layer has not matured at the same pace as deployment. In practice, the security question is not whether shared devices are useful, but whether identity, device, and workflow controls are coordinated enough to make them safe.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who is accountable when a shared mobile device exposes patient data?
A: Accountability should sit with the organisation that owns the shared-device policy, the access model, and the device lifecycle, not with a single clinician using the handset at the time. In practice, healthcare security, IAM, and clinical operations must share ownership because the failure is usually systemic.
👉 Read our full editorial: Shared-use mobile devices in UK healthcare expose governance gaps
