Security, Governance Gaps Curb Shared Mobile Device Use in Healthcare, Reveals Survey

BOSTON, Aug. 4, 2025 — Shared mobile devices are becoming an integral part of hospitals and clinical settings but governance and security concerns continue to be preventing many organizations from embracing it.

As per a survey conducted by digital identity security company Imprivata, many companies are finding it difficult to deal with the security risks arising out of shared mobile devices.

Imprivata’s 2025 State of Shared Mobile Devices in Healthcare survey underscores that shared mobile devices lead to cost savings and workflow improvements. However, governance and operational gaps are likely to prevent healthcare organizations from tapping the full potential of widespread mobile adoption

Following are Contours of the Survey

Managing Mobile Devices: Survey data published by Imprivata has revealed that while 92 percent of survey respondents consider mobile devices essential to care delivery, 44 percent lack a formal policy to manage mobile device use and allocation.

Notably, Vanson Bourne, a market research firm, conducted the survey on Imprivata’s behalf. Researchers surveyed 400 individuals from acute care facilities in the US, Canada, the United Kingdom and Australia, including IT decision makers and clinical leaders.

Sharing of Credentials: From a security point of view, the biggest issue arises out of access. Even as there is an increasing focus on identity-driven workflows, 79 percent of respondents said the employees continue to share credentials when using shared mobile devices. 74 percent said devices are often left signed in after use. Together these practices can create serious exposure for sensitive patient data, especially if a device is lost or stolen.

49 percent of all survey participants said they are not confident that patient data is secure on shared mobile devices. That level of uncertainty is even evident in an industry governed by regulations like HIPAA.

Informal processes Dominate: A major reason why shared-use devices face a risk, is the lack of formal policies and processes. 16 percent of organizations say they have no constant method for assigning devices at the start of shifts. 46 percent use verbal handoffs or other informal practices, and 28 percent rely on a “first come, first served” model with no logging or documentation.

In the absence of the device being tracked, there is no mechanism to identify the individual who accessed it. Besides, one does not get to know the time of the usage and remains uninformed about the purpose for using the device.

In case something goes wrong, it is difficult to put the onus on a particular person to fix accountability.

An IT decision maker from a 500 to 749 bed US healthcare facility says, “There is a lack of accountability because shared-use devices don’t have an owner, which complicates tracking access and data changes.”

What are Security Concerns in Shared Devices?

In a facility that registers hundreds of arrivals daily, the physical security of devices remains a concern. The survey reveals that 23 percent of shared mobile devices go missing every year, whether due to loss, theft, or misplacement.

As soon a device goes missing, the staff utilizes precious time looking for it. On average, this adds up to three hours per week per device. For some organizations, the delay can be up to a 12-hour shift.

The Imprivata report highlights that the biggest fallout of missing devices is risks to patient data security, communication delays, and delays to patient care.

Outdated tracking systems are also a contributing factor to the problem. Many hospitals still use manual sign-out sheets or Excel spreadsheets to track device locations. This is a loophole in any secure system, especially when real-time visibility is required.

Another major security concern is that IT departments are constantly under pressure. In absence of centralized systems to manage mobile devices, teams spend maximum of their time on low-value tasks. Respondents said IT staff devote 32 percent of their time to maintenance, 25 percent to tracking, and 25 percent to monitoring shared devices.

Lack of Visibility and Authentication Issues

Several respondents also reported that there is very less clarity on visibility. 48 percent are clueless regarding the person in whose possession the device was last occupied for a task. 53 percent are unaware when it was assigned. 55 percent don’t know which applications are being accessed. That lack of supervision increases the risk of compliance failures and makes it tough to detect malicious or negligent behavior.

Another important aspect is authentication. Nearly 90 percent of respondents said staff face access issues with shared mobile devices, often due to outdated authentication methods. A quarter of organizations still rely primarily on usernames and passwords for mobile access. This is not user-friendly in urgent care settings where saving a life is a race against time.

The authentication issues create disturbing work trends. 81 percent of respondents said staff frequently resort to personal devices when shared-use ones are unavailable or too slow to access. That behavior not only undermines the organization’s investment in shared mobile, it also increases the attack surface and raises compliance concerns.

Even as there is increasing focus on identity-driven workflows, 79% of respondents said the employees still share credentials when using shared mobile devices.

Inputs from Saqib Malik

Editing by David Ryder