Shared devices promise big savings for hospitals, but security gaps persist

When nurses at Northeast Georgia Health System begin their shifts, they don’t fumble with passwords or handwritten sign-out sheets. Instead, they tap a badge, check out a mobile device, and log in within seconds. The streamlined process, enabled by identity-driven access management, is exactly the kind of workflow hospitals are chasing as shared mobile devices move from an experiment to a mainstay of modern care delivery.

A new industry survey suggests they have little choice. According to the 2025 Imprivata State of Shared Mobile Devices in Healthcare Report, 92% of healthcare leaders now consider mobile devices essential clinical tools, and nearly all respondents (99%) expect shared-use models to expand in the next two years. Organizations reported saving an average of $1.1 million annually by issuing enterprise-owned shared devices instead of dedicated or bring-your-own models.

But the study, which surveyed 400 IT and clinical leaders in the U.S., Canada, the U.K., and Australia, also shows the promise comes with headaches: lost devices, delayed logins, and security blind spots that leave sensitive patient data exposed.

“Shared mobile devices aren’t just about saving money — they’re about saving time and reducing burnout,” said Dr. Sean Kelly, Chief Medical Officer and SVP of Customer Strategy at Imprivata. “They give clinicians back minutes that would otherwise be lost to logins and workarounds, and those minutes add up to both healthier staff and better patient care.”

From BYOD to Shared-Use

The pivot toward shared enterprise devices is part of a broader shift away from bring-your-own-device policies, which have long posed compliance risks. Hospitals today are opting for institutionally owned fleets that can be standardized, secured, and monitored across shifts and departments.

The report found that 84% of leaders believe mobile tools decrease time to care, while 86% said they help shorten patient stays. Nearly all respondents agreed that mobile devices improve clinician satisfaction and reduce burnout, echoing findings from studies linking device-enabled communication to fewer errors and faster clinical decision-making.

For IT departments, shared devices promise more than frontline efficiency. Leaders cited improved asset management (66%), stronger compliance alignment (65%), and enhanced data security (60%) as top benefits. Still, those gains often depend on whether organizations have a clear device management policy in place.

Workflow Friction

Despite the upside, access remains a stubborn pain point. Eighty-seven percent of respondents reported problems logging into or using shared devices. More than a quarter of organizations still rely primarily on usernames and passwords — a method long flagged as both inefficient and insecure by cybersecurity experts.

The ripple effects are costly. Assigning a shared device to a clinician can take an average of 13 minutes, delaying care before a shift even starts. Common bottlenecks include low batteries, manual allocation processes, and limited availability during peak hours.

“In acute care scenarios, there’s no time for cognitive friction,” Kelly noted. “Passwordless, tap-and-go access removes that burden so clinicians can act instantly and stay locked on the patient, not the device.”

These inefficiencies have a knock-on effect: 81% of respondents said clinicians sometimes fall back on personal devices to bridge communication gaps — a workaround that undermines security and raises HIPAA compliance concerns.

Device Loss and Security Blind Spots

Perhaps the most alarming finding is the rate of device attrition. Nearly one in four shared-use devices go missing each year, a figure that translates into lost equipment, staff downtime, and potentially exposed patient data. Locating a missing device can take anywhere from several hours to an entire shift.

High loss rates are partly due to outdated tracking systems. A third of hospitals still rely on manual sign-out sheets or Excel spreadsheets to log device locations, the report found. The lack of real-time monitoring leaves IT departments in the dark about who last used a device, what applications were accessed, or whether sensitive information remains exposed.

“Some facilities report losing 11–30% of their devices each year, which is unsustainable,” Kelly said. “With modern access management and real-time tracking, you can drive that down to single digits and reclaim hundreds of thousands of dollars in value.”

The security implications are severe. Seventy-nine percent of respondents admitted that employees share credentials when using shared devices, and 74% said devices are often left logged in after use. With nearly half of leaders not fully confident that patient data is secure, the gaps pose a compliance liability as regulators push for stricter data protections.

“The most effective step is identity-driven, tap-and-go authentication tied to a clinician’s role,” Kelly emphasized. “That way accountability is automatic, access is streamlined, and staff only see what they need — without slowing care.”

Policy Gaps Undercut ROI

One of the most striking divides uncovered by the survey is between hospitals with mature mobile policies and those without. Organizations that had fully implemented shared-device strategies reported 63% greater ROI, saving $1.4 million annually compared to $860,000 at facilities with ad-hoc approaches.

Yet 44% of respondents said their facility lacks a comprehensive policy for shared mobile management. Without consistent assignment and authentication practices, hospitals face rising help-desk costs — estimated at $70 per ticket — and heightened risk of exposing protected health information.

“The biggest mistakes are relying on manual check-outs and skipping role-based access controls,” Kelly said. “Without those guardrails, devices get lost, credentials get shared, and security gaps open up. A clear policy is what turns mobile from a burden into a true advantage.”

Looking ahead, Kelly sees momentum building beyond tap-and-go. “The next frontier is context-aware, passwordless access paired with true interoperability,” he said. “The goal is a device that knows who you are, where you are, and what you need, while seamlessly connecting legacy and modern systems, so clinicians never have to think about the technology at all.”