HIT Consultant – Read More

What You Should Know

– A new report from Imprivata reveals that 85% of healthcare IT leaders now view passwordless authentication as “very important” or “mission-critical”. 

– Despite this, only 7% of organizations have fully adopted passwordless workflows, leaving clinicians stuck in a cycle of “password pain” that causes delays in patient care for 41% of institutions and drives risky workarounds in 46%.

A 7% Adoption Reality

The most striking finding is the chasm between intent and implementation. While nearly everyone agrees passwords must go, the industry is currently mired in a “hybrid, fragmented” environment.

• Persistence of Legacy: 60% of organizations still rely extensively on passwords for primary authentication.
• Vendor Sprawl: 54% of HDOs use at least three different authentication vendors, complicating audit trails and user experience.
• Emerging Modernizers: Many are layering biometrics on top of passwords (e.g., 53% using fingerprints), but few have achieved the “holy grail” of complete password elimination.

Static multifactor authentication (MFA) is becoming a legacy tool itself. The report highlights that 81% of leaders now value “continuous session monitoring” over point-in-time logins. If your security strategy assumes a doctor is safe just because they swiped a badge once four hours ago, you are deploying vaporware defense. In 2026, identity must be adaptive and context-aware, assessing risk throughout the entire session.

Barriers to the Passwordless Future

Why is adoption stuck at 7%? IT leaders cite a trifecta of obstacles:

1. Technical Challenges (57%): Integrating modern identity tools with legacy EHRs and medical devices.
2. Clinical Acceptance (52%): Concerns about training and how new workflows will impact the speed of care.
3. Regulatory Fears (51%): Navigating the complexities of EPCS (Electronic Prescribing of Controlled Substances) and HIPAA within a passwordless framework.

“Healthcare organizations recognize that password-heavy environments are no longer sustainable,” said Chip Hughes, Chief Product Officer at Imprivata. “Clinicians need fast, intuitive workflows, and security teams need stronger protection against increasingly sophisticated cyberattacks. This survey shows that moving beyond passwords is now both a strategic necessity and a foundational step toward a more cyber-resilient and operationally efficient healthcare system.”

Methodology

The survey involved 206 respondents from healthcare delivery organizations across the United States. Respondents included CIOs, CISOs, IT directors, security architects, clinical informatics leaders, and other senior stakeholders. Respondents represented organizations that include small, mid-sized, and large hospital systems, IDNs, and academic medical centers.