Welcome to the HealthTech Top Voice Interview Series, where we spotlight leaders redefining healthcare delivery through secure, intelligent, and clinician-first technology.
For this edition, Sudipto Ghosh, Head of Global Marketing at Intent Amplify, interviewed Dr. Sean Kelly, Chief Medical Officer and Senior Vice President of Customer Strategy for Healthcare at Imprivata.
Dr. Kelly brings a rare dual perspective as both a practicing emergency physician at Beth Israel Lahey Health in Boston and a healthcare technology leader guiding enterprise identity strategy. At Imprivata, he leads the Clinical Workflow team and advises on the clinical practice of healthcare IT security—helping health systems balance stringent security requirements with the realities of frontline care delivery. His work focuses on eliminating friction from clinician workflows, reducing burnout, and enabling secure, seamless access to critical systems in high-pressure clinical environments.
In this conversation, Dr. Kelly shares deep insights into the evolution of passwordless authentication, identity-centric security, and continuous access models—exploring how healthcare organizations can protect against AI-driven threats while improving clinician experience, care continuity, and operational resilience.
Dr. Kelly, thank you for joining us on the HealthTech Top Voice program.
Hi Dr. Sean, Welcome to the HealthTech Top Voice program. Tell us about your role at Imprivata and how you started at the company.
Dr. Sean : I’m the Chief Medical Officer and Sr. VP of Customer Strategy for Healthcare at Imprivata as well as a practicing emergency physician at Beth Israel Lahey Health in Boston. Leveraging real-world experience, I lead Imprivata’s team of clinical workflow specialists, advise on the clinical practice of healthcare IT security, and help guide go-to-market strategy, sales, customer experience, and product vision.
Through my time on the front lines, I’ve realized there is an opportunity to improve how information technology is used by doctors, nurses, and other clinical staff. Solutions that aren’t built with usability in mind can often disrupt clinician workflows, rather than enhancing them. I became passionate about closing this gap between IT and healthcare teams to deliver the best patient care possible. Imprivata is on the same mission, which led me to join the team.
Healthcare faces unique operational constraints like offline access, shared devices, and rapid user switching. How should authentication technologies evolve to remain secure while respecting these realities?
Dr. Sean : Clinicians operate in high-pressure environments where every second counts and efficient workflows are key. They can’t afford to slow down to troubleshoot logins on shared devices while moving in between patients, departments, or systems throughout their shift.
Authentication technologies must evolve into invisible care enablers. As organizations move toward context-aware workflows, passwordless access, and true interoperability, the goal should be to provide every clinician with tools that know who you are, where you are, and what you need. By tying access to each user’s digital identity through passwordless authentication, clinicians can seamlessly transition between systems and patients without delays, while compliance and security happen in the background.
Clinician burnout and security friction are closely linked. How can authentication technology be designed to reduce cognitive load for users while still raising the bar for security?
Dr. Sean : Physicians often spend far too much time wrestling with technology, which gets in the way of providing patient care. This friction can be exhausting and often leads to workarounds that invite significant risk. Leaders must rethink how authentication fits into clinical workflows and prioritize usability.
Passwordless authentication solutions like biometrics and passkeys, for example, address this long-standing friction created by traditional passwords, while also improving security and efficiency. According to our recent data, 85% of healthcare leaders consider passwordless authentication very important or mission-critical to healthcare’s future, with nearly half calling out benefits of faster logins (49%) and improved user experience (47%).
AI-powered social engineering and phishing attacks are increasingly difficult to detect at the point of login. How does this shift reinforce the need for continuous, session-level identity verification rather than one-time authentication?
Dr. Sean : Today’s threat landscape is driven in large part by credential theft, social engineering, and a new breed of AI-generated cyberattacks. With 34% of organizations citing phishing and credential theft as their biggest authentication challenge, it’s clear that one-time, login-based controls are no longer sufficient. As attacks become harder to detect at sign-on, continuous session monitoring and adaptive controls are needed to verify identity throughout the session, not just initial entry.
Your latest report, “The state of passwordless authentication in healthcare: Ending password pain,” highlights a gap between intent and execution, with most healthcare organizations still relying heavily on passwords. From a technology maturity standpoint, what systemic factors are slowing the transition to passwordless authentication in healthcare?
Dr. Sean : Our survey found that only 7% of healthcare organizations have fully adopted passwordless authentication, even as many begin layering in biometrics like fingerprints (53%) and facial recognition (45%) alongside passwords. Hospital leaders cite technical complexity (57%), clinician acceptance (52%), and regulatory compliance concerns (51%) as their biggest barriers to passwordless adoption. Healthcare environments are uniquely complex — shared workstations, fast-paced clinical workflows, and strict compliance requirements—making authentication changes harder to roll out than in other industries. That’s why progress often looks faster on paper than it feels in practice.
As identity becomes the new security perimeter in healthcare, how should health systems rethink authentication architectures to better support modern, distributed clinical workflows?
Dr. Sean : Point-in-time, password-reliant verification is no longer sustainable in healthcare. Health systems should shift from “login as the perimeter” to an identity-centric architecture that supports continuous, risk-based protection across devices, locations, and applications to better support modern, distributed clinical workflows.
Passwords remain deeply embedded in legacy applications and shared workstation environments. What architectural patterns or integration strategies can help healthcare organizations reduce password dependency without disrupting care delivery?
Dr. Sean : Amid the transition to passwordless, many healthcare organizations are living in hybrid, fragmented environments, where passwords remain embedded in legacy apps and workflows, and modern authenticators, like biometric fingerprints and facial scans, are added around the edges. This is a step in the right direction, but to fully modernize while maintaining care delivery, healthcare organizations must also progressively minimize password use as integrations mature.
The findings show strong interest in biometrics and adaptive authentication. From a technology perspective, what makes these approaches more resilient against today’s credential-based and AI-assisted attacks?
Dr. Sean : It’s a lot easier to steal a string of letters and numbers than it is to steal someone’s face or fingerprint, especially with liveness detection and other anti-spoofing technology built in. Biometrics and other modern authentication solutions reduce reliance on shared, easily stolen logins, which is especially important as AI-powered social engineering attacks surge. Adaptive authentication adds another layer of defense, enabling continuous monitoring that detects suspicious behavior beyond the initial login.
In 2025, we witnessed growing investment in risk-based and behavior-driven access controls. What role does real-time context play in strengthening identity security beyond traditional MFA models?
Dr. Sean : Real-time context has become essential to strengthening identity security beyond traditional MFA models. By continuously assessing risk signals like user behavior, device posture, location, and access patterns, security teams can detect and respond to identity-based threats before they escalate into breaches of sensitive healthcare data. In our recent survey, healthcare leaders identified continuous session monitoring (81%) and risk-based authentication (74%) as the two most valuable components of their organization’s security strategy, underscoring this shift.
As healthcare organizations move toward passwordless models, how should they measure success beyond security metrics, particularly in terms of workflow efficiency and care continuity?
Dr. Sean : To measure the success of passwordless models beyond security, healthcare organizations should focus on improvements in workflow efficiency and clinician behavior. This includes tracking how quickly clinicians can log into devices, whether reliance on IT support and help desk tickets decreases, and how clinicians perceive usability and friction in their day-to-day workflows.
Regulatory and compliance concerns are often cited as barriers to modern authentication. How can identity-centric security models actually strengthen auditability and compliance outcomes rather than complicate them?
Dr. Sean : Our data shows that compliance is a major authentication challenge for 48% of organizations, and a barrier to passwordless adoption for 51%. Fragmented, password-heavy workflows complicate evidence gathering and policy enforcement across disparate authentication systems for compliance and audit stakeholders. In contrast, identity-centric models can improve auditability through continuous monitoring and risk-based controls that generate clearer signals of who did what, when, and under what risk conditions.
Looking ahead, how do you see passwordless and identity-centric access controls shaping the future of healthcare cybersecurity as AI-driven threats continue to evolve?
Dr. Sean : Password-heavy workflows not only increase risk in today’s AI-driven threat landscape, but also fuel frustration and burnout. Modern healthcare cybersecurity requires a shift to identity-centric access models that enhance defenses while simplifying the clinician experience. By adopting passwordless solutions like biometrics and passkeys, healthcare leaders can reduce risk and friction and lay a stronger foundation for what comes next.
Thank you so much, Dr. Sean, for answering all our questions! We look forward to having you again at the HealthTech Top Voice program.
About Dr. Sean Kelly
Dr. Sean Kelly is the Chief Medical Officer (CMO) and Sr. VP of Customer Strategy for Healthcare at Imprivata, where he leads the company’s Clinical Workflow team and advises on the clinical practice of healthcare IT security. In addition, Dr. Kelly practices emergency medicine at Beth Israel Lahey Health and is an Assistant Professor of Emergency Medicine, part time, at Harvard Medical School. Trained at Harvard College, University of Massachusetts Medical School, and Vanderbilt University, Dr. Kelly is board certified in Emergency Medicine and is a Fellow in the American College of Emergency Physicians.
With a passion for bridging the gap between business and medicine, Dr. Kelly is focused on delivering the best patient care possible with technology that works for clinicians, not against them. He is a member of the College of Information Health Management Executives (CHIME) Board of Trustees and is the Chair of the CHIME Opioid Task Force Clinical Advisory Group, a team of health IT leaders committed to leveraging technology to curb the Opioid Crisis, prevent addiction and save lives. The group published the CIO/CMIO Playbook, a practical framework for implementing IT solutions to reduce morbidity and mortality from opioid addiction and overdoses.
Dr. Kelly was also the Co-founder of Lifeguard Medical Group in Martha’s Vineyard, a seasonal concierge practice run by emergency physicians. He had served as a visiting professor at the University of Florence in Italy, First Aid physician at Fenway Park, and enjoys doing humanitarian and disaster relief work worldwide.
About Imprivata
Imprivata delivers simple and secure access management solutions for healthcare and other mission-critical industries to ensure every second of crucial work is both frictionless and secure. Imprivata’s platform of innovative, interoperable access management and privileged access security solutions enable organizations to fully manage and secure all enterprise and third-party identities to facilitate seamless user access, protect against internal and external security threats, and reduce total cost of ownership. For more information, visit www.imprivata.com.
