Agentic AI in Healthcare needs an identity strategy

Healthcare is entering a new phase of AI adoption.

For the last several years, much of the conversation has focused on tools that summarize notes, surface alerts, draft messages, or help reduce administrative burden. Those use cases matter. They can save time. They can give clinicians a little more room to focus on the patient in front of them.

But we are now moving into something different.

From AI Tools to AI Actors

AI systems are becoming agents. They can reason through a task, interact with other systems, take action, and complete multi-step workflows. In healthcare, that is an important shift. It is also a shift that changes the risk model.

An AI agent in a hospital is not just another piece of software. If it can access the EHR, schedule a patient, query records, trigger a workflow, assist with an order, or interact with administrative systems, then it starts to look less like an application and more like a digital member of the workforce.

And we should manage it that way.

That is why the new HSCC Third-Party AI Risk and Supply Chain Transparency Guide is so timely. In its guidance on agentic AI, HSCC recommends that healthcare organizations conduct additional threat modeling for autonomous and semi-autonomous agents. It also recommends treating those agents as a new category of insider, with specific attention to identity management, credential management, behavioral baselines, rogue detection, and constrained EHR access.

That framing is exactly right. In healthcare, identity is not an administrative detail. It is a patient safety issue. It is a privacy issue. It is a trust issue.

We would never allow a clinician, contractor, vendor, or privileged administrator to move through clinical systems without knowing who they are, what role they have, what they are allowed to do, and whether their activity makes sense. AI agents should not be the exception.

In fact, they may require even more discipline.

Why Agentic AI Changes the Risk Model

AI agents can operate continuously. They can move at machine speed. They may touch multiple systems in a single workflow. And when they are not governed well, the consequences can scale quickly. That could mean inappropriate access to protected health information. It could mean workflow disruption. It could mean unsafe automation. It could mean changes to clinical or operational data that no one intended.

This is where the clinical stakes become very real. A scheduling agent with too much access may seem like a convenience until it changes the wrong appointment, moves a patient out of sequence, or disrupts a time-sensitive care pathway. An agent helping with orders may seem useful until it acts outside its approved scope. An agent reviewing records may seem low risk until it accesses information it has no reason to see.

These are not abstract cybersecurity scenarios. In healthcare, small workflow decisions can create real downstream consequences for patients and care teams.

HSCC makes an especially important point about EHR access: an AI agent with EHR access and excessive permissions is functionally equivalent to a compromised insider with clinical system privileges.

That should get every healthcare leader’s attention. The answer is not to slow down innovation or avoid AI. Healthcare needs innovation. Clinicians need relief from administrative burden. Patients need care that is more coordinated, accessible, and efficient. AI has enormous potential to help.

A Badge, a Boundary, and a Boss

But in healthcare, adoption has to be designed around the realities of clinical work. That means every AI agent needs three things: a badge, a boundary, and a boss.

A badge means every agent needs a unique, managed identity. Security and operational leaders should know which agents are approved, what they are intended to do, who owns them, and which systems they can access. An AI agent should not be hiding inside a shared account, a vendor credential, or a generic service identity that no one can explain six months later.

A boundary means agents should operate with least-privilege access. They should only be able to reach the systems, data, and actions required for their approved workflow. Sensitive actions should require confirmation, especially in clinical contexts where patient safety is involved. HSCC notes this clearly: in healthcare, AI should recommend rather than autonomously execute medication changes or order modifications.

That distinction matters. There is a big difference between helping a clinician see the right information at the right time and allowing an autonomous system to make changes that directly affect patient care.

A boss means humans remain accountable. AI can augment clinical and operational teams, but it cannot become an ungoverned actor inside the healthcare environment. Organizations need monitoring, audit trails, behavioral baselines, escalation paths, and the ability to limit or revoke access quickly when something looks wrong.

This is where healthcare identity strategy has to evolve.

Identity Is the Control Plane for Agentic AI

Traditional identity and access management was largely built around human users. But modern healthcare is no longer made up only of employees logging into applications. It includes clinicians, staff, contractors, vendors, devices, bots, service accounts, and now AI agents. All of them need appropriate access. All of them need governance. And all of them need to be visible in context.

That context is critical.

It is not enough to know that something accessed the EHR. Leaders need to know what accessed it, why it accessed it, whether that access was appropriate, and whether the behavior matched the approved workflow. An agent acting outside its expected pattern should be treated as a signal. An agent attempting to exceed its scope should trigger review. An agent behaving differently after an update should not be ignored.

Security cannot stop at the moment of login. In healthcare, risk often shows up in behavior.

That is why the HSCC guidance is important. It pushes organizations to think beyond traditional vulnerability management and ask a more operational question: Is this system behaving appropriately in a real healthcare environment?

For AI agents, that question has to be answered continuously. Organizations should start with a practical inventory. Where are AI agents being used today? Where are they being piloted? Which ones can access sensitive systems or data? Which ones can take action? Who owns them? What workflows are they approved to support? What happens when they behave unexpectedly?

From there, healthcare leaders should apply familiar but essential controls: unique identities, least privilege, strong authentication, constrained EHR access, monitoring, auditability, behavioral baselines, and a clear kill switch.

This is also where Imprivata’s role is important. Imprivata Agentic Identity Management was designed for this moment. It treats AI agents as managed identities, authenticates them, enforces least-privilege access, brokers secure connections, monitors activity, and gives organizations the ability to limit or revoke access when needed.

That matters because most healthcare environments were not built with agentic AI in mind. Hospitals still depend on EHRs, legacy applications, on-prem systems, and clinical infrastructure that may not have modern APIs or native AI integrations. Care teams cannot simply rip and replace the systems they rely on every day. They need a secure way to introduce new capabilities into existing workflows without creating new blind spots.

Identity is how we do that responsibly.

The same is true for ongoing monitoring. HSCC emphasizes behavioral baselines, rogue detection, and monitoring for deviations from expected activity. That is essential because AI risk is not only about whether a system can be attacked. It is also about whether a system acts within the boundaries we set for it.

An agent that accesses a record it should not access, attempts to perform an unapproved action, takes an unexpected path through a workflow, or begins behaving differently after a model or software update should be visible. Privacy-sensitive activity involving PHI should be reviewable. Audit trails should be clear. Ownership should be known.

Imprivata Access Intelligence and Patient Privacy Intelligence help support that kind of visibility by enabling organizations to understand access behavior, detect anomalies, investigate potential risk, and support audit readiness.

This is the work healthcare leaders need to do now. Not because AI is something to fear, but because AI is becoming part of the operational fabric of healthcare. And once technology becomes part of the workflow, it becomes part of the care environment.

The future of AI in healthcare depends on trust. Patients need to trust that their data is protected. Clinicians need to trust that AI supports their work rather than adding new complexity. Organizations need to trust that automation is accountable, auditable, and safe.

Agentic AI can help healthcare move faster.

But in healthcare, faster only matters if it is also safer.

That starts with identity.

Learn moreabout Imprivata Agentic Identity Management from our on-demand webinar.

Start a conversationabout your agentic AI strategy by contacting us.