Notifications
Clear all
Topic starter
06/06/2026 11:34 am
TL;DR: AI agents are being deployed across clinical and operational workflows, and Imprivata says the core requirement is to treat them as managed identities with least-privilege access, real-time monitoring, and short-lived tokens for regulated healthcare environments. The governance question is no longer whether AI can assist care, but whether existing IAM, PAM, and Zero Trust controls can preserve accountability when software takes on regulated work.
NHIMG editorial — what this means for AI and NHI governance
Questions worth separating out
Q: How should healthcare teams govern AI agents that access clinical systems?
A: Healthcare teams should govern AI agents as managed non-human identities with explicit roles, least-privilege permissions, and continuous auditability.
Q: Why do AI agents create different access risks than ordinary automation?
A: AI agents can select actions at runtime, which means their access path may change during execution.
Q: What breaks when AI agents are given broad access to healthcare workflows?
A: Broad access breaks accountability, because the agent can touch clinical, operational, or regulated data without a narrow task boundary.
Practitioner guidance
- Classify AI agents as governed identities Create an identity record for every production agent, assign an accountable owner, and bind the agent to a named role with an explicit permission set across clinical and operational systems.
- Enforce short-lived tokens for all agent sessions Use short-lived tokens for AI agents so credentials do not persist beyond the task window, and pair them with real-time revocation when an agent leaves its approved workflow.
- Build an authoritative agent registry Maintain a registry of authorized agents, continuously discover unmanaged agents, and require registration before any agent can access EHRs, scheduling, pharmacy, or lab systems.
What's in the full announcement
Imprivata's full post covers the operational detail this post intentionally leaves for the source:
- How the platform brokers secure access across modern and legacy healthcare systems without widening the agent's privilege scope.
- How short-lived tokens, agent discovery, and real-time revocation work together in regulated clinical workflows.
- What the vendor says about clinician-in-the-loop oversight for documentation, triage, and prescription-related use cases.
- Where the platform fits into existing healthcare access management and privileged access security environments.
👉 Read Imprivata's announcement on agentic identity management for healthcare AI agents →
AI agent governance in healthcare: what changes for IAM teams?
Explore further
06/06/2026 12:27 pm
AI agents in healthcare are non-human identities first and automation second. The governance problem is not whether the workflow is useful, but whether the agent can be authenticated, scoped, and audited like any other identity that touches regulated systems. In healthcare, that distinction matters because patient safety and PHI exposure turn identity mistakes into operational risk. Practitioner conclusion: treat agent identities as part of the enterprise identity fabric, not as an add-on to workflow automation.
A few things that frame the scale:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- Only 44% have implemented policies to govern AI agents, even though 92% agree that governing them is critical to enterprise security.
A question worth separating out:
Q: Who should be accountable when an AI agent makes a harmful clinical action?
A: Accountability should rest with the organisation that granted the agent access and the named business or clinical owner responsible for its operation. The agent is not an accountable party. Governance must therefore define ownership, approval boundaries, and escalation paths before the agent reaches regulated systems.
👉 Read our full editorial: Agentic identity management for healthcare AI agents and governance
