How are AI agents being used in healthcare?

Current deployments include prior authorization automation, clinical documentation assistance, medical coding and billing, appointment scheduling, insurance claim processing, and research literature synthesis. Agents that take actions in patient care workflows are less common and more regulated than those operating in administrative and back-office functions.

Are AI agents in healthcare subject to HIPAA?

Yes. Any AI agent that processes, stores, or transmits protected health information (PHI) is subject to HIPAA. This includes audit trail requirements, access controls, and business associate agreements with any vendors in the data pipeline. Agent infrastructure providers that handle PHI must be HIPAA-compliant.

What's the difference between clinical AI agents and administrative AI agents in healthcare?

Clinical agents interact with patient care decisions (diagnosis assistance, treatment planning, medication management). Administrative agents handle back-office operations (billing, scheduling, prior auth, documentation). The regulatory bar for clinical agents is significantly higher — FDA oversight applies to many clinical AI applications.

What infrastructure do AI agents need to operate in healthcare?

Beyond standard agent infrastructure: HIPAA-compliant data handling, audit trails that satisfy healthcare compliance requirements, access controls aligned with role-based permissions (physicians see different data than billing staff), and vendors with signed BAAs. Spending controls are also important — healthcare AI workflows can be expensive at scale.

What's the biggest near-term opportunity for AI agents in healthcare?

Prior authorization. Roughly 90 million prior authorization requests are submitted annually in the US, and the process is a major source of physician burnout and care delays. The data is structured, the workflow is well-defined, and the current process is heavily manual — a high-value target for agent automation.

AI Agents in Healthcare: Use Cases, Limits, and Infrastructure

Healthcare is one of the highest-stakes environments for AI deployment. It’s also one of the most document-intensive, workflow-bound, and administratively burdened industries in existence. That combination creates both genuine opportunity and genuine constraint for AI agents.

This is where agents are actually working in healthcare — and where the limits are.

Where AI Agents Are Deployed Today

Prior Authorization

Prior authorization — the process by which payers approve procedures before they’re performed — is one of the most despised workflows in healthcare. It’s estimated that physicians spend 13 hours per week on prior auth requests, and that over 90 million are submitted annually in the US.

AI agents are being deployed here because the workflow is structured: request comes in, agent checks formulary data and clinical criteria, agent populates forms and submits them, agent follows up on pending requests. The inputs and outputs are well-defined.

Some health systems report significant reduction in time-to-approval when agents handle the submission and follow-up steps autonomously.

Clinical Documentation

Documentation burden is a leading cause of physician burnout. AI agents (often leveraging ambient listening + LLMs) draft clinical notes, SOAP notes, and encounter summaries from audio recordings of patient visits.

The physician reviews and approves before the note enters the EHR. The agent isn’t making clinical decisions — it’s drafting documentation that a human signs off on. This “human in the loop for approval” pattern is standard for healthcare AI agents in clinical workflows.

Medical Coding and Billing

Medical coders translate clinical documentation into billing codes (CPT, ICD-10). This is rule-based enough that agents can draft code sets, and experienced enough that errors are expensive (claim denials, compliance exposure).

Agents augmenting human coders — drafting code sets for review rather than submitting them autonomously — are live at several large health systems.

Insurance Claim Processing

Claim processing, denial management, and remittance reconciliation are high-volume administrative workflows where agents add clear value. The data is structured, the rules are defined, and the current process is heavily manual.

Research and Literature Synthesis

Agents that query PubMed, synthesize recent literature on a clinical question, and produce structured summaries for clinician review are deployed at academic medical centers. This is lower-stakes than clinical decision support — the output is information for a physician to consider, not a recommendation acted on autonomously.

Where AI Agents Are Not (Yet) Deployed at Scale

Diagnosis and treatment planning — clinical AI tools exist, but fully autonomous diagnostic agents without physician review are rare and heavily regulated. The FDA regulates AI as a medical device in many clinical contexts, and the liability exposure for unsupervised clinical recommendations is significant.

Medication management — ordering, dispensing, or modifying medications via autonomous agent action is uncommon outside narrow, carefully constrained pilots.

Surgical or procedural assistance — robotic surgery with AI assistance exists, but autonomous procedural agents in the surgical context are not deployed commercially.

The Infrastructure Requirements

Healthcare AI agents have requirements beyond standard agent infrastructure:

HIPAA compliance — any agent processing PHI needs HIPAA-compliant infrastructure. This means Business Associate Agreements (BAAs) with all vendors in the data pipeline, technical safeguards (encryption at rest and in transit, access controls, audit logs), and retention policies for audit data.

Audit trails that satisfy compliance — not just “what did the agent call” but “who authorized this agent to access this patient’s data, when, and what did it do with it.” Healthcare compliance audit trails are more detailed than standard operational logs.

Role-based access control — a billing agent and a clinical agent should have access to different data. Credential isolation at the agent level maps to role-based data access in healthcare RBAC systems.

Spending controls — healthcare AI workflows at scale can be expensive. Agents doing prior auth for a large health system might process thousands of requests per day. Per-agent spending limits prevent a runaway agent from generating unexpected costs at scale.

Human-in-the-loop architecture — for clinical workflows specifically, the standard pattern is agents drafting or recommending, humans approving before action is taken. The infrastructure needs to support this: a holding state before execution, a notification to a human reviewer, and a confirmation mechanism.

What This Means for Developers

If you’re building AI agents for healthcare, the compliance overhead is real. The BAA conversation with your infrastructure vendors needs to happen before you handle any PHI, not after. The audit trail requirements are stricter than general-purpose applications.

The administrative use cases (prior auth, billing, scheduling) are where agents can ship fastest with lowest regulatory friction. Clinical use cases require careful alignment with clinical informatics teams, legal, and compliance before deployment.

The opportunity is significant — healthcare is administratively burdened in ways that agent automation is well-suited to fix. The path there requires taking the compliance requirements seriously from the start.

For the infrastructure patterns that apply in any high-accountability environment: agent credential blast radius and how to ramp agent autonomy.