Agentic AI Wiki
Playbooks / Domain Playbooks / Healthcare agents

Healthcare agents

Y8
Playbook · Domain Playbooks

Healthcare agents.

Charting, prior auth, intake triage — the few healthcare jobs where agents shave real labor, and the privacy + clinical-safety guardrails you cannot ship without. The narrow productive surface area in healthcare is real; the surrounding regulatory and clinical-safety surface is larger than in any other consumer-adjacent domain. The right question is not "can the agent do clinical work," it is "which administrative work can the agent take off a clinician's plate without crossing into clinical decision-making."

STEP 1

Where healthcare agents work today.

Three jobs are where most of the real labor-shave is happening:

  • Ambient charting — scribe-style transcription of a clinical encounter plus a draft SOAP note. The clinician edits and signs; the agent's output is never the medical record on its own.
  • Prior authorization — drafting the payer-facing letter, navigating the payer portal, assembling supporting documentation from the chart. Drudgery the agent reliably reduces; the clinician still owns the medical necessity claim.
  • Intake triage — symptom-collection chat that summarizes a patient's complaint for the clinician and routes urgent cases to a human. The agent does not advise the patient; it prepares the clinician to.

The pattern again is administrative compression with a clinician on the consequential step. None of these has the agent independently making a clinical determination, and none of them should.

STEP 2

Where healthcare agents do not belong.

Three places to refuse, no matter what the demo shows:

  • Diagnosis without a licensed clinician. An agent that names a condition to a patient is doing clinical work; treat that surface as off-limits in any patient-facing product.
  • Treatment recommendations — including OTC, including "you might consider…" — without a clinician sign-off path. Most jurisdictions treat that as practice of medicine.
  • Anything that would fall under software-as-a-medical-device frameworks (e.g., the FDA's SaMD definition in the US, equivalents elsewhere) without going through the corresponding clearance process. If your output is intended for diagnosis, treatment, or prevention of disease, you are not building a productivity agent — you are building a regulated medical device.

Never let an agent diagnose or recommend treatment without a licensed clinician in the loop. The temptation is strong because the model can sound competent; the consequence is that you ship a regulated medical device under the heading of a chat product and discover the difference after a patient is harmed.

STEP 3

The non-negotiable rails: privacy, clinical-safety framing, handoff.

Three constraints carry across every healthcare use case:

  • Privacy. In the US, HIPAA-aligned data handling for protected health information; in the EU, GDPR with special-category-data treatment for health. Practically: minimum necessary access, no model-provider data retention, audit of every read, and zero unnecessary PHI in prompts. If a vendor cannot sign the appropriate data-processing agreement and demonstrate where PHI lives at rest and in transit, the integration is not ready.
  • Clinical-safety framing. Every patient-visible output reads as informational, not directive. No "you should," no "this is" — instead "your clinician can confirm whether…" and explicit pointers to seek care. The framing is structural, not a polite afterthought, and it is what keeps the same words from being treatment advice.
  • An explicit handoff path. The agent always knows how to escalate to a human clinician, and the escalation is one click away, not buried. Urgent-symptom detection routes to a human in real time; everything else still has a documented path off the agent.
STEP 4

Audit and reproducibility.

Healthcare audit is harder than finance audit, because the "right answer" is often clinical judgement rather than a number. The discipline:

  • Every patient interaction logged with timestamps, the model version, the retrieved context, the clinician identity (if a clinician was involved), and any tool calls.
  • Outputs surfaced to the clinical record carry provenance: "drafted by agent v3.4 on 2026-05-22, reviewed and signed by Dr. X." The signed copy is the record; the draft is supporting material.
  • Retention policies match the underlying medical-record policy, not the agent's default — which usually means longer retention of audit, but tighter purge of incidental PHI in prompts.

Tie this to the broader pattern at data governance and the human-checkpoint pattern at human-in-the-loop.

STEP 5

The minimum bar to ship.

Before a healthcare agent reaches a patient or clinician surface, you owe answers to:

  • Is every output that ends up in the medical record reviewed and signed by a licensed clinician, with the signature stored separately from the agent's draft?
  • Does the patient-facing surface (if any) read as informational and route urgent cases to a human in real time?
  • Is PHI access minimum-necessary, logged, and retained per the medical-record policy — not per the agent's default?
  • Do you have a defensible answer to "is this a medical device" — and if it might be, are you on the clearance path before launch, not after?
  • Is there a kill switch scoped per clinician, per organization, and globally — drilled at least quarterly, not just specified?

Healthcare punishes shortcuts more reliably than any other domain in this section. Build the rails first; the productive surface is real but narrow, and it is only valuable inside the rails.