Human-agent trust for healthcare

The health system runs scribes, prior-auth bots, claims agents, and chart-summarizers across the same patient record. Each touches PHI. None of them, by default, can name the human clinician who authorized the touch. HIPAA, GDPR, and DPDPA all assume that human exists. Manav makes the assumption true.

Why healthcare is the hardest vertical

Three regulators. Three definitions of consent. One patient who does not care about either. The clinician is the legal accountable party for every action taken on a chart, whether by a human or by an agent acting on the clinician's behalf. When the agent is unsigned, the clinician inherits the action's risk without the action's authority — the worst position in regulatory law.

The four agent classes in clinical workflows

Documentation agents (Abridge, Suki, AWS HealthScribe) listen to encounters and draft notes. Prior-auth agents assemble payor packets. Triage agents screen inbound symptoms and route. Claims agents resolve denials. Each runs across multiple EHRs, payor portals, and pharmacy systems. Each is currently authenticated by a service account in the clinician's name.

What Manav adds

The clinician signs once, on their device, with a delegation: scope chart:write, magnitude cap 50 documents/day, ttl shift-length. Every agent action against the EHR carries that delegation. The audit log shows: clinician X authorized agent Y to draft note Z, in scope, in time, in magnitude. HIPAA's "minimum necessary" is enforced by the scope. The Article 14 critical-system rule is satisfied by the human-in-the-loop attestation pattern.

The "two natural persons" rule for critical systems

Several jurisdictions, plus the EU AI Act for high-risk medical devices, require two-person verification for irreversible clinical actions — discharge orders, medication changes, life-sustaining device adjustments. The Manav pattern is a multi-signature delegation: the agent presents the action to two clinicians' devices simultaneously, both must sign before the relying-party EHR accepts the change. Both signatures land in the audit log.

De-identification, but verifiable

BAA-bound vendors can verify "this action was authorized by a clinician at this facility" without learning which clinician — using the same selective-disclosure proofs Manav exposes for HR and credit. Useful when a model vendor needs telemetry but is contractually forbidden from seeing identifiable provider data.

What providers ship with Manav

Three things their auditors stop asking about. A signed audit trail per encounter, accepted by Joint Commission and CMS. A revocation channel that pulls every active agent in under 200 ms when a clinician's badge is deactivated. A consent chain for every patient interaction, exportable to the patient on request — the same primitive DPDPA in India and the EU's eIDAS-2 wallet both demand.

Where this matters fastest

Hospitals running pilots with three or more documentation agents, payor-side automation handling more than 50,000 monthly prior-auth packets, telehealth networks with cross-state licensure complications. Each has the same blocker: the audit story. Each unblocks the same way.

Common objections

The two pushbacks we hear from this vertical: integration risk — addressed by phased rollout starting with the audit trail (lowest risk, highest evidence-to-effort ratio), and internal politics — addressed by anchoring the project to a regulator deadline or a security-questionnaire deal-blocker, where the political question answers itself.

Frequently asked questions

What is the first integration to ship? The signed audit trail. It costs least, satisfies the most regulators, and produces the evidence everything else builds on. Every vertical we have integrated started here.

How does this affect end-customer experience? Invisibly, by design. The customer sees the same UI; the difference is in the audit log behind it. The latency added is single-digit milliseconds. The trust gain is structural.

What's the buying motion — security, compliance, or the line? Compliance writes the check; security signs off; the line of business sets the timeline. The strongest deals start with a regulator deadline; the next-strongest start with a deal-blocking security questionnaire.

Where to start

The first integration we recommend in this vertical: hipaa ai agents, then ai act article 14 playbook. Both are deployable inside a quarter; both produce regulator-grade evidence; both unblock procurement conversations the rest of the stack depends on.

What the JCAHO surveyor wants to see

In hospital surveys, the JCAHO surveyor asks a small number of pointed questions about AI-assisted clinical decisions, and the questions are converging on the same artifact. Who authorized the AI augmentation. What scope did the augmentation operate under. Where is the evidence that a clinician reviewed and approved the augmented output before it became part of the patient record. Hospitals that answer with policy documents are receiving follow-up findings. Hospitals that answer with substrate-grade evidence are receiving clean surveys. The pattern is not yet codified in JCAHO's formal standards, but the survey behavior is consistent enough that we are advising healthcare clients to deploy the substrate against the surveyor expectation rather than the formal standard. The formal standard will catch up; the survey behavior is leading. Hospitals that align with the leading edge are better positioned for the next standards revision than hospitals that align only with the formal text. The substrate produces evidence either way.

If your scribe doesn't carry the clinician's signature, the clinician carries the scribe's mistakes.