HIT Consultant – Read More

What You Should Know

• The Launch: At HIMSS26, Imprivata, a global leader in healthcare access management, announced the launch of Agentic Identity Management, a new platform capability designed specifically to secure and govern AI agents across healthcare environments.
• The Core Problem: As health systems deploy agentic AI to autonomously handle clinical documentation, prior authorizations, and triage, they introduce massive new attack vectors. Unmanaged AI agents are vulnerable to prompt injection attacks, which could lead to corrupted clinical data, runaway automation, or the mass exposure of Protected Health Information (PHI).
• The Solution: Imprivata is extending its proven human identity framework to software. The platform treats AI agents as managed identities, provisioning them with strict roles, authenticating them via short-lived tokens (rather than exposed credentials), and enforcing least-privilege access.
• Legacy Integration: Crucially, Imprivata brokers this secure connection across both modern APIs and legacy, on-premise healthcare systems—a massive hurdle that most generic AI security startups cannot easily clear.
• Real-Time Kill Switch: The platform provides continuous monitoring and auditing of agent activity, allowing security teams to instantly revoke or limit an AI agent’s access in real time if it behaves unexpectedly.

Preventing the “Rogue” AI Agent

In a hospital environment, the stakes for compromised AI are uniquely severe. Recent cybersecurity research has highlighted the danger of “prompt injection attacks,” where malicious actors manipulate an AI’s inputs to force it into unauthorized actions.

If an AI agent with broad, unmonitored access to an EHR goes rogue—whether through malicious hacking or simple algorithmic drift—the consequences are catastrophic. It could corrupt medication lists, trigger runaway automation that crashes a scheduling system, or autonomously exfiltrate millions of records of Protected Health Information (PHI).

Imprivata mitigates this by eliminating standing privileges. Through Agentic Identity Management, AI agents do not store or handle static credentials. Instead, Imprivata brokers secure connections using short-lived tokens. The system continuously verifies the agent’s identity, enforces “least-privilege” access (meaning the AI can only access the exact data needed for its specific task), and maintains a real-time audit log of every action taken.

“Healthcare is entering the era of agentic AI, where software can take on tasks that help care providers manage growing workloads,” said Fran Rosch, CEO of Imprivata. “Our goal is to help healthcare organizations unlock the productivity benefits of AI without introducing new risk.”