Table of Contents

What CMS Actually Announced (And Why Everyone Glossed Over It)

The Identity Problem in Healthcare Is Way Bigger Than a Login Screen

CLEAR, ID.me, and Login.gov: Not Just Gatekeepers, But Infrastructure

The Kill the Clipboard Play: What This Signals for the Market

Creative Use Cases Nobody Is Building Yet (But Should Be)

What This Means for Investors and Founders

Abstract

Topic: CMS’s March 2026 announcement adding CLEAR, ID.me, and Login.gov to Medicare.gov is being read as a pedestrian security upgrade. It’s actually a signal that verified digital identity is becoming foundational infrastructure across the healthcare system, with massive downstream implications for startups, health system partnerships, and fraud prevention.

Key data points:

- Healthcare identity fraud costs over $5B annually; synthetic ID fraud up 311% from Q1 2024 to Q1 2025

- DOJ’s June 2025 healthcare fraud takedown charged 324 defendants tied to $14.6B in fraudulent claims

- ID.me: 157M total users, 80M verified to federal IAL2, 70+ healthcare orgs, $275M credit facility from Ares Management in Jan 2025

- CLEAR projected $2M in savings per 25,000 verified patients at Wellstar; digital check-in adoption jumped from 2% to 10%

- CLEAR1 integrates with Epic/MyChart out of the box; deployed at Wellstar, Tampa General, Hackensack Meridian, Ochsner, and others

- ID.me 2024: 409M authenticated logins, up 44% YoY; 20.4M new wallets added

- The real play isn’t better logins. It’s a reusable, portable, IAL2-compliant identity layer that can power prior auth, claims adjudication, prescription access, clinical trial enrollment, and cross-entity data sharing

- The smart money isn’t reading this as a cybersecurity announcement. It’s a platform moment. The winners will be the companies that figure out how to build workflows on top of verified identity as infrastructure rather than treating it as a security checkbox.

What CMS Actually Announced (And Why Everyone Glossed Over It)

On March 3, 2026, CMS dropped a fact sheet announcing that Medicare.gov would now support three external login options for beneficiaries: ID.me, CLEAR, and Login.gov. The announcement reads like a press release written by someone whose primary goal was to put healthcare journalists to sleep. The language is exactly what you’d expect from a federal agency trying to explain something mildly complicated to an audience it assumes has very low technical tolerance. Phrases like “enhanced security,” “protect your Medicare information,” and “strict federal security standards” are doing a lot of heavy lifting. There’s no mention of NIST 800-63-3 IAL2 compliance, no acknowledgment of what a reusable verified credential actually enables downstream, and zero framing of why this matters beyond the obvious “fraud bad, security good” narrative.

So it’s no surprise that most people in health tech saw this, nodded, and moved on. When the average digital health startup founder is heads down on product-market fit and the average health system CIO is still trying to get their EHR to stop crashing on Monday mornings, a Medicare login upgrade is not the thing that lights up the group chats. It competes for attention against AI clinical documentation tools, the latest MA rate notice, and whatever CMS proposed rule dropped that week.

But pay attention, because this announcement is the visible tip of something much more interesting. It’s the formal codification of what has been building quietly over the past two years: a federated, government-backed identity verification layer is being installed across the largest healthcare payer in the country, and it’s being built on the same commercial rails that already exist in the private sector. That’s not a login upgrade. That’s infrastructure.

To understand why that matters, go back to December 2025. CLEAR announced its CMS contract first, framed explicitly under CMS Strategic Advisor Amy Gleason’s Kill the Clipboard initiative, which is one of three named modernization priorities CMS has set for Medicare. That framing is deliberate. Kill the Clipboard is not a metaphor for reducing paperwork. It is a specific, named initiative to make patient intake digital, portable, and interoperable. Gleason’s quote at the CMS-CLEAR co-hosted event in Washington was blunt: checking in at a doctor’s office should feel as simple as boarding a flight. That’s a CLEAR airport lane reference from the CMS strategic advisor. She knows exactly who she’s partnering with and why.

ID.me announced its own CMS contract two weeks later. ID.me had been operating under a broader HHS contract since 2022, but the explicit Medicare.gov expansion is new. Login.gov was already in the mix as the government-run alternative. So as of early 2026, all three major government-grade identity verification providers are officially plugged into Medicare, covering 67 million-plus beneficiaries who will increasingly authenticate through commercial identity wallets they can also use at the VA, SSA, and IRS.

Founders and investors who read this only as CMS worrying about fraud are missing the more interesting read, which is that CMS just created a standardized identity handshake that private-sector health companies can now build on top of. That’s the real story here.

The Identity Problem in Healthcare Is Way Bigger Than a Login Screen