Table of Contents

The Setup: Why Agent Identity Is a Different Problem Than User Identity

Healthcare Makes This Harder (Obviously)

What an Agentic Identity Platform Actually Looks Like

The Auth Stack: AuthN, AuthZ, and the New Middle Layer

The Market Opportunity and Go-To-Market Logic

Risks, Moats, and Why This Won’t Be Easy

What Founders Should Build Right Now

Abstract

This essay argues that agentic AI systems in healthcare require a purpose-built identity and access management layer that doesn’t exist yet, and that building it represents a generational infrastructure opportunity.

Key points:

- Most agentic AI today piggybacks on user-level credentials, which worked fine when agents were glorified macros but breaks badly as they become autonomous actors across multi-system healthcare environments

- Healthcare’s regulatory surface area (HIPAA, 42 CFR Part 2, state-level privacy laws, payer contract terms) makes generic enterprise identity solutions like Okta extensions non-starters without significant vertical customization

- An agent identity platform for healthcare needs to solve for: fine-grained scoping of PHI access, audit trails that satisfy both HIPAA and clinical workflow requirements, delegation hierarchies across human and agent principals, and the ability to revoke or sandbox without breaking workflows

- Market entry probably runs through EHR vendors, health system IT departments, or healthcare AI middleware companies, not direct to enterprises

- Rough TAM math: ~6,200 US hospitals, 200K+ physician group practices, dozens of health plans, hundreds of payer-adjacent tech vendors all needing this layer. Conservative ARPU of $50-200K/yr puts addressable revenue in the multi-billion range before you get to international or adjacent verticals

- This is a platform play disguised as a developer tool, and the founders who win will understand both OAuth 2.0 scopes and CMS interoperability rules

The Setup: Why Agent Identity Is a Different Problem Than User Identity

Aaron Levie’s tweet is worth sitting with for a minute. The Box CEO isn’t usually the guy writing the spiciest technical takes, but he’s onto something real here. The model that’s governed software authentication for the past 20 years is fundamentally a human-centric one. A person has credentials. A system verifies those credentials. The system then grants access to things that person is allowed to see and do. OAuth, SAML, SCIM, all of it basically assumes a human is either directly initiating an action or has directly authorized a machine to act on their behalf in a very narrow, pre-defined way.

That model worked beautifully when “agentic” meant a scheduled job that pulled a CSV and emailed a report. It’s already starting to crack under the weight of what agentic AI actually does now, and it’ll be completely inadequate within 18 months.

Here’s the structural problem. Modern LLM-based agents aren’t executing deterministic scripts. They’re making judgment calls about what actions to take based on context that can shift mid-task. An agent that starts out looking up a patient’s medication history might end up writing a prior auth letter, querying a formulary database, drafting a message to the prescribing physician, and logging an encounter note, all as part of completing one user intent. If that agent is operating on user-level credentials, it has access to everything that user can see. And if the user is a hospital administrator or a population health analyst, that’s a lot of PHI touching a lot of systems for what should be a narrowly scoped workflow.

The blast radius problem Levie mentions isn’t hypothetical. It’s already happening in non-healthcare contexts, and healthcare is where the consequences of getting it wrong graduate from “bad press” to “federal investigation, OCR audit, and potential criminal liability.” The question isn’t whether agent identity becomes a critical infrastructure problem. It’s who builds the solution first.

Healthcare Makes This Harder (Obviously)