Healthcare

Automation near PHI,
scoped to the minimum

Provider organizations use govern.sh to let scheduling and intake agents work inside the EHR under minimum-necessary scopes — every access allowed, denied, or escalated with a signed record your privacy officer can hand to OCR.

The problem

Where autonomy breaks down today

01

EHR tokens grant far too much

A FHIR credential broad enough to reschedule appointments is usually broad enough to read full charts. The gap between what an agent needs and what its token allows is a reportable incident waiting.

02

Minimum necessary has no enforcement point

HIPAA's minimum-necessary standard is a policy document in most organizations, not a runtime control. Nothing technical stops an agent from touching records outside its task.

03

Disclosure accounting is manual

When a patient or auditor asks who accessed a record and why, the answer is assembled by hand from EHR access logs that were never designed to explain automated activity.

A day in the life

A reschedule, inside the lines

A patient replies to a reminder asking to move Thursday's cardiology visit. intake-agent handles it without ever seeing more than the schedule.

intake-agent
Manages appointment scheduling and pre-visit intake
01

intake-agent authenticates with a scoped passport

Passport

The agent's identity carries exactly two scopes: read appointment slots, write appointment bookings. Chart contents, labs, and notes are outside its world entirely.

agent: intake-agent · scope: fhir.appointments r/w only
02

It reads availability and proposes a slot

Policy

The policy engine allows the schedule read in 6 ms — in scope, in hours, for a patient with an active care relationship. No PHI beyond the appointment record is returned.

fhir.appointment.search · patient_ref matched · allow
03

A chart read is denied before it executes

Policy

Reasoning about prep instructions, the agent attempts to read the cardiology note. phi-minimum-necessary denies the call pre-execution, and the denial itself is signed into the trail.

fhir.documentref.read → deny: out_of_scope · rcp_c114…
04

The after-hours change goes to a human

Approval

The patient wants a 7:20 a.m. slot — outside standard booking hours, which policy treats as sensitive. The nurse coordinator reviews and approves from the queue.

rule: booking outside 08:00–18:00 → approve: coordinators
05

The disclosure record writes itself

Receipt

Allowed reads, the denied chart access, and the approved booking are chained as signed receipts — a complete, verifiable account of every PHI touchpoint in the interaction.

rcp_c117…88e2 · chain verified · export: disclosure-log
What govern.sh adds

The technical safeguards, made real

govern.sh turns the access-control and audit language of the Security Rule into enforcement that runs on every single EHR call.

Minimum-necessary scopes per agent

Grant each agent exactly the FHIR resources its task requires. Everything else is denied at the enforcement point, not discouraged in a policy PDF.

Denials are evidence too

Out-of-scope attempts produce signed deny receipts — proof your controls fired, which is precisely what an OCR investigator asks to see.

Human review for sensitive actions

Route record amendments, after-hours changes, and anything touching restricted charts to clinical staff for one-tap approval.

Disclosure-ready exports

Generate a per-patient accounting of automated access in minutes, with signatures that verify independently of govern.sh.

Agent
govern.sh
Tool
−58%
Scheduling turnaround, request to confirmed
0
Out-of-scope PHI reads reaching the EHR
4 min
To produce a per-patient disclosure account

Representative outcomes reported by govern.sh customers in healthcare.

HIPAA

Aligned with the Security Rule

Scoped passports operationalize the minimum-necessary standard, and the hash-chained receipt trail implements the audit controls of 45 CFR §164.312(b) for agent activity. govern.sh signs a BAA on Scale plans, and receipts contain identifiers and verdicts — never clinical content.

The deny receipts changed the conversation with our privacy officer. We could show not just that intake-agent stayed in its lane, but that the one time it drifted, the control caught it before the EHR ever saw the request.
Dr. Amara Osei
Chief Medical Information Officer, Northcell Health

Put a verified agent to work in healthcare.

Mint a passport, attach a policy, and watch the first signed receipt land — free for your first three agents.