Healthcare Agent Readiness: Why the Average Score Is 33

Most healthcare providers have websites, but those websites are built for humans, not machines. Provider directories are often rendered in JavaScript-heavy frameworks that agents cannot parse. Specialties, insurance panels, and availability are locked behind search widgets that require human interaction. No healthcare provider in our dataset publishes agent-card.json, llms.txt, or structured provider data in a machine-readable format.

This is healthcare's worst dimension. The vast majority of healthcare providers have no public API at all. EHR systems like Epic and Cerner have APIs, but they are gated behind institutional agreements and HIPAA BAAs that can take months to establish. When APIs exist, they often use FHIR (Fast Healthcare Interoperability Resources), which is technically structured but complex enough that most AI agents cannot navigate it without specialized training.

Healthcare onboarding is designed to be maximally human. New patient forms, insurance verification, identity confirmation, HIPAA consent signatures — every step requires a person. There is no "free tier" equivalent for a dental practice. You cannot test-drive a doctor visit. This makes healthcare fundamentally harder for agents to engage with, and it is the dimension where healthcare diverges most sharply from SaaS companies.

Healthcare pricing is the most opaque of any industry. A routine office visit can cost anywhere from $50 to $500 depending on insurance, network status, procedure codes, and negotiated rates. The No Surprises Act requires hospitals to publish machine-readable pricing files, but compliance is inconsistent and the files are often hundreds of megabytes of CSV data that even specialized tools struggle to parse. For individual practices, pricing is almost never published. An agent comparison-shopping healthcare providers hits a wall immediately.

Payment in healthcare is uniquely complex due to the insurance layer. Copays, deductibles, prior authorizations, claims, and EOBs (Explanation of Benefits) create a payment experience that no agent can navigate end-to-end. Some providers offer patient portals with online bill pay, which helps. But the payment dimension for healthcare will remain structurally lower than other industries until insurance billing becomes more transparent and programmable.

Healthcare data quality is paradoxically high internally (structured clinical data in EHRs) and low externally (patient-facing information is scattered across PDFs, portal screens, and phone trees). Lab results, imaging reports, and clinical notes are richly structured inside systems like Epic — but exposing that data to patients or their agents requires navigating OAuth flows, consent management, and HIPAA-compliant data sharing that most providers have not built.

Ironically, healthcare scores highest on Security — but for the wrong reason. HIPAA compliance creates a security posture that protects data well but also makes it inaccessible. The security dimension rewards proper TLS, authentication, and access controls, which healthcare providers generally have. But the same HIPAA controls that earn security points also block the API quality, onboarding, and data quality dimensions. Security without accessibility is a fortress with no door.

Healthcare systems are generally reliable — EHRs have high uptime, patient portals work consistently. But reliability in the agent readiness context measures whether an agent can depend on consistent, predictable interactions. When the primary interaction method is a phone call with variable hold times, the reliability dimension suffers. A provider whose scheduling system returns consistent API responses would score much higher than one whose "reliability" depends on a receptionist answering the phone.

Agent Experience measures how easy it is for an agent to actually accomplish a task with your business after finding it. In healthcare, the answer is: nearly impossible. An agent trying to book a dental appointment, check specialist availability, or compare costs across providers will fail at almost every step. No SDKs, no code examples, no structured interaction patterns. Healthcare is still firmly in the "call our office" paradigm.

Why does healthcare score so much lower than other industries?

Three structural factors compound: (1) HIPAA creates legitimate privacy barriers that restrict API access and data sharing, (2) insurance-based pricing makes costs impossible to publish in simple formats, and (3) healthcare's business model is built around in-person, phone-mediated interactions that agents cannot navigate. The average healthcare score of 33 compares to SaaS at approximately 52 and developer tools at approximately 58. Healthcare is not just behind — it is in a different category of difficulty.

Does HIPAA prevent healthcare businesses from being agent-ready?

No. HIPAA regulates how protected health information (PHI) is stored, transmitted, and accessed — it does not prohibit APIs or machine-readable data. Appointment availability, pricing estimates, provider specialties, and office hours are not PHI. A healthcare provider can publish an agent-card.json, a scheduling API, and estimated pricing without any HIPAA concerns. For clinical data, HIPAA-compliant OAuth2 flows (like those in the SMART on FHIR standard) already exist. The barrier is adoption, not regulation.

What would a Platinum-tier healthcare provider look like?

A Platinum (90+) healthcare provider would have: an agent-card.json listing specialties, insurance, and hours; a real-time scheduling API; estimated pricing by procedure and insurance plan; HIPAA-compliant OAuth2 for patient-delegated agent access; structured intake forms with API pre-population; FHIR endpoints for clinical data; and an MCP server exposing booking, records, and billing as agent-callable tools. No healthcare provider is close to this today. We estimate the first Silver-tier healthcare providers will emerge in late 2026.

Which healthcare sub-sectors score highest?

Telehealth platforms score highest (averaging 38-42) because they are already digital-first. Companies like Teladoc, Amwell, and MDLive have APIs, structured scheduling, and online payment flows. After telehealth, dental practices that use modern scheduling platforms (like Zocdoc integration) score better than average. Traditional hospitals and specialist practices score lowest, averaging 25-30.

How can a healthcare provider start improving today?

Start with the non-PHI improvements that require no HIPAA considerations: (1) publish an agent-card.json listing your specialties, hours, and accepted insurance, (2) add llms.txt with links to your scheduling page and provider bios, (3) publish estimated pricing for your 10 most common procedures. These three steps can move a healthcare provider from Not Scored (below 40) to Bronze (40-59) in a single afternoon. Run a free scan at agenthermes.ai/audit to see where you stand.

What is the Agent Readiness Score?

The Agent Readiness Score is a 0-100 metric that measures how easily AI agents can discover, understand, and interact with a business. We scan across 9 weighted dimensions: Discoverability (12%), API Quality (15%), Onboarding (8%), Pricing Transparency (5%), Payment (8%), Data Quality (10%), Security (12%), Reliability (13%), and Agent Experience (10%), plus an Agent-Native Bonus (7%). Tiers: Platinum 90+, Gold 75+, Silver 60+, Bronze 40+, Not Scored below 40. We have scanned 500 businesses across every major vertical.