Note: NHID-Clinical is an early-stage open proposal by Brianna Baynard. It is not an accredited standard or regulatory requirement.

NHID-Clinical

Practical controls for AI voice agents in payer–provider calls, built by a former payer operations associate who saw the problem firsthand on live calls.

I worked in payer operations — eligibility, claims, prior authorization — protecting PHI on live calls. Starting in 2025, our call center began receiving AI voice agents calling on behalf of provider offices. They passed verification, so we treated them as regular calls. Over time the problems became consistent: disclosure after PHI had already moved, no way to verify authorization, no escalation path. This project documents those patterns and proposes a voluntary, testable behavioral baseline. It is not a standard and not a certification. It is an open reference implementation.

Current state: The v1.3 conformance API is live — no key required for demo and vendor routes. VAPI and Twilio adapters accept native call payloads and return a pass/fail result. The v2 cryptographic authorization layer is public reference code in the repository. Zero production pilots — we are seeking the first shadow evaluation partners. — Start a shadow evaluation →

CC BY 4.0  ·  NIST Public Comment: NIST-2025-0035-0026

Governance Simulator
NHID-Clinical NHID-Clinical
Call for Pilot Partners

We are seeking payer and provider organizations to run a 90-day shadow evaluation — no vendor changes, no production risk. Pilot results directly shape the v2 specification.

Become a Pilot Partner

What it is

  • A voluntary, testable behavioral baseline for AI voice agents making administrative calls to payers
  • An open reference implementation: policy engine, conformance test suite, audit trace schema
  • Scoped to B2B provider-to-payer administrative voice workflows only

What it is not

  • A regulatory requirement or accredited standard
  • A certification body or compliance guarantor
  • An identity verifier (v1.3 standardizes observable disclosure and trace behaviors; cryptographic authorization is documented but not yet solved)

The AI Dilemma

What happens when AI voice agents call your office and you can't tell whether to trust them.

Specification Governance Simulator AI Governance Map ↗

Key tools

Policy Engine Playground

Test NHID-Clinical v1.3 controls against synthetic call scenarios in real time.

Open the simulator →

Specification (v1.3)

The full control set: IDG-01, PDX-01, DBC-01, EIT-01, ATR-01, and the event schema.

Read the specification →

Shadow Evaluation Guide

A structured 90-day process for payers to establish a behavioral baseline — no vendor changes required.

View the guide →

Evidence Pack

System behavior guarantees, anonymized failure trace example, and audit readiness model for procurement teams.

Review the evidence pack →

Where NHID-Clinical sits in the stack

STIR/SHAKEN verifies the phone number. NHID-Clinical is the layer above: it standardizes what the AI agent says about itself, when it says it, and what gets logged. The v2 cryptographic authorization layer — public reference implementation in the repository — verifies whether the agent is actually authorized to act for the provider.

Voice carrier PSTN / VoIP transmission
STIR/SHAKEN Phone number attestation (existing standard)
NHID-Clinical v1.3 Disclosure, escalation, audit trace this layer
NHID-Auth v2 Cryptographic authorization — public reference implementation
Payer system Eligibility, claims, authorization workflows

For procurement and evaluation teams

The Evidence Pack documents the reference implementation's deterministic guarantees, a worked anonymized failure trace, the audit readiness model, and a risk register.

Review the Evidence Pack →

Starting a shadow evaluation? The Shadow Evaluation Guide walks through the 90-day process.

Shadow Evaluation Guide →

NIST AI Safety Institute — Public Comment

Submitted to NIST docket NIST-2025-0035

NHID-Clinical was submitted as a public comment to NIST's AI-agent security docket in January 2026. This is a public comment — not an endorsement, not a standard. It puts the problem on the record.

Comment ID: NIST-2025-0035-0026  ·  January 12, 2026

View on Regulations.gov →

Get involved

Read the proposal. Try the simulator. Share what you think.

Whether you think it is right, wrong, incomplete, or misses the real problem — that feedback shapes the next version.

Join the Discussion →