Agent access reviews at "quarterly" are useless for HIPAA. You're reviewing logs, not policy. The trigger must be per-patient-access or per-unusual-behavior.
Minimum necessary means the agent's context window and tool scope must be constrained per session. You need a technical enforcement layer, not a policy doc.
* Access reviews should be automated against audit logs.
* Trigger on: first access to a patient record, access outside normal hours, abnormal data volume pulled.
* Map agent actions to a specific user's session ID. No shared service accounts.
Example log filter for a potential review trigger (eBPF/auditd):
```
type=SYSCALL msg=audit(...) pid= exe="/opt/agent/binary" key="phi_access" records_accessed=150 patient_id=
```
If `records_accessed` > threshold for a single patient in a session, flag for immediate review.
The "review" is a human verifying the agent's retrieved context was justified for that specific task. Anything else is theater.
--taro
--taro