**AWS Prism Assistant: Automating Hospital Pharmacy Compliance with AI**
Amazon Web Services (AWS) has detailed how healthcare AI company Bluesight, in partnership with AWS, developed **Prism**—an artificial intelligence layer designed to integrate hospital pharmacy and compliance data across its product suite. The initiative focuses on automating complex, data-heavy compliance tasks that traditionally require significant manual effort from hospital staff.
At the core of the implementation is **Prism Assistant for ControlCheck**, which has now reached general availability and is actively used across 20 health systems. A related multi-product agent dedicated to **340B Group Purchasing Organisation (GPO) compliance** is scheduled for release later in 2026.
### Automating High-Stakes Compliance Workflows
The project targets one of healthcare’s most time-intensive processes: compliance verification for 340B drug purchasing programs. Under federal rules, certain hospitals are prohibited from buying outpatient drugs through GPO contracts unless specific exceptions apply. Proving these exceptions requires cross-referencing purchase data with FDA shortage notices, ASHP records, inventory levels, machine learning forecasts, and hospital back-order reports.
AWS notes that a single covered entity can spend **over 4,000 staff hours annually** on these reviews. Prism aims to streamline this by consolidating data from multiple systems and enabling natural-language querying and automated report generation.
### ControlCheck Agent Reaches 20 Health Systems
Bluesight initially focused on **ControlCheck**, its controlled-substance monitoring solution. While diversion teams used ControlCheck to spot unusual transaction patterns, compliance teams still manually assembled reports and correlated data points.
Prism Assistant changes this by offering a conversational interface that can:
– Query ControlCheck data
– Generate charts
– Produce draft report material
According to AWS, the first version was built in just three days during a rapid acceleration engagement involving eight Bluesight engineers and seven AWS specialists. While these timelines demonstrate the agility of the toolset, AWS notes that performance metrics remain vendor-reported and await broader independent validation.
The assistant is built using:
– **Strands Agents** with **Amazon Bedrock**
– **AgentCore Runtime** for execution
– **AgentCore Gateway** to expose more than 10 ControlCheck APIs as MCP tools
A key design choice was avoiding direct database access by language models. Instead, engineers wrapped existing ControlCheck API endpoints in AWS Lambda functions that return structured, agent-ready data. This keeps business logic in the application layer while the agent handles interpretation, tool selection, data gathering, and presentation.
AWS reports that this architecture reduced query latency from **five minutes to 10 seconds**. The deployment also includes:
– Chart generation
– Observability controls
– Cost attribution
– Encryption
– Authentication
– Infrastructure-as-code
Samir Neyazi, Director of Product Management at Bluesight, commented:
> “This is exactly what diversion program leaders have been waiting for—it gets them to answers faster and takes the manual grind out of every investigation.”
The service was deployed within a virtual private cloud and achieved general availability in under nine months. The 20 health systems using Prism Assistant represent current deployment evidence, while the larger GPO compliance agent has not yet reached that stage.
### Multi-Agent 340B Compliance for GPO Purchases
Bluesight’s upcoming **GPO compliance agent** consolidates data from three key systems:
– **CostCheck** for purchase information
– **ShortageCheck** for drug availability evidence
– **340BCheck** for eligibility validation
The architecture uses:
– **Anthropic Claude Sonnet 4.6** as the primary model
– **Claude Haiku 4.5** for lower-latency operations via Amazon Bedrock
– **AgentCore Runtime** inside a VPC with private subnets
– **AgentCore Gateway** to connect Lambda-backed tools to Bluesight product systems
A coordinating GPO agent directs three specialist data workers:
1. Retrieve purchase records
2. Gather supply evidence
3. Check 340B eligibility
The coordinator then assembles an audit-oriented report.
In March 2026, a second AWS acceleration engagement focused on this architecture. By the end of day one, the system was connected, and all planned features were completed by day two. Testing on synthetic data showed:
– 100% invoice discovery rate
– 93% evidence justification accuracy
– Above the 85% target
However, AWS cautions that these results do not yet reflect real-world performance across hospital customers. Synthetic testing validates tool calls, matching logic, and report generation—but cannot fully simulate local data gaps, delayed shortage updates, unusual drug identifiers, or disputed purchasing cases.
### Keeping Compliance Scoring Outside the Language Model
To maintain auditability and transparency, Bluesight adopts a **deterministic compliance scoring service** separate from the language model. This design:
– Evaluates 13 evidence inputs
– Applies priority-based matching
– Uses configurable time windows
Rather than generating compliance judgments, the LLM’s role is limited to:
– Gathering records
– Calling product tools
– Drafting explanations
The scoring service produces repeatable, auditable decisions that compliance teams can inspect and verify. Customers retain full ownership of policy settings, including:
– Supplier shortage thresholds
– Acceptable inventory periods
– Purchase-date windows
While the AI offers assistance, hospital pharmacy, legal, and compliance teams must approve and configure these rules.
### HIPAA Controls and Audit Traces
Security and compliance are foundational to the deployment:
– Amazon Bedrock is **HIPAA-eligible**, and Bluesight operates under a **Business Associate Agreement (BAA)** with AWS
– AWS does **not** train foundation models on customer data processed through Amazon Bedrock
– **Amazon Cognito** handles OAuth2 and JWT authentication
– **AgentCore Runtime** ensures session isolation
– **AWS Key Management Service** encrypts data at rest and in transit
– **AWS Secrets Manager** manages credentials
– **Amazon CloudWatch** logs agent decisions, tool invocations, data access, alarms, and performance metrics
These features are critical for explaining why a hospital permitted a GPO purchase or escalated a diversion pattern.
### Measured Outcomes and Best Practices
Bluesight reports significant efficiency gains across ControlCheck workflows:
– Up to **97% faster report generation and analysis**
– Manual report assembly dropped from ~6 hours to 15 minutes (**96% reduction**)
– Pre-investigation triage fell from 3 hours to ~10 minutes
– Controlled-substance variance analysis dropped to less than 1 minute
Despite these advances, AWS recommends:
– Running historical purchasing cases **in parallel** with existing review processes
– Rigorous local testing of:
– Data completeness
– Drug-code matching
– Shortage timing
– Exception rules
– Cases where human reviewers previously disagreed
– Retaining the scoring-rule version, source evidence, and tool trace for every production finding
—
### FAQ
**What is Prism Assistant?**
Prism Assistant is an AI-powered conversational interface developed by Bluesight and hosted on AWS. It enables users to query pharmacy and compliance data, generate charts, and draft reports using natural language.
**Which products does Prism integrate with?**
Prism Assistant integrates with **ControlCheck** for controlled-substance monitoring. The upcoming multi-agent system will combine **CostCheck**, **ShortageCheck**, and **340BCheck** for GPO compliance automation.
**Is the 340B compliance agent already available?**
No. The multi-product GPO compliance agent is scheduled for release later in 2026.
**How much time does Prism save hospitals?**
Bluesight reports up to **96% reduction** in manual report assembly time, with analysis dropping from around six hours to just 15 minutes.
**How does Prism handle data security and compliance?**
Prism operates under a HIPAA BAA with AWS, uses encrypted connections and storage, implements strict authentication via Amazon Cognito, and maintains detailed audit logs through Amazon CloudWatch.
**Does the AI make compliance decisions?**
No. The language model gathers data and drafts explanations, while a deterministic scoring service performs compliance calculations. Hospital teams retain full ownership of policy settings and final decisions.
—
### Conclusion
AWS Prism Assistant, developed in collaboration with Bluesight, represents a significant step toward automating high-stakes healthcare compliance workflows. By leveraging generative AI and agentic architectures, the platform reduces manual effort, accelerates investigations, and enhances transparency in pharmacy and GPO compliance processes.
While early results are promising—particularly within controlled environments—enterprise buyers should approach synthetic benchmarks with caution and prioritize rigorous, real-world testing. As the GPO compliance agent prepares for launch in 2026, the healthcare industry will be watching to see whether this technology can scale responsibly and securely across diverse hospital systems.



