Healthcare organizations face growing pressure to manage regulatory compliance while handling massive volumes of pharmacy data. One of the most complex areas is 340B compliance, where hospital pharmacy teams must ensure that drug purchases meet strict federal requirements. To address these challenges, AWS (Amazon Web Services) and Bluesight have collaborated to develop advanced artificial intelligence solutions that streamline compliance workflows and reduce the burden of manual reviews.
At the center of this initiative is Prism, an AI-powered intelligence layer that connects pharmacy, compliance, and operational data across Bluesight’s technology ecosystem. The solution is designed to help hospitals automate time-consuming investigations, generate reports faster, and improve visibility into compliance-related decisions.
According to AWS, the first major deployment of Prism—known as Prism Assistant for ControlCheck—has already reached general availability and is currently being used across 20 health systems. Meanwhile, Bluesight is preparing a more advanced multi-agent AI platform focused on 340B Group Purchasing Organization (GPO) compliance, with release plans targeted for later in 2026.
The Growing Complexity of Hospital 340B Compliance
Hospital pharmacy compliance is one of the most data-intensive functions in healthcare operations. Organizations participating in the federal 340B Drug Pricing Program must continually evaluate whether drug purchases meet eligibility requirements and comply with purchasing restrictions.
AWS highlights that a single 340B-covered entity may spend more than 4,000 staff hours annually reviewing GPO purchase exceptions. These reviews often require pharmacy teams to analyze and compare data from multiple sources, including:
- U.S. Food and Drug Administration (FDA) drug shortage notices
- American Society of Health-System Pharmacists (ASHP) shortage records
- Days-on-hand inventory metrics
- Machine-learning-based shortage forecasts
- Back-order information from partner hospitals
- Historical purchasing records
Traditionally, compliance teams perform much of this work manually, creating reports, validating data sources, and documenting exceptions for audits. This process consumes valuable staff time and increases the risk of inconsistencies.
Bluesight and AWS set out to modernize this workflow using generative AI and agent-based automation.
Prism Assistant for ControlCheck Reaches General Availability
The first implementation of Prism was integrated into ControlCheck, Bluesight’s controlled-substance monitoring platform.
ControlCheck helps hospital diversion teams identify unusual medication transaction activity that could indicate controlled-substance diversion. While the platform already provided valuable insights, users often had to manually gather supporting information from dashboards and reports before reaching conclusions.
Prism Assistant changes this process by introducing a conversational AI interface.
Users can ask questions in natural language and receive:
- Data-driven answers
- Visual charts and graphs
- Compliance summaries
- Investigation insights
- Automated report content
Instead of navigating multiple screens and manually assembling reports, compliance professionals can interact directly with the system through AI-assisted conversations.
Rapid Development Through AWS Acceleration Programs
AWS reports that Bluesight built the initial version of Prism Assistant during a three-day Experience-Based Acceleration engagement held in September 2025.
The project brought together:
- Eight Bluesight engineers
- Seven AWS specialists
During this intensive development session, the teams created a functional prototype that later evolved into the production-ready solution.
While such accelerated development timelines demonstrate the flexibility of modern cloud and AI technologies, it is important to note that these performance claims are vendor-reported. Independent validation from participating health systems remains limited.
Nevertheless, the project illustrates how healthcare technology providers are increasingly leveraging cloud-native AI tools to bring solutions to market faster.
How the Prism Architecture Works
The technical foundation of Prism combines multiple AWS technologies to create a secure and scalable AI environment.
The system uses:
- Strands Agents
- Amazon Bedrock
- Amazon Bedrock AgentCore Runtime
- AgentCore Gateway
- AWS Lambda
Through AgentCore Gateway, Bluesight exposed more than ten ControlCheck APIs as Model Context Protocol (MCP) tools. This allows AI agents to discover and invoke relevant tools automatically while responding to user requests.
A key architectural decision was avoiding direct database access by the language model.
Instead, Bluesight wrapped existing ControlCheck API endpoints inside AWS Lambda functions. These functions return structured data specifically formatted for AI processing.
This approach provides several advantages:
Stronger Security
Business logic remains inside the application layer rather than being exposed directly to the AI model.
Better Governance
Organizations maintain control over how data is accessed and interpreted.
Improved Reliability
Structured API responses reduce hallucinations and improve consistency.
Easier Auditing
Every interaction can be traced through application-level controls.
In practice, the AI agent performs four primary tasks:
- Interprets user questions
- Selects the necessary tools
- Retrieves relevant records
- Presents findings in a usable format
Significant Improvements in Query Performance
One of the most notable outcomes reported by AWS is the dramatic reduction in query latency.
Before Prism, some compliance investigations could take approximately five minutes to process.
With the AI-powered architecture, AWS reports response times as low as 10 seconds.
The deployment also includes enterprise-grade capabilities such as:
- Automated chart generation
- Infrastructure-as-code management
- Cost tracking
- Monitoring and observability
- Data encryption
- Authentication controls
These features help healthcare organizations scale AI usage while maintaining operational oversight.
Positive Feedback from Bluesight Leadership
Samir Neyazi, Director of Product Management at Bluesight, emphasized the impact of the technology on hospital diversion programs.
According to Neyazi:
“This is exactly what diversion program leaders have been waiting for—it gets them to answers faster and takes the manual grind out of every investigation.”
The statement reflects a broader industry trend toward reducing administrative workloads through AI-driven automation while enabling healthcare professionals to focus on higher-value tasks.
Deployment Across 20 Health Systems
AWS states that Bluesight successfully deployed Prism Assistant within a Virtual Private Cloud (VPC) and achieved general availability in fewer than nine months.
The solution is currently active across 20 health systems, representing the first large-scale deployment of the Prism platform.
Although the broader GPO compliance agent has not yet reached production deployment, the ControlCheck implementation provides early evidence of the platform’s operational potential.
Understanding 340B GPO Compliance Requirements
The next phase of the AWS-Bluesight collaboration focuses on one of the most challenging areas of hospital pharmacy compliance: Group Purchasing Organization restrictions within the 340B program.
Federal regulations prohibit certain hospital categories from purchasing outpatient drugs through GPO contracts when alternative purchasing channels are available.
Affected organizations include:
- Disproportionate Share Hospitals (DSH)
- Children’s Hospitals
- Free-Standing Cancer Hospitals
When supply chain conditions prevent alternative purchasing methods, hospitals must document and justify exceptions.
This creates an extensive compliance workload requiring evidence collection from multiple systems.
Bluesight’s Multi-Agent AI Approach
To simplify these reviews, Bluesight is developing a specialized GPO compliance agent that integrates data from three major platforms:
CostCheck
Provides purchasing and invoice information.
ShortageCheck
Supplies evidence related to drug shortages and availability constraints.
340BCheck
Verifies eligibility and compliance information.
Together, these systems create a comprehensive evidence framework for compliance evaluations.
AI Models Powering the Compliance Agent
The planned architecture leverages Anthropic’s Claude family of models through Amazon Bedrock.
The solution uses:
- Claude Sonnet 4.6 as the primary reasoning model
- Claude Haiku 4.5 for lower-latency operations
These models operate within Amazon Bedrock while AgentCore Runtime executes workloads inside a secure VPC environment using private subnets.
AgentCore Gateway connects the AI agents with Lambda-backed tools that access Bluesight’s compliance systems.
Coordinated Multi-Agent Workflow
Rather than relying on a single AI model, the proposed architecture uses specialized agents working together.
The workflow includes:
Purchase Data Agent
Retrieves invoice and purchasing records.
Supply Evidence Agent
Collects drug shortage and availability documentation.
Eligibility Agent
Validates 340B compliance requirements.
Coordinating GPO Agent
Combines findings from all supporting agents and generates an audit-focused report.
This distributed approach allows each agent to focus on a specific task while improving transparency and scalability.
AWS Acceleration Program for GPO Compliance
In March 2026, AWS and Bluesight conducted a second Experience-Based Acceleration engagement focused on the GPO compliance architecture.
According to AWS:
- System connectivity was established on the first day.
- Planned features were completed by the end of the second day.
The team then tested the system using synthetic datasets designed to simulate compliance scenarios.
Reported results included:
- 100% invoice discovery rate
- 93% evidence justification accuracy
- Performance exceeding the internal target of 85%
However, these figures were achieved under controlled testing conditions rather than real-world hospital environments.
Synthetic testing is useful for validating workflows, tool integrations, and report generation capabilities. Yet production environments introduce additional complexities, including:
- Missing data
- Delayed shortage updates
- Inconsistent drug identifiers
- Local workflow variations
- Disputed purchasing decisions
Healthcare organizations should therefore interpret these results as indicators of technical capability rather than guaranteed production outcomes.
Why Compliance Scoring Remains Outside the AI Model
One of the most important design principles in the Bluesight architecture is keeping compliance determinations separate from the language model.
Instead of allowing AI to make final compliance decisions, Bluesight uses a deterministic scoring engine.
The language model is responsible for:
- Gathering records
- Calling tools
- Organizing evidence
- Drafting explanations
The scoring engine performs:
- Compliance calculations
- Rule evaluation
- Priority matching
- Time-window analysis
This service evaluates 13 separate evidence inputs while applying configurable compliance rules.
The result is a more transparent and auditable process.
Rather than relying on AI-generated judgments, organizations can review:
- Source records
- Applied rules
- Evidence weighting
- Tool execution history
This structure aligns better with regulatory expectations and audit requirements.
Human Oversight Remains Essential
Despite increasing automation, Bluesight emphasizes that healthcare organizations retain responsibility for compliance policies.
Critical settings—including shortage thresholds, inventory requirements, and acceptable purchasing windows—must still be defined and approved by hospital compliance, pharmacy, and legal teams.
Different policy configurations can produce different compliance outcomes.
The platform provides configurable mechanisms for enforcing rules, but governance decisions remain firmly under organizational control.
HIPAA-Compliant Security and Privacy Controls
Given the sensitive nature of healthcare data, security remains a central component of the deployment.
Amazon Bedrock is HIPAA eligible, and Bluesight operates under a Business Associate Agreement (BAA) with AWS.
AWS also states that customer data processed through Amazon Bedrock is not used to train foundation models.
Additional security controls include:
Amazon Cognito
Provides OAuth2 authentication and JWT validation.
AWS Key Management Service (KMS)
Encrypts data both at rest and in transit.
AWS Secrets Manager
Protects credentials used by connected services.
AgentCore Runtime
Delivers session isolation between concurrent customer requests.
These controls help healthcare organizations meet strict security and privacy requirements.
Auditability and Operational Visibility
Transparency is critical in healthcare compliance.
To support this requirement, Amazon CloudWatch records:
- Agent decisions
- Tool calls
- Data access activity
- Performance metrics
- Alerts and alarms
This audit trail enables hospitals to understand exactly how a compliance determination was reached.
Whether reviewing a GPO purchase decision or investigating controlled-substance diversion activity, organizations can trace the evidence, workflows, and rules involved in every outcome.
Reported Operational Benefits Across Health Systems
Bluesight’s internal measurements across its 20 active health-system deployments suggest substantial productivity gains.
Reported improvements include:
- Up to 97% faster report generation and analysis
- Reduction of recurring report preparation from six hours to approximately 15 minutes
- Decrease in pre-investigation triage from three hours to roughly 10 minutes
- Controlled-substance variance analysis reduced from 30 minutes to under one minute
These figures indicate significant potential for operational efficiency, although independent third-party validation remains limited.
Best Practices Before Full Production Adoption
Healthcare organizations considering AI-assisted compliance tools should implement rigorous validation procedures before relying on automated recommendations.
Recommended practices include:
- Running historical purchasing cases through the platform
- Comparing AI-assisted results with existing review processes
- Testing data completeness across systems
- Validating drug-code matching accuracy
- Reviewing shortage timing assumptions
- Examining exception-rule handling
- Investigating cases with previous reviewer disagreements
Organizations should also maintain records of:
- Scoring-rule versions
- Supporting evidence
- Tool execution logs
- Compliance decision histories
These safeguards help ensure accountability and regulatory readiness.
The Future of AI-Driven Healthcare Compliance
The collaboration between AWS and Bluesight demonstrates how generative AI and agent-based architectures are transforming healthcare compliance operations.
By integrating pharmacy systems, automating evidence collection, and accelerating report generation, Prism aims to reduce administrative workloads while improving visibility and consistency across compliance processes.
The successful deployment of Prism Assistant within 20 health systems marks an important milestone, while the upcoming multi-agent GPO compliance solution represents the next phase of AI adoption in hospital pharmacy operations.
As healthcare organizations continue exploring AI-powered compliance technologies, success will depend not only on automation capabilities but also on transparency, governance, security, and human oversight. Bluesight’s decision to keep compliance scoring outside the language model highlights a growing industry recognition that AI should support decision-making—not replace accountability.
With HIPAA-aligned controls, auditable workflows, and measurable efficiency gains, the AWS-Bluesight partnership offers a compelling example of how healthcare organizations can modernize complex compliance processes while maintaining regulatory integrity and operational trust.
Image Credit to Unsplash
Discover more from AiTechtonic - Informative & Entertaining Text Media
Subscribe to get the latest posts sent to your email.