AWS Public Sector Blog
How to use AWS Wickr to enable healthcare workers to interact with generative AI
Healthcare practitioners rely on specialized knowledge such as publications in medical research, caregiving techniques, treatment plans, and policy documents. In addition, doctors and nurses require access to patient data that is typically stored in electronic medical record (EMR) systems. Generative artificial intelligence (AI) technology allows you to integrate large bodies of knowledge and make them accessible in a more natural way. Instead of finding the right search keywords and browsing through a list of results in different healthcare IT systems, users can interact with a generative AI backend service in a conversational style.
Patient data is sensitive and in many jurisdictions processing, access, and storage of patient data is regulated by government entities. In the US, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the processing, maintenance, and storage of protected health information.
Amazon Web Services (AWS) Wickr is an end-to-end encrypted messaging and collaboration service with features designed to keep internal and external communications secure, private, and compliant. AWS Wickr is a HIPAA-eligible service that enables the communication of confidential information while guarding against data theft, security incidents, and noncompliance with regulations.
AWS Partner Deloitte has collaborated with the U.S. Army Telemedicine & Advanced Technology Research Center (TATRC) to create an application that supports the National Emergency Tele-Critical Care Network (NETCCN). NETCCN delivers remote clinical expertise to the point of need during disasters and on the Multi-Domain Operations (MDO) battlefield. NETCCN incorporates Wickr and can be deployed with AWS Private 5G to create highly secure network capabilities to operate in disrupted, disconnected, intermittent and low-bandwidth (DDIL) environments.
For more information about how you can use AWS for the processing and storage of health information, see the AWS whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services.
In this post, we present an architecture that uses the Wickr messaging solution for protected communication with a generative AI backend system. For the backend system, we use an existing open source project: the AWS GenAI Chatbot. The purpose is to provide a starting point for organizations that would like to build a solution that provides a secure chatbot interface to interact with a knowledge base that contains proprietary data.
If you want to experiment with the architecture presented here, you can deploy the project in your AWS account. Head over to the AWS samples GitHub repository and give it a try: Wickr IO and AWS GenAI Chatbot integration.
Use Wickr IO to build a flexible integration architecture
You can use Wickr to integrate with other systems through Wickr IO. Wickr IO enables you to build secure custom bots and provision them to users with ease. Wickr IO integration software is publicly maintained, allowing technical and non-technical teams to build their own integrations within their Wickr network.
For the generative AI backend, we use the AWS GenAI Chatbot. This chatbot project allows you to experiment with a variety of large language models (LLMs), multimodal language models, settings, and prompts in your own AWS account. Integrating with the chatbot project allows us to reduce development efforts for the Wickr IO integration code.
We use the user interface of the AWS GenAI Chatbot, which makes it convenient to select LLMs and create knowledgebases by setting up workspaces for Retrieval-Augmented Generation (RAG).
RAG is a hybrid approach in natural language processing (NLP). It combines the retrieval of documents with generative models to generate a coherent and relevant response to a user’s query. RAG allows us to incorporate documents that weren’t part of the original training of an LLM. It provides a cost-effective way to enhance an LLM with specialist knowledge in domains such as healthcare. Furthermore, the ability to keep RAG documents private makes it a suitable approach for accessing proprietary or protected information such as care plans and protected health information (PHI).
Figure 2 shows the architecture for the integration of Wickr IO with the AWS GenAI Chatbot backend.
The key elements of the architecture are as follows.
- Following the SEC05-BP01 Create network layers guideline, the Amazon Elastic Compute Cloud (Amazon EC2) instance with the Wickr IO Docker container is placed in a private subnet. Communication to the Wickr service is through a NAT gateway.
- The project uses the Wickr IO feature to pull the configuration information from AWS Secrets Manager and to pull the custom integration code from Amazon Simple Storage Service (Amazon S3). Configuration and code are pulled at the startup of the Wickr IO Docker container. For more information about this approach, see Automatic Configuration.
- Access to the secret that holds the Wickr IO configuration and the custom integration code in Amazon S3 is controlled by an AWS Identity and Access Management (IAM) The IAM credentials are stored in Secrets Manager and rotated automatically on a regular basis (SEC02-BP05 Audit and rotate credentials periodically). After a secret rotation, the Amazon EC2 instance must be rebooted. The IAM user’s AWS access key ID and secret access key are installed in the ~/.aws/ directory on the EC2 instance at reboot.
- The Wickr IO custom integration code requires a Wickr IO bot user to communicate with the Wickr service (see Wickr IO Client Creation). The Wickr IO bot user credentials are provided during the deployment of the project with the cdk deploy command using —context Note, the Wickr IO bot user credentials aren’t rotated automatically. A regular, manual rotation using the AWS Management Console for Wickr is recommended (see also: Wickr IO Client Creation).
- For communication with the AWS GenAI Chatbot backend, an Amazon Cognito user ID is generated during deployment in the Cognito user pool of the AWS GenAI Chatbot. The password for this user is stored in Secrets Manager and rotated automatically on a regular basis.
- After deployment, the user uses the Wickr client software to initiate a conversation with the Wickr IO bot user. Then, the custom integration code running in the Wickr IO Docker container authenticates to the AWS GenAI Chatbot backend using the Cognito user. After successful authentication, messages are exchanged using the AWS AppSync GraphQL API.
The deployment of this architecture is fully automated by using the AWS Cloud Development Kit (AWS CDK). AWS CDK is an open source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. With the AWS CDK, we put our infrastructure, Wickr IO integration code, and configuration all in one place, ensuring that we have a complete, cloud-deployable system at every development milestone. Employing software engineering best practices such as code reviews, unit tests, and source control make the Wickr IO infrastructure more robust.
Access specialist knowledge through a RAG workspace
For detailed instructions for how to deploy the Wickr IO and AWS GenAI Chatbot integration, follow the instructions in the Prerequisites and Deployment sections. After the deployment has been completed, we start the Wickr client and add the Wickr IO bot (shown as genai-advisor-bot) as our communication partner for a one-to-one conversation. The bot user understands a few commands, which can be shown by sending a /help
message.
With the /list-models
command, we can get a list of the available LLMs configured in the AWS GenAI Chatbot backend. For this example, we select the anthropic.claude-v2 model.
We can now start a conversation with the model. In this example, we want to show how RAG can complement an LLM by providing specialist healthcare knowledge. As an example, we will ask the model about AWS HealthScribe. HealthScribe is a HIPAA-eligible service that empowers healthcare software vendors to build clinical applications that use speech recognition and generative AI to automatically generate preliminary clinical documentation.
The response from the LLM indicates that it doesn’t have enough information to provide a good description of what HealthScribe is. This scenario is an example for an LLM that didn’t include the specialized knowledge about a healthcare service during the training of the model. We will now address this by adding a RAG workspace with a document about the HealthScribe service.
We use the web interface of the AWS GenAI Chatbot to create a new RAG workspace.
We select OpenSearch Serverless as our vector engine and give a name to the workspace that will hold the documents representing specialized healthcare knowledge.
After the new workspace has been created, we add a pointer to the website with the relevant information about HealthScribe.
It will take a few moments to crawl the HealthScribe website and add the information to the RAG workspace. After the process is complete, we can return to the Wickr desktop client and get a list of available RAG workspaces with the /list-rag-workspaces
command.
The Healthcare workspace we just created is now in the list of workspaces and can be selected.
We repeat our original question to the LLM, which is now complemented by the Healthcare RAG workspace.
We receive a response that gives us a comprehensive introduction about HealthScribe.
Conclusion
This blog post demonstrated the integration of the Wickr secure messenger with the backend of the open source project AWS GenAI Chatbot. This integration allows organizations to build Wickr IO bot solutions that make specialist or proprietary knowledge accessible through a natural language chat interface.
We use the user interface of the AWS GenAI Chatbot to configure various LLMs and workspaces for RAG. Integrating with an existing open source project reduces the development effort and complexity of the Wickr IO bot integration code. The use of RAG workspaces allows an organization to set up private data stores to make protected or proprietary information accessible to the workforce.
We presented an example walkthrough for a healthcare user looking for healthcare related information. At first, the selected model couldn’t provide a satisfactory response to the question. After creating a RAG workspace that augments the model, the model responded with a comprehensive response.
A fully automated deployment of the example presented here is available as an open source project: Wickr IO and AWS GenAI Chatbot integration. We encourage you to give this project a try in your own AWS accounts. We hope the project can serve as a springboard for your own Wickr integration project.