Amazon Nova Act gains HIPAA eligibility for healthcare AI agents

Amazon has announced that its Nova Act AI agent service is now HIPAA eligible, a significant step for bringing agentic AI into regulated healthcare environments. Nova Act, available as an AWS service, enables organizations to build and manage fleets of reliable AI agents that automate complex, multi-step browser-based workflows. These agents can navigate websites, fill out forms, extract information, and escalate to human supervisors when needed. Crucially, HIPAA eligibility means Nova Act can now process electronically protected health information (ePHI) when deployed under a signed AWS Business Associate Agreement (BAA) and with appropriate security controls like IAM access policies, KMS encryption, and CloudTrail logging.

This opens the door to automating critical but repetitive healthcare tasks: appointment scheduling, insurance verification, prior authorization, claim status checks, appeals, referral coordination, and compliance reporting across provider and payer portals. Prior to this, HIPAA compliance concerns limited the use of agentic AI in workflows involving ePHI. AWS emphasizes the shared responsibility model—customers must configure the service to meet their specific obligations. Nova Act integrates with the Strands Agents framework, Amazon Bedrock AgentCore, and MCP (Model Control Protocol). It is currently available in US East (N. Virginia) and priced per usage. For healthcare organizations, this means reduced manual effort, faster turnaround, and consistent execution of routine processes while maintaining regulatory compliance.