Inspiration
Every year, healthcare organizations lose billions to compliance mistakes, not from breaches, but from small human errors. A new hire sends an email with patient data. A researcher shares a file in Slack. Having worked in healthcare startups, clinical research, and AI labs, we’ve felt that fear firsthand: the anxiety of “what if I mess up?” That fear inspired us to build GhostManager, an AI-native compliance officer that proactively prevents mistakes before they happen.
The what
GhostManager is the “Grammarly for compliance.” It runs a live compliance layer across company communication (i.e. Gmail, Slack, Notion), detecting and correcting potential HIPAA, FDA, and governance violations in real time. It flags risky messages, explains why they’re noncompliant, and even rewrites them to be compliant, all before they’re sent. It also builds a living, searchable knowledge base that captures each organization’s evolving compliance decisions. This dual pronged workflow allows for both security and education for new employees in a way not seen before.
We built GhostManager around an agentic hierarchy of specialized AI models, each trained for a specific compliance domain. These agents collaborate to assess risks and suggest fixes. To ensure privacy, we integrated a spaCy-powered data sanitization pipeline that strips all personal or health identifiers before any data touches an AI model. The backend is built in FastAPI, with a responsive JavaScript frontend for real-time feedback and visualization.
Challenges
The primary challenges included properly synthesizing a backend consisting of an triple-tiered (eight total agents) hierarchy of compliance/knowledge agents with a efficient and streamlined frontend that would first undergo data sterilization. Oftentimes, there were issues with over-sterilization, time sinkage, or confusion between agents before a more explicit hierarchy was coded. In terms of the sterilization, a combination of NLP and spacy allowed for PHI (patient health information) to be protected without a significant amount of compliant information being [REDACTED].
Log in or sign up for Devpost to join the conversation.