Amazon Nova Act Becomes HIPAA Eligible for Healthcare Workflows

Amazon Nova Act Becomes HIPAA Eligible for Healthcare Workflows

Amazon Nova Act, AWS's browser-based AI agent service, now qualifies as HIPAA eligible, allowing healthcare and life sciences organizations to deploy autonomous agents for workflows involving electronically protected health information (ePHI).

The service is included in AWS's HIPAA Eligible Services Reference list, enabling organizations with a signed AWS Business Associate Agreement (BAA) to use Nova Act for processing protected health information.

Service Capabilities

Nova Act automates browser-based workflows by navigating websites, filling forms, extracting information, and completing multi-step processes. The service integrates with external tools through API calls, remote Model Control Protocol (MCP), or agentic frameworks like Strand Agents. Workflows can be defined using natural language combined with Python code.

For healthcare organizations, this enables automation of:

• Appointment scheduling and insurance verification across provider and payer portals
• Prior authorization requests and claim status checks
• Appeals submission and reimbursement tracking on payer websites
• Referral sending and tracking between providers
• Compliance reporting data gathering from multiple systems

The system includes human escalation capabilities when appropriate.

Compliance Requirements

Under AWS's Shared Responsibility Model, AWS manages infrastructure security while customers configure controls to achieve HIPAA compliance. Organizations must:

• Execute an AWS BAA through the self-service process in AWS Management Console
• Designate their account as a HIPAA account
• Implement security controls including IAM access policies, AWS KMS encryption, and AWS CloudTrail logging
• Conduct a design review using the AWS Well-Architected Tool before deploying ePHI workloads

Availability and Integration

Nova Act is currently available in the US East (N. Virginia) AWS Region. The service integrates with Amazon Bedrock AgentCore, Amazon CloudWatch, and AWS Identity and Access Management. Pricing details are available on the Amazon Nova Act pricing page, though specific rates were not disclosed.

What This Means

HIPAA eligibility removes a significant barrier to AI agent adoption in healthcare, where manual browser-based workflows remain common due to compliance concerns. This positions AWS to compete directly in healthcare automation, a market where administrative tasks consume substantial resources. Organizations can now deploy AI agents for repetitive workflows while maintaining regulatory compliance, potentially reducing administrative burden and accelerating claims processing. However, customers retain full responsibility for proper configuration and compliance—HIPAA eligibility means the service is designed for compliant use, not that compliance is automatic.