HippocratAI

HippocratAI reviews your clinical code the way a compliance officer, medical researcher, and senior engineer would, simultaneously, instantly, every PR.

Comment

Inspiration

My interest in health tech goes back to my final year at university, where I built an app called QDiagno (Quick Diagnosis). The idea was simple but powerful; students could type how they were feeling in whatever messy, informal language they liked, and the app would perform sentence embedding using OpenAI's embedding model, extract symptom-related words and phrases, then run a cosine similarity check against a database of vetted diseases. An 80%+ match would return the most likely diagnosis.

Building QDiagno taught me something important: the gap between clinical knowledge and software isn't just a technical problem but a safety problem. Developers building health software often don't have the medical or regulatory expertise to know when their code could harm a patient. That gap has always bothered me.

When I saw the Airia AI Agents Hackathon, I immediately knew what I wanted to build.

What it does

HippocratAI is a multi-agent clinical compliance reviewer that activates automatically whenever a Pull Request is opened in a clinical software repository.

The moment a developer opens a PR, a GitHub Action sends the code diff to a pipeline of 5 specialized AI agents running on Airia:

  1. Clinical Intent Analyzer: figures out what the code is doing medically
  2. Regulatory Compliance Agent: checks the code against HIPAA, FDA 21 CFR Part 11, FHIR R4, IEC 62304, and GDPR Article 9 using a RAG knowledge base
  3. PubMed Research Agent: searches medical literature for relevant research
  4. Standards Conflict Detector: checks for FHIR resource structure issues and HL7 interoperability problems
  5. Report Generator: synthesizes all findings into a structured compliance report

The pipeline then pauses for human approval where a compliance officer reviews the report before it gets delivered. Once approved, the full report is posted as a comment directly on the GitHub PR.

How I built it

I built the entire agent pipeline on Airia's platform, connecting AI model nodes, a Python code block for the PubMed API integration, a RAG data source loaded with regulatory documents, and a Human Approval node for the HITL checkpoint.

The open source layer is a GitHub Action that triggers the pipeline automatically on every PR, passing the diff, PR metadata, and repository info securely to the Airia API.

Challenges I ran into

The biggest challenge was getting the data to flow correctly between agents especially after the Human Approval step, where Airia wraps the pipeline output in a branch structure that required careful parsing. I also had to handle the fact that the Report Generator was returning JSON wrapped in markdown code fences, which broke the GitHub Poster's JSON parser.

Getting the GitHub Action to fire-and-forget (rather than waiting for the full pipeline to complete and timing out) was another key architectural decision.

Accomplishments that I'm proud of

The moment the full pipeline worked end to end for the first time, like a real GitHub Pull Request triggering 5 AI agents, pausing for human approval, and delivering a formatted clinical compliance report as a PR comment. That was a genuinely proud moment.

Specifically:

  • Building a working HITL checkpoint inside an automated pipeline where the agent stops, waits for a human, and only proceeds after approval. In healthcare, that kind of human oversight isn't optional.
  • The PubMed integration: connecting a free medical literature API so the agent doesn't just check regulations but also surfaces relevant research papers for the developer. That felt like a meaningful addition nobody asked for but everyone would want.
  • The regulatory knowledge base: distilling HIPAA, FDA 21 CFR Part 11, FHIR R4, IEC 62304, and GDPR Article 9 into a RAG-queryable document that an AI agent can actually reason from.
  • Making it open source with a pluggable knowledge base: so developers in Nigeria, the UK, Australia, and beyond can contribute their own country specific regulations. HippocratAI isn't just a tool, it's infrastructure the global clinical dev community can build on.
  • The fact that this started as a university project (QDiagno) exploring the gap between clinical knowledge and software, and has now evolved into something that could genuinely protect patients by catching compliance issues before code ships.

What I learned

I learned a tremendous amount about multi-agent orchestration, specifically how to design agents that produce structured, predictable outputs that downstream agents can reason about. I also deepened my understanding of FHIR R4 and HIPAA technical safeguards while building the regulatory knowledge base.

Most importantly, I learned that HITL (Human-in-the-Loop) isn't just a safety feature in healthcare contexts, it's a trust feature. Developers are more likely to act on a compliance report that a human has reviewed and approved.

What's next for HippocratAI

  • Expand the regulatory knowledge base with country-specific regulations (NAFDAC for Nigeria, MHRA for the UK, TGA for Australia) contributions welcome via GitHub
  • Add support for more clinical standards including DICOM and IHE profiles
  • Build a dashboard for compliance officers to review and approve reports
  • Explore integration with Jira and Linear to automatically create tickets from compliance findings

Built With

  • airia
  • fda-21-cfr-part-11
  • fhir-r4
  • github-actions
  • github-actions-(ci/cd-trigger)
  • github-rest-api
  • github-rest-api-(pr-comment-delivery)
  • gpt-4o
  • gpt-4o-(clinical-ai-reasoning)
  • iec-62304
  • pubmed-e-utilities-api-(medical-literature-search)
  • pubmed-utilities
  • python
  • python-(github-poster-and-pubmed-agent)
  • rag
  • rag-knowledge-base-(hipaa
Share this project:

Updates