NASSCOM Tech Excellence 2026: How We Built the Healthcare AI Stack

When NASSCOM announced the Tech Excellence Awards 2026 in Mumbai in March, the stage held some of the people who built the Indian IT industry: Subramanian Ramadorai, the architect of TCS's global scale; Kalpana Morparia, who shaped ICICI's modernisation; Harish Mehta, NASSCOM's founding chair. Receiving the Healthcare AI category award from that lineup wasn't just a marketing moment. It was a recognition that healthcare AI in India has matured past the proof-of-concept theatre and into systems that actually run hospitals and insurers. The work of the last four years has shifted from pilots in innovation labs to production systems that process clinical decisions, pharmacy inventory, and prior-authorisation queues at scale. The category was new at NASSCOM Tech Excellence this year, which is itself a signal: the Indian IT establishment has decided that healthcare AI is now a distinct industrial capability worth measuring, not a sub-category of either healthcare IT or general AI.

What we were actually recognised for

The award cited our Healthcare AI Stack — a portfolio of seven production-deployed accelerators that solve specific revenue cycle, clinical, and pharmacy problems. The three that did most of the heavy lifting in the citation: Rx Compliance Stocker, a pharmacy inventory and regulatory-compliance engine deployed across 1,400+ retail pharmacy outlets across India and the Middle East; Medical Records Parser, a clinical document understanding system that converts unstructured discharge summaries, lab reports, and physician notes into FHIR-compliant structured data with field-level confidence scores; and Prior Auth Accelerator, an agentic workflow that turns the worst job in US healthcare administration into a 4-minute review rather than a 4-day chase. The other four (a clinical-coding assist for revenue cycle, a patient-communication translator for multi-language outpatient settings, a hospital-formulary drug-interaction checker, and an ambient-clinical-documentation pilot running with an Indian hospital chain) supported the citation but weren't called out individually. The point of the stack is that each component is deployable on its own and they compound when deployed together, sharing the same underlying clinical-NLP and ontology infrastructure.

The clinical ontology problem nobody warned you about

Healthcare RAG is harder than enterprise RAG because medical language is simultaneously highly standardised (SNOMED CT, ICD-10-CM, ICD-10-PCS, RxNorm, LOINC, CPT, HCPCS, NDC) and chaotically informal (a discharge summary that says 'pt c/o SOB, started on lasix 40 mg BID, hx CHF EF 30%'). A generic embedding model treats 'SOB' as a phrase about social inappropriateness rather than shortness of breath; it has no idea that 'lasix' and 'furosemide' refer to the same molecule; it cannot tell that 'EF 30%' is a clinically significant cardiac finding rather than a percentage of something benign. The fix is a two-stage architecture: a clinical NER pass using a fine-tuned BioBERT or ClinicalBERT variant (or in our case, an internal model fine-tuned on labelled clinical text spanning Indian, US, and UK clinical conventions) that normalises entities to UMLS CUIs, then standard dense retrieval on the normalised text. We also maintain ontology cross-walks (SNOMED to ICD-10, RxNorm to ATC, LOINC to local lab codes, CPT to country-specific procedure codes) because no two hospital systems use the same coding standard consistently, and the patient who shows up in three care settings will have their conditions coded three different ways. The cross-walk infrastructure is invisible when it works and catastrophic when it doesn't; it's one of the highest-leverage investments in the whole stack.

Why sovereign deployment is not optional for healthcare

HIPAA in the US permits cloud LLM use under a Business Associate Agreement, but the practical reality is that no covered entity wants to be the test case for whether a prompt containing PHI sent to OpenAI was a 'permitted disclosure', and the BAA review process at most hospitals has become long enough that on-premise deployment is faster than getting cloud approval anyway. The NHS IG Toolkit and DSPT in the UK are stricter; the Data Security and Protection requirements effectively rule out cross-border inference for patient-identifiable data, and the Information Commissioner's Office has explicitly flagged LLM prompts containing PHI as a controlled data transfer. India's DPDP Act and the proposed Digital Personal Data Protection Rules treat health data as a special category requiring explicit consent and localisation, with the upcoming National Digital Health Mission integration adding further constraints. Every healthcare deployment we ship runs on the customer's infrastructure, with model weights stored on their disks, inference on their GPUs, audit logs flowing to their SIEM, and an explicit cluster-level egress block so no component can phone home even by accident. The sovereign-deployment overhead is real, but it's the only deployment model the procurement teams at our customers will sign off on. Arguing about it is a waste of everyone's time.

The clinical SME workflow that makes the difference

The technical architecture is the easy half. The harder half is the data labelling and evaluation workflow that needs clinical SMEs in the loop continuously, not just at project kickoff. Our Medical Records Parser was trained against 12,000 discharge summaries labelled by a panel of nine board-certified physicians across internal medicine, cardiology, and oncology, plus three pharmacists for the medication-extraction layer. We use a Label Studio instance, locally deployed for PHI safety, with a custom interface designed for clinical NER and relation extraction. It is pre-populated with model suggestions that the clinician confirms, edits, or rejects, so the labelling effort focuses on disagreement rather than from-scratch annotation. Every model release goes through a clinical acceptance test: a 400-record gold set scored on entity F1, ICD-10 code accuracy, RxNorm normalisation accuracy, and a custom 'clinical safety' rubric (did any extraction error change the meaning of a clinical finding in a way that could affect care?). Models that score below 92% F1 or fail any safety check don't ship. The SME panel meets monthly to review model performance, edge cases caught in production, and proposed improvements; this rhythm is what separates a healthcare AI product from a healthcare AI demo. Without it, the model accuracy drifts and nobody notices until a clinical incident forces the conversation.

Prior Auth and Rx Compliance: the two workloads that proved the stack

Prior authorisation is the work that breaks American healthcare administration: clinical staff on hold with insurers, faxing PDF forms, chasing missing information for days. Our deployment for a regional US health insurer reframed it as a multi-agent workflow. An intake agent extracts the clinical scenario from the submitted documentation. A policy-lookup agent retrieves the relevant medical-necessity criteria from the payer's internal policies (RAG over a 14,000-document corpus that the customer originally estimated at 4,000 documents; historical superseded versions, state-specific addenda, and Medicare/Medicaid-line variants meant the LLM needed all of them because criteria differed by date of service). A reasoning agent compares evidence to criteria and either approves, denies with a citation, or escalates to a human reviewer with a structured summary. Average decision time dropped from 4.2 days to 4 hours; auto-approval rate on clean submissions hit 71%; clinical reviewer override rate on the LLM's recommendations was 6.3%, lower than the baseline inter-reviewer disagreement rate of 11%. On the pharmacy side, Rx Compliance Stocker handles a different problem. Schedule H, H1, and X drugs in India each have different prescription-handling requirements, expiry-date management has both clinical and regulatory implications, and cold-chain breaks invalidate insulin and vaccine inventory. The product combines computer vision (capturing prescription images at the counter using a fine-tuned LayoutLMv3), structured drug-interaction checking, and inventory optimisation that respects shelf-life and supplier lead time. Across 1,400+ outlets it has flagged 23,000+ prescription-handling exceptions that the manual workflow had been missing entirely.

Integrating with hospital and payer system topology

A healthcare AI stack lives or dies on its ability to integrate with the systems that hospitals and payers actually run. We've built standard connectors for the EHR layer (Epic, Cerner/Oracle Health, Meditech, Allscripts/Veradigm), the payer-side claims platforms (Health Edge, Trizetto Facets, Plexis), and the pharmacy systems (Surescripts, NRx, in-country equivalents like the LIS systems used by Indian hospital chains). Integration patterns matter: HL7v2 messaging over MLLP for legacy environments, FHIR R4 REST APIs for modern stacks, SMART on FHIR for any agent that needs in-context EHR access. The HL7v2-to-FHIR translation layer is often where the engineering complexity hides — segment mapping is rarely clean, and the data quality of the upstream HL7 messages is uneven. We invest disproportionately in this integration layer because it's the substrate every downstream agent relies on. Two other lessons from the US prior-auth deployment worth flagging: clinical reviewers initially distrusted the agent's recommendations and overrode them at a much higher rate than the eval suggested they should. The fix was making the agent's reasoning visible and citation-backed, so reviewers could quickly verify rather than re-derive. And the supplier of the underlying medical-criteria content (InterQual or MCG, depending on the customer) needed contractual confirmation that LLM-mediated access to their content was permitted, which turned out to take longer than the technical build.

What the next 18 months of healthcare AI looks like

Three things will dominate. First, agentic prior-auth and claims-adjudication workflows will move from pilot to scale in the US, driven by the cost pressure on payers and the labour-availability crunch in utilisation-management teams. Second, ambient clinical documentation (the Abridge / Nuance DAX category) will commoditise. Open-weights ASR plus a well-tuned LLM running on a hospital's own GPU will produce SOAP notes that match the cloud incumbents, at a fraction of the per-encounter cost. Third, clinical decision support will start delivering measurable outcomes (not just notes): narrow, well-scoped agents that catch missed diagnoses or flag medication errors, evaluated against actual patient outcomes rather than benchmark numbers. The hospitals and payers that built sovereign infrastructure in 2025-26 will run all three on the same platform. The ones still waiting will rent the capability from someone else and lose the data flywheel that makes the next generation work.