I didn’t expect my first real GenAI project to scare me.

Not the technical parts — those were hard, but manageable. What scared me was the realization, about two months in, that a wrong answer from our system could delay a patient’s authorization. That a hallucinated policy reference could mean someone waiting longer than they should for care.

That changed everything about how I built.

The Problem We Were Actually Solving

When I joined Molina Healthcare as an AI/ML Engineer in early 2025, the ask sounded clean: build a GenAI assistant to help staff search through healthcare policy documents.

But when I sat down with the people actually doing this work, the picture got sharper and messier.

A prior authorization specialist might need to cross-reference three different policy documents — coverage guidelines, authorization criteria, and clinical SOPs — just to answer one question. These weren’t short documents. We’re talking 8,000+ pages across hundreds of files, updated regularly, full of domain-specific language that doesn’t map cleanly to how anyone naturally asks a question.

They weren’t looking for a chatbot. They were looking for a trusted colleague who had read every policy ever written and could give them the right paragraph, right now.

That’s a very different thing to build.

What I Thought RAG Was vs. What It Actually Is

I’d worked with RAG before. The concept is straightforward: retrieve relevant chunks from a document store, feed them to an LLM, get a grounded answer. Simple enough on paper.

What I hadn’t fully reckoned with was how much the quality of your retrieval determines the quality of everything downstream.

We ingested all 8,000+ pages using PyMuPDF — extracting text, cleaning formatting artifacts, splitting documents into chunks that were small enough to be precise but large enough to hold context. That chunking strategy alone took two weeks of iteration. Too small and you lose the surrounding context that makes a clause meaningful. Too large and you’re feeding the model noise.

Then we indexed everything into Azure AI Search and layered FAISS on top for embedding-based similarity scoring. We added metadata filters — document type, policy category, effective date — so retrieval wasn’t just semantic, it was structured.

That combination moved our retrieval accuracy by 22% in internal testing. But what the number doesn’t capture is why: it’s because we stopped treating retrieval as a search problem and started treating it as a comprehension problem. The system needed to understand what the staff member was really asking, not just match keywords.

The Lesson I Didn’t Expect: Guardrails Are the Product

Early on, I thought of PHI masking and RBAC controls as compliance checkboxes. Things you add at the end so legal signs off.

I was wrong.

In a healthcare context, the guardrails are what make the product usable. A system that gives a fast, accurate answer but leaks protected health information in the process isn’t a product — it’s a liability. A system that can be queried by anyone regardless of role isn’t a tool — it’s a risk.

When we implemented PHI masking, few-shot prompting for consistency, and role-based access controls, we weren’t adding friction. We were building the foundation of trust that makes anyone willing to rely on the system in the first place.

The 30% reduction in manual lookup time is the metric I put on my resume. But what I’m actually proud of is that the team started using it without being told to — because they trusted it.

What I’d Tell Anyone Building AI in a Regulated Industry

Accuracy is the table stakes, not the goal. Every RAG system can surface relevant text. The question is whether it surfaces the right text with enough context for a human to act on it responsibly.

Build with the person doing the job, not just for them. The specialists who used our system daily spotted retrieval failures I never would have caught in testing. Their feedback shaped the metadata filters, the prompt structure, and the confidence thresholds we used.

A wrong answer at speed is worse than a slow right one. We added latency to certain query paths on purpose — to trigger human review for high-stakes authorization decisions. That was the right call.

Where This Is Going

Healthcare AI is at an interesting inflection point. The technology is good enough to be genuinely useful. The harder problem is institutional trust — getting clinicians, administrators, and compliance teams to believe that an AI-assisted workflow is safer and more consistent than a manual one.

That trust isn’t built through demos. It’s built through guardrails, evaluation, transparency about what the system doesn’t know, and a long track record of getting it right.

I’m still building that track record. But I’m more convinced than ever that the engineers who will matter most in this space aren’t the ones who can build the fastest model — they’re the ones who understand what it means when that model is wrong.