CHIA Grant Architecture Walkthrough — Seattle Children's Hospital

UC1: Pediatric Epilepsy Data Lake Architecture

Unified health data platform integrating EHR, imaging, genomics, and wearable data for epilepsy research

Existing AWS Service

re:Invent 2025 — NEW

Data Sources

💗

Epic FHIR

EHR Records

📡

PACS / DICOM

MRI, EEG Images

⏱️

Wearables

IoT Seizure Data

🧬

Genomics

VCF/CRAM Files

Ingestion

❤️

HealthLake

FHIR Data Store

🧠

HealthImaging

Medical Images

🧬

HealthOmics

Genomic Workflows

NEW

⚡

Lambda Durable

Long-running ETL

Storage

🗄️

Amazon S3

Data Lake (HIPAA)

NEW

📍

S3 Vectors

Embeddings Store

🛡️

Lake Formation

Governance

Processing

🔀

AWS Glue

ETL & Catalog

🧠

SageMaker

HyperPod Cluster

NEW

💾

Checkpointless

Training Resilience

Analytics & AI

🔍

Athena

SQL Analytics

✨

Bedrock

Foundation Models

NEW

✨

Nova Forge

Custom Model Fine-tune

NEW

🤖

AgentCore

Autonomous Agents

Consumption

📊

QuickSight

Dashboards

🌐

API Gateway

Research APIs

▦

Research Portal

Clinician UI

UC2: AI-Enhanced Neuroimaging Pipeline

Super-resolution MRI enhancement model trained on multi-institutional data, deployed as custom Bedrock model

Existing Service

re:Invent 2025 — NEW

Research Environment

📁

Public Datasets

HCP, fastMRI, BraTS

🏢

UPMC Collaboration

Paired MRI Dataset

⚙️

Preprocessing

DICOM → NIfTI, QC

🗄️

S3 Research Bucket

Curated Training Data

Training Environment

💻

HyperPod Cluster

p4d.24xlarge × 4

NEW

💾

Checkpointless Training

-10% training cost

NEW

💻

Trainium3

Next-gen ML silicon

📈

W&B / MLflow

Experiment Tracking

Production (Inference)

✅

Model Evaluation

PSNR, SSIM, Clinical

✨

Custom Model Import

Bedrock Inference

🖥️

Inference Endpoint

Real-time Enhancement

🩺

Clinical Integration

PACS Viewer Plugin

🔀 Data Flow: UC1 ↔ UC2 Integration

UC1: Data Lake
Neuroimaging + EHR

→

S3 Staging
MRI DICOM Export

→

UC2: Model Training
Super-Resolution

→

Enhanced Images
4× Resolution

→

UC1: Data Lake
Research Corpus

The Data Lake (UC1) provides neuroimaging data to train the AI model (UC2). Enhanced images flow back into the lake, enriching the research corpus and enabling clinician access via the Research Portal.

🔗 Shared Infrastructure Services

🗄️

Amazon S3

Data Lake

🔑

AWS KMS

Encryption

📜

CloudTrail

Audit

🛡️

Lake Formation

Governance

📊

Security Hub

Compliance

🌐

VPC + PrivateLink

Networking

👤

IAM + SSO

Identity

📊

CloudWatch

Monitoring

⚡ re:Invent 2025 Enhancements (Shared)

NEW

📍

S3 Vectors

Replaces OpenSearch — $500/mo savings, simpler architecture

NEW

💾

Checkpointless Training

10% compute savings — resilience without checkpoint overhead

NEW

💻

Trainium3

40% inference cost reduction — purpose-built for ML

NEW

⚡

Lambda Durable + AgentCore + Nova Forge

ETL orchestration, autonomous agents, custom fine-tuning

Security & Governance — HIPAA-First Architecture

Defense-in-depth controls enabled from Day 1 of the POC. All services are HIPAA-eligible with BAA coverage.

🔐 Encryption & Access Control

🔑

AWS KMS

Customer-managed CMKs, automatic key rotation every 365 days

🛡️

Lake Formation

Tag-based access: per-site, per-study, column-level PHI masking

👤

IAM + Identity Center

Least-privilege, federated SSO with SCH AD, no long-lived creds

🌐

VPC + PrivateLink

All PHI traffic on private network, no internet-facing endpoints

🔍 Detection & Monitoring

🔎

Amazon Macie

Continuous S3 scanning for PHI leakage, alerts on unencrypted PII

⚠️

Amazon GuardDuty

Threat detection: anomalous API calls, credential compromise, exfiltration

📜

AWS CloudTrail

Full API audit trail, 7-year retention for compliance

📊

AWS Security Hub

HIPAA conformance pack, continuous compliance scoring

🤖 AI Governance

🤖

AgentCore Policy (Cedar)

Deterministic enforcement: default-deny, forbid-wins-over-permit, automated reasoning

🛡️

Bedrock Guardrails

Content filtering, PII redaction, topic denial — applied regardless of model

Policy Authoring

Cedar policies define what AI agents can access. Automated reasoning validates policies are well-formed before deployment.

Runtime Enforcement

Default-deny, forbid-wins-over-permit. Every agent action evaluated against governance policies in milliseconds. Deterministic — not probabilistic.

Audit & Compliance

Full decision log for every agent action — approved or denied. Maps directly to AI Review Board governance requirements.

💡 For the AI Review Board: Cedar policies are the technical enforcement layer for the governance rules your board defines. "No AI agent may access genomic data without IRB approval tag" becomes a Cedar policy that is enforced deterministically at the gateway.

📅 Security Deployment Timeline

Week 1-2

Security baseline: KMS, VPC, IAM roles, CloudTrail, Security Hub HIPAA pack, GuardDuty

Week 3-4

Data governance: Lake Formation tags, Macie scanning, de-identification pipeline validation

Week 5-8

AI governance: AgentCore policies, Bedrock Guardrails, model access controls

Week 9-12

Penetration testing, compliance audit, AI Review Board sign-off, production readiness

UC1 — Year 1 Estimate

$58,000

Covered by CHIA credits

UC2 — Year 1 Estimate

$66,000

Covered by CHIA credits

Combined Total

$124,000

~$26K headroom on $150K award

CHIA Award Coverage

$150,000

AWS credits — full coverage ✓

Year 1 Cost Breakdown

UC1 + UC2 Combined = ~$124K (CHIA Award: $150K)

UC1: Data Lake
$58K

UC2: Neuroimaging
$66K

Combined
$124K

CHIA Award $150K

Storage Compute Platform AI/ML

re:Invent 2025 Cost Savings

Waterfall: Original → Optimized

$140K

Pre-Optimization

-$6K

S3 Vectors

-$4.2K

Checkpointless

-$5.8K

Trainium3

$124K

Post-Optimization

re:Invent 2025 Cost Savings

S3 Vectors

Replaces OpenSearch Serverless

-$500/mo

Checkpointless Training

Eliminates checkpoint I/O

-10% compute

Trainium3 Inference

vs GPU-based inference

-40% inference

Post Year 1: Steady-State Operations

Monthly Operational

$8-10K

After POC optimization

Annual Steady-State

~$100K

With Savings Plans

Comparison

<1 FTE

Less than one research coordinator salary

Year 2+ cost drivers: Storage grows ~20%/year as cohort expands. Compute stays flat (inference only, no retraining). Savings Plans (1-year commit) reduce compute 30-40%. Right-sizing after POC usage patterns are established typically saves an additional 15-20%.

💡 Budget context: $100K/year supports a platform serving 6,000+ epilepsy patients across 30+ PERC sites — less than the cost of one FTE research coordinator doing manual chart abstraction.

Cost of Inaction — What Manual Alternatives Cost

Manual Chart Abstraction (UC1)

$450K+/yr

3 FTE research coordinators × $85K salary + benefits
6,000 patients × 4 modalities = 24,000 records to abstract
Timeline: 18-24 months vs. 12 weeks with automation

Commercial 7T Scanning (UC2)

$1.5M+

500 research scans × $3,000/scan = $1.5M
Plus: scheduling delays (2-4 weeks), travel to 7T site
Not validated for pediatric routine use

✅

AWS Platform: $124K Year 1 (covered by CHIA credits)

Automated NLP + AI imaging enhancement — 10× faster, 10× cheaper than manual alternatives

Next Steps

Confirm genomic data format

WGS vs WES vs targeted panel — biggest cost variable for storage planning

Align on de-identification approach

Safe Harbor vs Expert Determination — determines FHIR export pipeline design (needs IRB input)

Schedule technical kickoff — Week of May 19

90-minute session with research informatics + engineering. 12-week clock starts → POC results by mid-June for CHIA submission (July 1 deadline).