Turning Weeks of Legal-Medical Review into Minutes: An Event-Driven AI Summarization Platform
This post describes the architecture and the business problem at a high level. No client data, credentials, network topology, or proprietary prompts are disclosed.
The business problem
Professional document-services firms sit on a firehose of paper. When an attorney or an insurance carrier subpoenas a claimant’s records, what comes back is often thousands of pages per matter — medical charts, depositions, discovery productions, and meet-and-confer correspondence — scanned, unsearchable, and in no particular order. A human reviewer then reads all of it to produce the one thing everyone actually needs: a faithful, well-organized summary.
A professional document-services (PDS) provider serving USAA wanted to move up the value chain from delivering documents to delivering understanding — AI-generated summaries their reviewers could trust and turn around in a fraction of the time. The bar was high: the output had to be accurate enough to build legal and claims decisions on, and the whole thing had to run inside a security posture that satisfied HIPAA and SOC 2, because it processes protected health information end to end.
The goal we set: cut manual review time by ~70% without ever letting an unreviewed machine summary reach a decision-maker.
What we built
An event-driven, multi-agent AI platform that ingests a batch of documents, understands what each one is, and routes it to a summarizer specialized for that document type — with a human reviewer always in the loop before anything is finalized.
The pipeline is modeled as a durable orchestration: each document flows through OCR, classification, and type-specific summarization as independent, retryable steps, and batches of hundreds of documents fan out in parallel and rejoin when complete.
┌───────────────────────────────────────────┐
Batch of documents │ ORCHESTRATION (durable) │
(SAS-signed URLs) ──▶ │ fan-out · retries · callbacks · status │
└───────────────────────────────────────────┘
│ (parallel, per document)
┌────────────────────────┼────────────────────────┐
▼ ▼ ▼
┌────────────┐ ┌──────────────┐ ┌────────────────┐
│ 1. OCR │ │ 2. Classify │ │ 3. Summarize │
│ scanned │ text ──▶│ what is this│ route ─▶│ by doc type: │
│ PDF → text│ │ document? │ │ · medical │
└────────────┘ └──────────────┘ │ · deposition │
│ · discovery │
│ · meet&confer │
└───────┬────────┘
│
┌─────────▼─────────┐
│ Human-in-the-loop │
│ review & sign-off │
└─────────┬─────────┘
▼
structured summary + status callback
Stage by stage:
- Intake — Documents arrive as a batch, each referenced by a short-lived signed URL rather than being pre-copied into our environment. That let the platform read from a caller’s own storage without either side loosening its security boundary, and gave us a clean in-domain copy for the rest of the pipeline and for audit.
- OCR — Every scanned PDF is converted to text with a managed document-intelligence service, so downstream models work on clean, machine-readable content.
- Classification — A language model decides what each document actually is. Getting this right matters more than it sounds: a discharge summary, a deposition transcript, and a discovery cover letter each need to be read very differently.
- Specialized summarization — Each document is handed to a summarizer tuned for its type — medical records, depositions, discovery, and meet-and-confer — each with its own prompt contract and expected structured output. Type specialization consistently beat a single “summarize anything” prompt on both faithfulness and format.
- Human-in-the-loop — No summary is treated as final until a human reviewer approves it. The machine does the reading and drafting; the professional does the judging.
- Callbacks & status — Because a batch can take a while, the orchestration reports progress and completion back to the calling system rather than making anyone poll.
Making it production-grade (not a demo)
The interesting engineering wasn’t the prompts — it was everything that keeps an LLM system trustworthy at scale:
- Guardrails and evaluation — an evaluation harness scored summaries against reference expectations so we could change a prompt or a model and measure whether quality moved, instead of guessing.
- Prompt and version management — prompts are versioned artifacts, not strings buried in code, so changes are reviewable and reversible.
- Model monitoring and feedback loops — reviewer corrections feed back into how we evaluate and improve the summarizers over time.
- Fail-loud behavior — early on, a misconfiguration let the classifier quietly return “not medical” for medical records. We rebuilt those paths to fail loudly rather than return a confident wrong answer — in this domain, a silent wrong answer is far more dangerous than an error.
Security & compliance posture
Because this is PHI, the security model was a first-class design input, not an afterthought:
- Identity, not secrets — services authenticate to AI and storage with managed identities and role-based access, so there are no long-lived API keys to leak or rotate.
- Private by default — data services are reached over private networking and centralized secret storage; nothing sensitive is exposed to the public internet.
- No secrets in logs — signed URLs and any sensitive values are never logged; we log stable identifiers instead.
- Infrastructure as code — the environment is reproducible and reviewable, and promotes cleanly from dev to higher environments.
Results
- ~70% reduction in manual review time for the targeted document types.
- Batch throughput — hundreds of documents summarized per batch with parallel fan-out, retries, and progress callbacks.
- A repeatable path up-market — the client moved from selling documents to selling summarized understanding, with a platform that new document types can be added to as new specialized summarizers rather than a rewrite.
Takeaways
- Classification before summarization. Knowing what a document is unlocks a much better summary than any general-purpose prompt.
- Durable orchestration beats a monolithic script. Retries, parallel fan-out, and callbacks are exactly what a batch-of-thousands, hours-long workload needs.
- Human-in-the-loop is the product, not a limitation. In legal and medical work, the value is a trustworthy draft that a professional signs off on — speed with accountability.
- Treat the LLM system like a production service. Evals, versioned prompts, monitoring, and fail-loud behavior are what separate a compelling demo from something a business will actually stake decisions on.