mojApteczka as proof: GenAI and RAG in healthcare from idea to production

In healthcare, an “almost right” AI answer is not a success — it is a risk. That is why the most common question we get from companies in this domain is not “can AI do it” but “can AI be deployed safely, measurably and in production”. mojApteczka is our answer: a complete digital product built on Generative AI that we designed, built and run ourselves — from the AWS backend to the mobile apps. Not a demo, not a data scientist’s notebook. Production.

This article shows how the system is built and what it taught us about deploying GenAI where mistakes cost the most. We describe the full case on the Case studies page; here we focus on the architectural decisions and the lessons that transfer to other companies.

The problem: knowledge you must not make up

mojApteczka runs on healthcare-domain knowledge: drug interactions, packaging data, answers for the end user. This is exactly the type of system companies need most often — reliable answers from controlled sources, delivered at scale. And it is exactly the type where a model hallucination is not a cosmetic glitch but a hazard.

Three constraints shaped the entire architecture:

1. The answer must come from a source, not from the model’s “memory”. No source means no answer.
2. Inference cost must be predictable. A system serving end users will not survive if every query eats the margin.
3. Data and decisions must be GDPR- and AI-Act-compliant by design, not bolted on afterwards.

High-level architecture

The system is the same full stack we bring into client deployments:

• AWS backend — production-grade architecture: scaling, security, monitoring and inference-cost control.
• ETL and data — pipelines that turn source medical data into a structured, versioned knowledge base. The biggest effort is before the model, not in it.
• Knowledge base / RAG — answers generated solely from controlled sources, with citations and automated quality evaluation. We cover how RAG works separately: RAG on company documents.
• Human oversight — AI on the front line, a human in the loop where the stakes are high.
• Mobile apps — the product in users’ hands, iOS and Android, with a full release cycle.

Safety constraints are built in, not layered on: data in a controlled, versioned base; architecture and access designed for GDPR; risk classification and documentation for AI Act obligations. When there is no answer, the system says “I don’t know” — a deliberate decision, not a missing feature.

What it taught us

Hallucinations are tamed by process, not by a single prompt. Strict RAG + source citations + automated answer-quality evaluations. Without the evaluation layer, “hallucination control” is a claim, not a mechanism.

Inference cost is an architectural decision. Naive GenAI can eat the margin. The levers that actually work: caching, matching the model to the task, and monitoring cost per query. The effect is measurable (numbers below).

Data is a project, not an input. ETL, cleaning and versioning the knowledge are the bulk of the work. The same awaits every company deploying AI on its own documents — and it is the stage that most often decides the quality of the whole.

Hard numbers from production

mojApteczka production data, June 2026:

• 100% — AI extraction accuracy for packaging data (validation set, n=200).
• USD 0.0006 — cost of a single AI scan in production.
• 302,516 — drug-interaction records in the production knowledge base.

These are not slide numbers. They are metrics of a system that runs and that we maintain ourselves: we run the mojApteczka brand on AI we built — since launch, 100% of mojApteczka support tickets are closed by our own bot (triage, data validation, handoff to a fixer bot).

What your company gets from this

mojApteczka is our strongest proof of competence in a high-stakes domain: it shows AI can be deployed safely, measurably and at scale. The same stack — architecture, data, RAG, evaluations, cost control, compliance — we bring into client organizations. Without experimenting on your budget.

If you are planning GenAI where source reliability and compliance matter, start with a scoping diagnosis: book an AI audit. If you first want to understand how the AI Act applies to your case — including the Polish act passed by the Sejm but not yet in force and the supervisory Commission it creates (KRiBSI) — see the AI Act page.