Healthcare AI Governance Platform
AssureWing automates information governance for healthcare organisations — turning compliance from a blocker into a workflow. Built by IG professionals who lived the problem.
The Problem
Three systemic blockers are consuming IG teams and exposing healthcare organisations to regulatory risk.
Every AI clinical pilot requires a DPIA. Drafted manually, each failed submission adds 4–6 weeks. IG approval cycles run 6–12 months — killing innovation before it starts.
SAR backlogs routinely breach the 28-day statutory window. Each violation risks ICO enforcement, reputational damage and operational disruption across the organisation.
AI model errors have no standardised correction mechanism. Clinicians face legal exposure with no auditable, legally-anchored record of decisions made.
The Platform
A governance-as-a-service layer that sits across healthcare infrastructure — five integrated modules turning compliance from a blocker into a workflow.
How It Works
Every output is a queryable JSON record — not a PDF. Modules read from and write to each other automatically.
The platform ingests clinical documents or project descriptions via API or manual upload. NLP begins processing immediately.
PII detected across 7 categories. Risk categories auto-mapped to NHS AI Assurance standards. Legal basis identified and applied.
DPO, Caldicott Guardian, and Clinical Lead review via structured digital handshake. Correction Rubric captures every decision.
AAC Certificate issued on approval. DSPT evidence produced as a by-product. Every record is audit-ready from day one.
Lead Entry Point
The two modules that close the AI Liability Gap.
DSPT v8 trigger detection — automatic Art.35 mandatory flagging
NLP extracts and auto-populates project fields from free text
Purpose, Necessity, Balancing — with data minimisation conflict detection
Auto-mapped to NHS risk categories with likelihood & impact scoring
NHS Control Library suggestions with standard IDs and residual scoring
DPO + Caldicott Guardian + Clinical Lead digital handshake
AI Assurance Certificate issued — DSPT drift monitoring active
Every AI correction anchored to four legal pillars with a consensus-based threshold. If the ICO queries a decision, you show them a policy-anchored audit trail.
What was changed and why — documented at point of correction
UK GDPR, DPA 2018, DSPT v8 — legally cited, not assumed
Department, risk level, clinical setting recorded
Immutable, regulator-ready — evidential standard for ICO & Inquest
Validation & Readiness
Co-designed with frontline IG professionals. Validated by healthcare legal specialists.
Formal co-design partner since November 2025. Shaped the DPIA Engine and SAR Agent workflows from an operational IG perspective.
Formal co-design partner since November 2025. Validated that the Correction Rubric meets evidential standards required in Inquest proceedings.
Technology Readiness
Current: TRL 4 — Working prototype with NLP engine · Target: TRL 5 with pilot partner
Competitive Landscape
No existing tool is built for healthcare clinical AI governance. AssureWing is the first.
| Solution | Healthcare IG | DPIA Automation | SAR Handling | Synthetic Data | Correction Rubric | DSPT v8 |
|---|---|---|---|---|---|---|
| OneTrust | × | Partial | × | × | × | × |
| Vigilant Software | × | Template only | × | × | × | × |
| ServiceNow GRC | × | × | × | × | × | × |
| Manual / Word docs | × | × | × | × | × | × |
| AssureWing ✶ | ✓ | NLP Auto-Draft | ✓ | ✓ | ✓ | ✓ |
Team
Four years on the frontline of NHS information governance — at NEL CSU, then North Central London ICB. LLM in Corporate Governance and Law (Portsmouth). Built AssureWing to solve the problems he experienced firsthand: manual SAR processing, DPIA bottlenecks, and the absence of legally defensible AI governance in healthcare.
Get in Touch
We're looking for NHS Trusts, ICBs, and private healthcare organisations to pilot AssureWing. No cost to the organisation. 20-minute demo available.
ijmubiru@icloud.com →