Healthcare AI Governance Platform

Closing the Healthcare
AI Liability Gap

AssureWing automates information governance for healthcare organisations — turning compliance from a blocker into a workflow. Built by IG professionals who lived the problem.

DSPT Standards Met 2025/26 UK GDPR DPA 2018 Active Pilot
Request a Demo →
12 mo
Average DPIA & IG approval cycle
£17.5M
Maximum ICO fine exposure
74%
Of healthcare organisations failing IG standards
28 days
Statutory SAR window — routinely breached
Co-designed with
NHS Community Trusts NHS Innovation Networks NHS IG & Legal Specialists
Healthcare-native, not generic Structured records, not PDFs Built by IG professionals DSPT Standards Met 2025/26

The Problem

The IG burden is unsustainable

Three systemic blockers are consuming IG teams and exposing healthcare organisations to regulatory risk.

Manual DPIA Bottleneck

Every AI clinical pilot requires a DPIA. Drafted manually, each failed submission adds 4–6 weeks. IG approval cycles run 6–12 months — killing innovation before it starts.

ICO Fine Risk

SAR backlogs routinely breach the 28-day statutory window. Each violation risks ICO enforcement, reputational damage and operational disruption across the organisation.

No Defensible AI Governance

AI model errors have no standardised correction mechanism. Clinicians face legal exposure with no auditable, legally-anchored record of decisions made.

The Platform

AssureWing

A governance-as-a-service layer that sits across healthcare infrastructure — five integrated modules turning compliance from a blocker into a workflow.

SAR Agent
NLP clinical redaction across 7 PII categories with DPA 2018 s.40 auto-applied
DPIA Engine
7-stage NLP workflow from screening to AAC issuance — hours, not months
Correction Rubric
4 legal pillars with 3-lead consensus. Evidential standard for ICO & Inquest
Synthetic Factory
Compliance-certified synthetic data. Zero-PII. Fairer-than-real datasets
Incident Mgmt
DSPT-aligned incident tracking with pattern detection and CIO dashboard
75%
Reduction in DPIA drafting time
50%
Reduction in SAR handling time
£65k
Average savings per organisation per year

Inside the Platform

See AssureWing in action

A working prototype built on real IG workflows — not wireframes.

AssureWing CIO Dashboard

CIO Dashboard

Live overview of open SARs, DPIA compliance, AI models, FTE hours saved, and active incidents — all in real time.

AssureWing SAR Agent

SAR / FOI Agent

Clinical NLP scans documents, detects PII across 7 categories, and applies DPA 2018 s.40 third-party protection automatically.

AssureWing DPIA Engine

DPIA Engine

7-stage structured workflow with DSPT v8 screening triggers, NLP auto-mapping, and stakeholder digital handshake.

AssureWing Correction Rubric

Correction Rubric

Every AI correction anchored to 4 legal pillars — Decision, Policy, Context, Audit Trail — with 3-lead consensus threshold.

AssureWing Incident Management

Incident Management

DSPT-aligned incident tracking with pattern detection, 28-day rolling window analysis, and CIO early warning dashboard.

How It Works

Structured records, not static documents

Every output is a queryable JSON record — not a PDF. Modules read from and write to each other automatically.

01 — Ingest

SAR or project description received

The platform ingests clinical documents or project descriptions via API or manual upload. NLP begins processing immediately.

02 — Analyse

Clinical NLP maps context

PII detected across 7 categories. Risk categories auto-mapped to NHS AI Assurance standards. Legal basis identified and applied.

03 — Govern

Human-in-the-loop review

DPO, Caldicott Guardian, and Clinical Lead review via structured digital handshake. Correction Rubric captures every decision.

04 — Certify

Evidence generated automatically

AAC Certificate issued on approval. DSPT evidence produced as a by-product. Every record is audit-ready from day one.

Lead Entry Point

DPIA Engine & Correction Rubric

The two modules that close the AI Liability Gap.

1

Screening

DSPT v8 trigger detection — automatic Art.35 mandatory flagging

2

Processing Description

NLP extracts and auto-populates project fields from free text

3

Three-Part Test

Purpose, Necessity, Balancing — with data minimisation conflict detection

4

Risk Identification

Auto-mapped to NHS risk categories with likelihood & impact scoring

5

Mitigation Controls

NHS Control Library suggestions with standard IDs and residual scoring

6

Stakeholder Consultation

DPO + Caldicott Guardian + Clinical Lead digital handshake

7

Live Status & AAC

AI Assurance Certificate issued — DSPT drift monitoring active

Correction Rubric

Every AI correction anchored to four legal pillars with a consensus-based threshold. If the ICO queries a decision, you show them a policy-anchored audit trail.

1

Decision

What was changed and why — documented at point of correction

2

Policy

UK GDPR, DPA 2018, DSPT v8 — legally cited, not assumed

3

Context

Department, risk level, clinical setting recorded

4

Audit Trail

Immutable, regulator-ready — evidential standard for ICO & Inquest

3-lead consensus threshold · Closes the AI Liability Gap

Validation & Readiness

Built by the people who do the work

Co-designed with frontline IG professionals. Validated by healthcare legal specialists.

DA

Danielle Andrew-Lynch

Information Governance Specialist
SE London ICB

Formal co-design partner since November 2025. Shaped the DPIA Engine and SAR Agent workflows from an operational IG perspective.

WM

Wycliff Musinguzi

Legal Services Manager — Inquest Specialist
NHS Legal

Formal co-design partner since November 2025. Validated that the Correction Rubric meets evidential standards required in Inquest proceedings.

Technology Readiness

TRL 1
TRL 2
TRL 3
TRL 4
TRL 5
TRL 6
TRL 7
TRL 8
TRL 9

Current: TRL 4 — Working prototype with NLP engine · Target: TRL 5 with pilot partner

Competitive Landscape

Why AssureWing — and why now

No existing tool is built for healthcare clinical AI governance. AssureWing is the first.

Solution Healthcare IG DPIA Automation SAR Handling Synthetic Data Correction Rubric DSPT v8
OneTrust × Partial × × × ×
Vigilant Software × Template only × × × ×
ServiceNow GRC × × × × × ×
Manual / Word docs × × × × × ×
AssureWing ✶ NLP Auto-Draft

Team

Built by someone who lived the problem

JM

Jordan Mubiru

Founder & CEO, QuenAI Limited

Four years on the frontline of NHS information governance — at NEL CSU, then North Central London ICB. LLM in Corporate Governance and Law (Portsmouth). Built AssureWing to solve the problems he experienced firsthand: manual SAR processing, DPIA bottlenecks, and the absence of legally defensible AI governance in healthcare.

LLM Corporate Governance LLB Law NHS IG Lead DSPT Practitioner

Get in Touch

Ready to close the
liability gap?

We're looking for NHS Trusts, ICBs, and private healthcare organisations to pilot AssureWing. No cost to the organisation. 20-minute demo available.

Company
QuenAI Limited
UK Registered SME
Founder
Jordan Mubiru
Standards
DSPT Standards Met 2025/26 · UK GDPR · DPA 2018
Status
TRL 4 — Working prototype
Seeking NHS pilot partners