The blast radius
A model can produce a confident sequence of tool calls. If the only defense is the application's "trust the LLM chain," you are one hallucination away from a PHI-bearing API call. Traditional audit trails report events; they do not replace a mechanical permit on the HTTP client.
The TrigGuard interlock
Bind every clinical or administrative execution surface—orders, chart writes, document routing—to a policy. TrigGuard returns PERMIT, DENY, or SILENCE with a signed receipt (Ed25519 over canonical JSON). Only PERMIT releases the downstream client. Offline verification uses published keys from /.well-known/trigguard-keys.json; evidence can be shown to risk and to supervisors without a vendor callback story.
- EU / UK mapping: EU AI Act, UK NHS DSPT-adjacent controls, DORA for groups with banking arms (where applicable).
- Deep industry page: Healthcare AI & TrigGuard.
NEXT
Read /healthcare-ai and the control-plane vs data-plane split.