Generated automatically by Heimdall, the Sovereign AI Router for Healthcare. An independent, continuous record of how clinical artificial intelligence was routed, governed and contained across the Trust estate.
Heimdall sits between the Trust's clinical applications and every model that serves them. It records each inference request, evaluates it against ratified policy, routes it to the correct jurisdiction, and writes an immutable entry to the ledger. This audit is a faithful reconstruction of that record for the period. No figure in this pack was entered by hand; each is derived from the control plane's own telemetry.
Every clinical application in the Trust reaches artificial intelligence through a single governed path. The Heimdall Gateway is the only door, and it routes to one of three destinations.
Weekday volume peaks Tuesday to Thursday with reporting and ED load; weekend troughs preserve the same residency mix. The sovereign share never falls below 70% on any single day of the period.
"Identifiable healthcare data must remain within sovereign UK infrastructure."
| Data class | Sovereign | Resident | Frontier |
|---|---|---|---|
| Identifiable PHI | Allow | De-ID | Block |
| De-identified | Allow | Allow | Gate |
| Imaging pixels | Allow | Allow | Block |
| Operational meta | Allow | Allow | Allow |
Frontier-class destinations were reachable only after de-identification and policy gating. No identifiable class was ever permitted to a frontier endpoint.
Cells show the count of policy evaluations that resulted in a block, reroute or de-identification. Density concentrates in Oncology and Pathology, where free-text and frontier requests are most frequent, and most tightly governed.
Scope: this audit covers all inference transiting the Heimdall gateway, the sole sanctioned path to any model. Use of external AI outside governed paths is addressed by the Trust's separate network egress and acceptable-use controls.
| Model | Version | Provider | Jurisdiction | Status | Traffic share | Pinned | Certification |
|---|---|---|---|---|---|---|---|
| 3v-rad-32b | v4.2.1 | 3verest | UK Sovereign | Active | 38.0% | ● | Valid · exp 2027-02 |
| 3v-rad-8b | v4.0.6 | 3verest | UK Sovereign | Active | 21.4% | ● | Valid · exp 2026-11 |
| 3v-phi-detect | v2.7.0 | 3verest | UK Sovereign | Active | 12.9% | ● | Valid · exp 2027-05 |
| 3v-onc-specialist | v1.9.3 | 3verest · Oncology | UK Sovereign | Active | 10.8% | ● | Valid · exp 2026-09 |
| claude-frontier | 4.x | Anthropic | UK-Resident | Gated | 11.1% | ○ | Valid · exp 2026-12 |
| 3v-card-ecg | v3.1.0 | 3verest · Cardiology | UK Sovereign | Active | 4.9% | ● | Valid · exp 2027-01 |
| 3v-rad-16b | v3.5.4 | 3verest | UK Sovereign | Deprecating | 0.9% | ○ | Sunset 2026-07-31 |
Five models are pinned, frozen at a certified version, immune to silent upgrade. Pinning is the Trust's guarantee that a model which passed clinical validation cannot change beneath the clinician.
Escalation held within the 3.5% to 5.0% governed band. Two micro-spikes correspond to the oncology task launch on 12 April and a pathology batch on 23 April.
Both detections were benign distribution shifts (contrast protocol change, scanner calibration). Neither required model rollback; both are annotated in the ledger.
| Case | Task | Model | Draft confidence | Human review | Final status |
|---|---|---|---|---|---|
| CS-0412-A | CT Chest Report | 3v-rad-32b | 98.4% | Required | Accepted |
| CS-0414-B | Mammography triage | 3v-rad-32b | 91.2% | Required | Amended |
| CS-0417-C | Histopathology grading | 3v-onc-specialist | 95.8% | Required | Accepted |
| CS-0421-D | 12-lead ECG read | 3v-card-ecg | 88.6% | Required | Overridden |
| CS-0426-E | ED head CT flag | 3v-rad-32b | 99.1% | Spot-check | Accepted |
| Timestamp UTC | Request ID | Hospital | Task class | Model | Policy | Tokens | Latency | Outcome | Cost | Hash |
|---|
Each entry seals the hash of its predecessor; any retroactive edit would break the chain at the point of tampering and is detectable in constant time. The table above is a 20-row sample drawn at random from 8,041,260 sealed records.
| Routing path | Reference | Input / 1M | Output / 1M | Basis |
|---|---|---|---|---|
| Sovereign · self-hosted | 3v-rad / onc / card | £1.30 to £2.00 blended | Capitalised H100, high utilisation | |
| Resident · metered | Claude Haiku 4.5 | $1.00 | $5.00 | UK-region, per-token |
| Resident · metered | Claude Sonnet 4.6 | $3.00 | $15.00 | Complex reporting |
| Resident · metered | GPT-4o mini | $0.15 | $0.60 | Light classification |
The estate processes ≈104M tokens/day, far above the ≈16M tokens/day break-even at which self-hosted inference becomes cheaper than per-token APIs. Sovereign routing is therefore the lower-cost path as well as the compliant one. Batch processing (50% lower) and prompt caching (90% lower on cached input) are applied to all metered traffic. Figures restated this period: the prior £94.7k reflected an annualised run-rate; the correct monthly cost is £13.8k (£8.1k/month avoided, ≈£97k/year).
Modelled basis: the £13.8k total cost is measured from the ledger. Cost-avoided and the 37% reduction are a modelled counterfactual: the same governed traffic repriced against a hyperscaler-only stack at the reference rates above, assuming USD→GBP ≈ 0.79 and the period's task-class token mix. They are an estimate, not measured spend, and will vary with rates and mix.
"Heimdall reduced AI operating costs by 37% while maintaining 100% sovereignty compliance."
Savings are realised by routing the majority of volume to capitalised sovereign models with a fixed cost base, reserving metered frontier inference for the narrow band of tasks that demand it. The economic case and the sovereignty case point the same way.
Every change to the estate's behaviour is a governed event with an author, a timestamp and a ledger anchor. The period's material decisions, in sequence.
Trust AI Governance Board ratified residency rule-set v11, tightening the identifiable-PHI boundary and codifying frontier gating. Approved by Caldicott Guardian and CCIO. ledger: 0x4A·11C9
Following clinical validation sign-off, the radiology flagship was pinned at v4.2.1, freezing it against silent upstream change for reporting and ED workloads. ledger: 0x6F·2D07
Histopathology grading task class went live on 3v-onc-specialist, with mandatory human review and a 14-day heightened-surveillance window. ledger: 0x8B·9E51
Policy v11.3 narrowed de-identification tolerance for free-text fields and added imaging-pixel egress controls. Took effect estate-wide within 90 seconds. ledger: 0xA0·77F3
Heimdall Autonomous Governance Engine sealed the period, verified the hash chain and produced this pack without human intervention. hash: 0x9F4C·A1E7
This report is a complete and faithful record of governed AI activity across Northgate University Hospitals NHS Trust for the period 01 to 30 April 2026. It was generated autonomously, sealed against tamper, and is presented for board assurance.