Clinical decision support, patient communications, clinical research, and billing

The trust layer for AI agents in regulated industries.

The healthcare sector has four sub-verticals, each with its own action vocabulary, human-approval gating, and regulator binding. Pick the sub-vertical that matches the calling system's role; the action classes, the gating boundary, and the regulator evidence pack follow from there. AGAP® governance records what the agent proposed, what the policy decided, and what the clinician approved, and signs every decision into an audit chain an auditor can verify offline.

Four calling-side shapes; one shared platform.

Clinical decision support

AI-drafted diagnostic suggestions, treatment recommendations, and triage. The agent proposes; the clinician decides. Vortalis gates any patient-facing delivery behind clinician approval and records the proposal, the policy decision, and the approval on the audit chain.

Action classes

recommendation.deliveredtriage.classified

Human-approval gating

recommendation.delivered and triage.classified are gated behind clinician approval for any patient-facing delivery.

Primary regulators (maps to)

  • NHS DSPT
  • MHRA Software as a Medical Device guidance
  • GDPR Article 9 (special-category data)
  • HIPAA Privacy and Security Rules
  • EU AI Act Article 6 high-risk (Annex III §5(a) healthcare)

Patient communications and triage

AI-drafted correspondence, scheduling, and symptom intake. Sensitive fields are tokenised before the agent reasons over them, so the agent works against a tokenised view rather than raw patient-identifiable data.

Action classes

patient.message_sentappointment.scheduled

Human-approval gating

Sensitive fields (NHS number, date of birth, clinical notes) are tokenised; patient-facing message and scheduling actions are gated and rate-limited per the operator's policy.

Primary regulators (maps to)

  • NHS DSPT
  • GDPR Articles 9 and 22
  • CQC inspection framework

Clinical research and CRO workflow

Trial-patient matching, adverse-event drafting, and regulatory submission drafting. The audit chain integrates with Good Clinical Practice and 21 CFR Part 11 evidence so a sponsor or CRO can reconstruct the agent's actions.

Action classes

trial_match.proposedadverse_event.drafted

Human-approval gating

trial_match.proposed and adverse_event.drafted are drafting actions; submission and enrolment remain behind the sponsor's or investigator's sign-off. The audit chain captures the rationale for GCP and 21 CFR Part 11 review.

Primary regulators (maps to)

  • MHRA Clinical Trial Regulations
  • FDA 21 CFR Part 11
  • ICH GCP
  • EMA Clinical Trial Regulation

Billing and claims

AI-drafted clinical coding (ICD-10, OPCS-4, CPT), claim submission, and denial-response drafting. The audit chain captures the coding rationale so a payer can review how each code was applied.

Action classes

claim.submittedcoding.applied

Human-approval gating

claim.submitted and coding.applied are recorded with their coding rationale for payer review; the operator chooses which actions require a human coder's approval before submission.

Primary regulators (maps to)

  • NHS England Standard Contract
  • US CMS billing rules
  • GDPR (cross-border claims)

Upstream services Vortalis adapts for this sector.

  • FHIR (HL7 R4 / UK Core)Shipping

    vortalis_proxy/services/fhir.py

    FHIR R4 adapter. UK Core profile selection and terminology binding live in operator policy, not in Vortalis defaults.

  • NHS SpineShipping

    vortalis_proxy/services/nhs_spine.py

    Adapter as code. Counterparty certification with NHS Digital is the operator's responsibility.

  • GP ConnectShipping

    vortalis_proxy/services/gp_connect.py

    Operator-side credentials drive the adapter; Vortalis does not certify the GP Connect endpoint.

  • IM1Shipping

    vortalis_proxy/services/im1.py

    Adapter for the IM1 patient-facing-systems pairing API.

What this sector pack does not do.

Vortalis does not deliver clinical care; it governs the AI agent's action.

The platform records what the agent proposed, what the policy decided, and what the clinician approved. It does not deliver the care, choose the treatment, or substitute for the clinician's judgement. The clinical decision, the bedside experience, and the patient outcome are outside the platform's evidentiary reach.

Counterparty certification with each NHS Spine and GP Connect integration is the operator's responsibility.

Vortalis ships adapters as code, not as counterparty-certified production integrations. NHS Digital pairing, GP Connect registration, and EHR-vendor contracts are the operator's path. Vortalis governs the agent's action at the boundary; it does not assume the counterparty obligation.

FHIR profile selection and terminology binding live in operator policy, not in Vortalis defaults.

The FHIR adapter carries no opinionated profile by default. Which FHIR profile applies, which terminology system binds (SNOMED CT, dm+d, ICD-10), and which validation level the operator enforces are configured in the operator's policy. The platform validates against the operator's chosen profile; it does not impose one.

Cross-border data flow under GDPR Article 9 requires the operator's lawful-basis determination.

The tokenisation invariant and the per-tenant audit chain support the operator's GDPR posture, but the lawful basis for processing special-category healthcare data, and the lawful basis for any cross-border transfer, is a determination the operator's data-protection lead makes. Vortalis records the evidence; it does not adjudicate the legal basis.

The general-purpose honest limits sit at /product/security-architecture; this list is specific to the healthcare pack.

How operators put the pack to work.

These are illustrative deployments, not customer references. No named customer testimonials appear here, because the first external engagements are still landing. Each scenario describes a plausible shape of a Vortalis deployment in this sector.

Illustration 1

A UK NHS trust deploying a triage agent on a FHIR-backed patient record, governing NHS DSPT and GDPR Article 9 obligations through Vortalis. The agent runs against a Vortalis-tokenised view of patient records and gates every patient-facing recommendation behind clinician approval, producing a signed audit trail an auditor can verify offline.

Illustration 2

A clinical research organisation running a trial-matching agent across an NHS Spine integration, governing ICH GCP and 21 CFR Part 11 evidence through Vortalis. Adverse-event drafts are captured with their rationale on the audit chain, and enrolment stays behind the investigator's sign-off.

Illustration 3

A private hospital group deploying a clinical-coding agent for billing and claims, governing US CMS billing rules and cross-border GDPR obligations through Vortalis. Each coding.applied action records the coding rationale so the payer can review how ICD-10 and CPT codes were assigned.

Signed. Offline-verifiable.

A sample NHS DSPT and MHRA evidence pack, showing the structure of a signed, offline-verifiable pack. Signed. Offline-verifiable.

Download the sample healthcare evidence pack (PDF)

Sample artefact. This is a placeholder evidence pack for layout and review; a real signed, offline-verifiable pack replaces it before launch.

Bring Vortalis to your healthcare agents.

Pick the sub-vertical above. Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.