What is LLMOps and why does it matter for healthcare AI services?

LLMOps — Large Language Model Operations — refers to the practices and tooling used to deploy, monitor, and maintain large language models in production environments.

In healthcare contexts, this typically involves additional considerations beyond standard MLOps, such as prompt versioning, output monitoring for clinical relevance, safeguards to reduce hallucination risk, and maintaining audit trails.

These capabilities may support organisations in aligning their AI systems with applicable NHS expectations and clinical safety frameworks (such as DCB0129), as well as internal governance requirements. Our approach is designed to help integrate LLMOps capabilities into platform architecture from an early stage, supporting ongoing monitoring, iteration, and oversight.


What is the difference between MLOps and LLMOps in a healthcare context?

MLOps generally focuses on the lifecycle management of traditional machine learning models, including deployment, monitoring, and retraining.

LLMOps extends these practices to large language models, which often introduce additional considerations such as prompt management, retrieval-augmented generation (RAG) pipelines, token usage monitoring, and output evaluation.

In healthcare settings, both MLOps and LLMOps may require additional controls to support clinical safety, bias awareness, and governance. The appropriate approach depends on the types of models used and the context in which they are deployed.


How do healthcare AI services handle data depersonalisation?

Healthcare AI systems often process data that may include personally identifiable information (PII) or protected health information (PHI). Depersonalisation techniques are typically used to reduce privacy risks and support compliance with UK data protection requirements.

We use tools such as Microsoft Presidio to help detect, classify, and redact sensitive data across structured and unstructured sources (e.g. clinical notes, referral letters, and imaging metadata). Where required, custom recognisers can be configured for UK-specific identifiers (such as NHS numbers or hospital IDs).

These approaches are intended to support organisations in working towards compliance with frameworks such as UK GDPR, the Data Protection Act 2018, and NHS information governance guidance.


How do you approach clinical safety for AI-driven products?

Clinical safety in England is guided by standards such as DCB0129 (for manufacturers) and DCB0160 (for deploying organisations).

We support organisations in developing clinical safety documentation, including hazard logs and risk assessments, that consider risks associated with AI systems — such as model drift, data dependencies, and unintended outputs.

Our approach is to embed clinical safety considerations throughout system design and development, rather than addressing them only as documentation activities. This is key philosophy of deliver our healthcare AI services. Its intended to support robust review processes and help organisations progress more effectively towards approval and sign-off, while working alongside the clinical safety officers and governance structures responsible for those decisions.


Can your services support Secure Data Environments and Trusted Research Environments?

Yes. Secure Data Environments (SDEs) and Trusted Research Environments (TREs) are increasingly used to enable analysis of sensitive health data within controlled boundaries.

We design and implement architectures that aim to align with NHS England’s SDE policy framework. This may include role-based access controls, audit logging, and disclosure risk management measures consistent with the Five Safes framework.

Our work can support both cloud-based (e.g. Azure, AWS) and hybrid deployments. As with all regulated environments, final implementation and accreditation typically depend on the policies and approvals of the host organisation, we support this process via our healthcare AI services methodology.


What is a DPIA and why does it matter before deploying healthcare AI?

A Data Protection Impact Assessment (DPIA) is a process required under UK GDPR where data processing is likely to present a high risk to individuals. This commonly applies to healthcare AI systems that process patient data.

A DPIA is generally expected to be completed before processing begins. It typically documents data flows, legal bases for processing, potential risks, and mitigating controls.

We support organisations in preparing DPIAs that reflect the technical reality of their systems — including data pipelines, model behaviour, and integration points. This is intended to help ensure the assessment is grounded in actual system design rather than generic policy descriptions.


What do startup founders need to know about moving from Jupyter notebooks to production?

Many healthcare AI services and products begin as proof-of-concept models developed in Jupyter notebooks. While this is a valid starting point, additional work is typically required to transition to a production-ready system suitable for NHS environments.

Notebooks are often not designed for reproducibility, secure configuration management, or scalable deployment. They may also lack clear separation between training, evaluation, and inference workflows.

Moving towards production generally involves:
– Structuring code into maintainable services
– Containerisation and environment standardisation
– Implementing CI/CD pipelines
– Adding monitoring, logging, and auditability
– Managing configuration and secrets securely

The primary challenge is less about the notebook itself and more about establishing an operational, secure, and governable platform around the model. Our services are designed to support this transition in a way that may help organisations meet typical NHS expectations for auditability, security, and maintainability.


Can you support AI platforms used in nuclear medicine and medical imaging?

We support organisations working with imaging modalities such as PET-CT, SPECT, and other DICOM-based systems.

This may include designing infrastructure for handling imaging data flows, integrating with PACS systems, and supporting AI model inference pipelines. We also consider requirements for traceability and audit logging, which are often relevant in clinical environments.

Where AI is intended to inform or support clinical decision-making, regulatory pathways such as Software as a Medical Device (SaMD) may apply. We can help organisations prepare for these pathways, although regulatory classification and approval are ultimately determined by the relevant authorities.


How do you help with NHS procurement and supplier frameworks?

Engaging with the NHS typically involves meeting a range of procurement, security, and governance requirements in addition to demonstrating product value.

We support organisations in preparing for common procurement routes such as G-Cloud, NHS frameworks, and Dynamic Purchasing Systems. This may include structuring technical documentation, clarifying security controls, and preparing supporting materials for review processes.

We also assist with readiness for frameworks such as the Data Security and Protection Toolkit (DSPT) and Cyber Assessment Framework (CAF). Progression through procurement processes is ultimately subject to NHS organisational requirements and evaluation criteria.

See who we help navigate these frameworks.