Defining an Ethical Explainability Metric for Measuring AI Trustworthiness in Connected Healthcare Systems

Abstract

Leveraging Artificial Intelligence (AI) ethically in connected healthcare systems requires a quantifiable framework that measures not only outcome correctness, but also the clarity, auditability, and ethical acceptability of model explanations in high-stakes clinical and cybersecurity workflows. This manuscript first presents a narrative review of ethical risks and countermeasures in Healthcare Internet of Things (HIoT) and explains why existing performance metrics are insufficient for trustworthy deployment. We then formalize a quantitative metric called Ethical Explainability (E_e) as a composite index integrating (1) a Human Agreement Ratio (HAR), capturing concordance between AI recommendations (and their rationale) and a calibrated expert consensus, and (2) an Entropy Reduction Index (ERI), capturing the proportional reduction in expert uncertainty after receiving an explanation, operationalized via probability-elicitation questionnaires mapped to Shannon entropy. Designed for HIoT security monitoring, E_e links transparency with governance-ready evidence of trustworthiness for human–AI collaboration.

1. Introduction

The use of Artificial Intelligence (AI) has reached a pivotal moment, with most core sectors now planning to use it for improving efficiency and supplementing their decision-making. The 2025 Stanford AI Index has reported that global corporate AI investment surpassed US $252 billion in 2024 [1]. Similarly, the McKinsey State of AI Global 2025 Survey found that 78% of organizations used AI in at least one business function in 2025, a steady rise from the figure of 55% in 2024 [2].

Despite this acceleration in its use, it was found that 54% of organizations have not yet drafted an AI policy and only 13% currently have clear, documented rules in place [3]. The key issues cited in the slow adoption of AI were data protection and privacy risks, followed by misinformation or inaccurate outputs (30%) and compliance challenges (16%). This disparity underscores the need for quantitative, ethical metrics capable of evaluating transparency and justifiability beyond purely technical markers such as accuracy or precision. Existing AI models, especially black-box deep learning models, lack transparency and do not capture the alignment between machine reasoning and human judgment, which may lead to biases [4,5]. The AI Ethics Alliance reported that 68% of AI researchers see standardized ethical metrics as essential to build public trust in AI technologies, and a recent study reported that 70% of companies adopting transparency metrics experience increased trust among stakeholders [6].

There has recently been a steady shift toward connected care and digital health infrastructures, which is directly linked to a marked rise in cybersecurity threats, device vulnerability, and patient privacy risks. Recent meta-analyses and surveys found that ransomware attacks targeting clinical IoT networks more than doubled from 2022 to 2024, while regulatory frameworks are placing increasing emphasis on explainability, real-time monitoring, and ethical auditing [7,8]. AI is also being increasingly integrated into connected healthcare systems, including the Healthcare Internet of Things (HIoT) ecosystem consisting of networks of connected medical devices, sensors, and clinical information systems. These AI systems are used for tasks such as intrusion detection, anomaly detection, predictive monitoring, and decision support.

However, the high-stakes nature of clinical decisions and cybersecurity responses requires AI systems that are not only accurate but also transparent, ethically grounded, and accountable. When AI models act as decision aids, clinicians and cybersecurity practitioners must understand and trust model outputs and explanations, particularly in safety-critical contexts where false negatives may lead to patient harm, and false positives may cause operational disruption. At the same time, concerns around patient data privacy and confidentiality are increasing. The Veriti 2025 State of Healthcare Cybersecurity Report documents that nearly 400 healthcare organizations worldwide faced intrusions in the past year alone, with average losses of USD 3.5 million per data breach [7]. Similarly, a study by Device Authority reported that more than one million medical IoT devices were exposed online without authentication, representing the largest single-year data leak in healthcare history [8]. These findings reveal a cybersecurity risk where technological sophistication outpaces moral accountability (

Table 1. Global adoption and risk statistics in AI and healthcare cybersecurity in 2025.

Domain	Key Indicator
Global AI Investment	USD 252 billion (2024)
AI Adoption in Business Processes	78% of firms use AI in ≥1 function (55% in 2024)
Organizations with No Drafted AI Policy at All	54% of organizations with no AI policy
Healthcare Organizations Breached	400 companies; average loss ≈ USD 3.5 million
Unsecured Medical IoT Devices Online	>1,000,000 exposed devices

).

Explainable Artificial Intelligence (XAI) aims to provide interpretability of model predictions through techniques such as feature attribution, counterfactual explanations, rule-based approximations, or surrogate models. Yet, the mere presence of an explanation does not guarantee that it is ethically acceptable, comprehensible, or useful in reducing decision uncertainty. Existing metrics focus on model performance (accuracy, AUC) or on technical explainability measures, but they rarely quantify Ethical Explainability in a manner aligned with governance needs.

To address this gap, we propose a quantitative metric called Ethical Explainability (E_e), a composite index integrating (1) Human Agreement Ratio (HAR), representing the extent of congruence between AI outcomes and calibrated human consensus decisions, and (2) Entropy Reduction Index (ERI), reflecting the proportional reduction in expert uncertainty after receiving explanations, mapped to Shannon entropy. This work is presented as a structured narrative review combined with a formal metric proposal and an operational validation framework. The paper aims to (i) integrate measures of transparency and trustworthiness of AI by unifying the Human Agreement Ratio (HAR) and Entropy Reduction Index (ERI) into a unified metric; (ii) to theoretically integrate this metric into real-time healthcare IoT security monitoring, incident triage, and audit processes and how the metric can address the ethical concerns, and (iii) to examine different use-cases for the application of the Ethical explainability metric. The E_e framework aims to standardize ethical auditing across autonomous healthcare systems subject to the guidelines issued by FUTURE AI [9]. It thereby links technical explainability with accountability, providing both a computational and regulatory basis for trustworthy AI.

This manuscript is intended as a framework and protocol paper that formalizes an Ethical Explainability metric (${\mathrm{E}}_{\mathrm{e}}$) and specifies the measurement instruments required to compute it in practice. Our contribution is threefold: (i) we synthesize ethical requirements for AI in connected healthcare into five domains; (ii) we define a composite metric integrating human–AI decision alignment (HAR) and explanation-induced uncertainty reduction (ERI); and (iii) we provide an operational protocol including expert calibration, inter-rater reliability checks, and probability elicitation mapped to Shannon entropy. To ensure reproducibility and immediate utility, the present manuscript includes a detailed, implementable Empirical Evaluation Design specifying datasets, models, explanation methods, and analysis steps.

2. Key Ethical Issues and Countermeasures: Related Literature

HIoT systems are vulnerable to both technical and ethical risks. Leveraging AI-based decision support systems in such environments raises challenges in transparency, accountability, privacy, bias, and governance, as well as unintended discriminatory outcomes, unclear responsibility allocation, and insufficient informed consent.

2.1. Review Methodology

We conducted a structured narrative review of peer-reviewed literature and authoritative reports published between 2021 and 2025 to identify recurring ethical issues and mitigation strategies for AI in HIoT and healthcare cybersecurity. Searches were performed across major scholarly indexes (e.g., PubMed/MEDLINE, IEEE Xplore, ACM Digital Library, Scopus) using combinations of keywords such as “healthcare IoT”, “internet of medical things”, “AI”, “intrusion detection”, “explainable AI”, “ethics”, “trust”, “accountability”, and “governance”. The included works addressed (i) ethical risks (fairness, transparency, consent, accountability), (ii) explainability methods or evaluation, and/or (iii) HIoT security threats and countermeasures. Exclusion criteria were non-health domains without transferable insights, opinion pieces without a technical contribution, and papers lacking sufficient methodological detail to support governance implications. The existing literature consistently highlights ethical concerns around five interrelated domains: Justice and fairness, transparency and explainability, consent and confidentiality, accountability, and patient-centered design [10,11,12].

AI systems may inherit biases from training data, leading to unequal performance across populations or device categories. Bias may manifest in triage decisions, anomaly detection thresholds, or cybersecurity alert prioritization. Justice and Fairness issues primarily arise from such biased data and model development practices that disproportionately misclassify or discriminate against marginalized and underrepresented groups, especially when training data reflect historical inequities or single-institution cohorts. Transparency in AI involves making model decisions understandable, traceable, and auditable. In healthcare cybersecurity, explanations must align with clinicians’ and analysts’ mental models. Without adequate explainability, human operators may over-trust or under-trust AI outputs. Transparency and explainability are repeatedly identified as prerequisites for safe adoption of AI in high-stakes clinical and security workflows, with regulators, institutional review boards, and professional societies increasingly insisting on models that can generate clinically meaningful explanations rather than opaque scores. Recent studies have highlighted that quantitative metrics such as SHAP values, counterfactuals, causal-actionable scores, and human ethical scoring should be increasingly incorporated into regular auditing in large-scale clinical settings, to make them more explainable [13,14,15]. At the same time, explainability is not value-neutral. For explanations to be ethically adequate, they must be comprehensible to their intended audience, aligned with domain norms, and presented in ways that avoid misleading oversimplifications or unjustified confidence [16,17]. Accountability requires clear responsibility allocation for AI-driven actions, particularly when AI models influence security responses or patient care. Governance frameworks emphasize audit trails, documentation, and performance monitoring. HIoT systems collect sensitive data, and leveraging AI may inadvertently expose private information (e.g., highlighting features tied to patient identity). Ethical deployment requires secure handling, minimal data exposure, and explicit consent mechanisms. Recently, there has been a stark escalation in threat volume and sophistication in IoMT, as hospitals deploy thousands of interconnected devices spanning bedside monitors, infusion pumps, implantable wearables, and building-management systems [7,8,18]. A large proportion of successful attacks continue to exploit basic weaknesses such as default credentials, weak segmentation, and unpatched legacy devices, but there is also a rise in ransomware, supply-chain compromise, and targeted attacks on clinical imaging and lab systems.

In response, emerging technical countermeasures identified include layered Zero-Trust architectures, AI-assisted intrusion detection and response, device-identity management integrated with public key infrastructures, and the use of blockchain or distributed ledgers to secure configuration and audit logs [19,20,21]. Safety-critical systems require reliability under adversarial conditions, and AI must remain robust against evasion attacks. Human oversight remains essential to confirm decisions, particularly when explanations are unclear or the stakes are high. These technical measures are most effective when combined with robust governance processes, including asset inventories, risk-based patch management, and incident-response playbooks tailored to clinical workflows rather than generic IT settings.

2.2. Positioning Ethical Explainability Within XAI Evaluation Frameworks

Evaluation of explanations in XAI is commonly categorized as model-grounded, functionally grounded, or human-grounded [22,23,24,25,26,27,28,29,30,31]. Model-grounded evaluation assesses whether an explanation is faithful to the underlying model behavior. This often involves using perturbation-based tests, sufficiency and comprehensiveness logic to see whether highlighted features alone preserve the prediction, and stability/sensitivity measures under small input perturbations. Functionally grounded evaluation uses proxy criteria such as sparsity, complexity, monotonicity, or rule length to approximate interpretability without requiring human participation. These proxies are scalable but may not reflect real human decision support utility. Human-grounded evaluation directly measures whether explanations improve human understanding and decision-making, using user studies that assess comprehension, simulatability (ability to predict model outputs), task performance, decision time, reliance behavior, perceived usefulness, and workload.

Table 2. Comparison of representative explainability evaluation approaches and E_e.

Category	Representative Approach	What It Measures	Strengths	Limitations	Relation to Ee
Model-grounded	Perturbation tests (e.g., deletion/insertion)	Faithfulness of feature attributions to model behavior	Links explanation to model output changes	Sensitive to perturbation design; may not reflect human utility	Complementary: Ee adds human clarity + consensus alignment
Model-grounded	Sufficiency/comprehensiveness	Whether explanation subset is sufficient, whether removing it changes prediction	Intuitive faithfulness logic	Can be affected by feature correlation	Used as baseline in planned validation; Ee captures governance relevance
Model-grounded	Sensitivity/stability	Robustness of explanations under small input changes	Captures explanation reliability	Not a measure of human usefulness	Ee targets human uncertainty reduction
Functionally grounded	Complexity/sparsity proxies	Proxy interpretability (simplicity of explanation)	Cheap and scalable	Proxy ≠ human clarity; can oversimplify	Ee uses human-centered outcomes rather than proxies
Human-grounded	Simulatability/forward prediction tasks	Whether users can predict model behavior with explanation	Direct comprehension measure	Requires user studies	ERI provides a quantitative uncertainty analog
Human-grounded	Trust/usability scales, time, workload	Perceived trust/usefulness, reliance behavior, cognitive burden	Workflow-relevant	Subjective; may diverge from correctness	Ee reduces reliance on perception-only measures via HAR + ERI
Composite (this work)	Ee = wH × HAR + wE × ERI	Decision alignment + uncertainty reduction	Governance-ready scalar with interpretable components	Requires expert elicitation	Integrates decision and explanation utility under ethical domains

summarizes representative explainability evaluation approaches and highlights how E_e differs from, and complements, existing model-grounded and human-grounded evaluation metrics.

Trust and usability metrics are widely used in human–AI collaboration studies to evaluate whether explanations support appropriate human reliance and effective decision-making. Common measures include perceived trust or confidence in the model and the perceived usefulness of explanations. They also include reliability, decision time, and cognitive workload, along with satisfaction or usability ratings. These measures are valuable because they capture workflow-level impacts that purely model-grounded faithfulness metrics cannot. However, they are also context-dependent and may not always correlate with correctness or ethical acceptability (e.g., persuasive explanations may inflate trust even when outputs are wrong). In this manuscript, we incorporate trust/usability considerations in two ways. First, we include rubric items aligned with usability and actionability (e.g., whether the explanation supports an operational decision without undue cognitive burden). Second, in the empirical evaluation blueprint, we recommend collecting trust/usability outcomes (e.g., perceived usefulness/trust Likert ratings, decision time, and workload) and reporting correlations with E_e to assess convergent validity. This positions E_e as a governance-facing metric grounded in expert alignment and uncertainty reduction, while still enabling comparison to established trust and usability measures used in human–AI collaboration research.

Taken together, the ethical domains and evaluation frameworks motivate a composite measurement approach: one component should capture alignment between AI outputs and governed human decision standards (accountability and safety), and another should capture whether explanations measurably improve human decisional clarity (transparency and patient-centered design). Section 3 formalizes this structure as HAR and ERI and defines the composite Ethical Explainability score E_e.

3. Conceptualizing Ethical Explainability: Metric Basis and Formulation

Explainability traditionally describes an AI system’s ability to provide understandable reasoning for its outputs. Ethical AI, conversely, focuses on moral justification, consent, and accountability of action. Ethical Explainability represents a convergence of these two paradigms. It is the condition in which an explanation is both epistemically transparent (allowing users to comprehend reasoning) and normatively acceptable (aligning with established human standards). Responsible AI depends on value-congruent interpretability, whereby system transparency must be coupled with fairness, harm avoidance, and explanatory relevance. The need for such integration is most acute in healthcare cybersecurity, where opaque detection models may escalate trust crises or obscure privacy trade-offs.

Although ethical evaluation is inherently qualitative, recent governance literature emphasizes standardization of quantifiable benchmarks. Ethical metrics, or mathematically defined indicators of ethics, are now recognized as crucial for certifying trustworthy AI behavior. The proposed E_e metric fulfills this need by integrating technical and moral dimensions into a single, normalized value that measures how well an AI system’s explanations meet human and ethical expectations. One of the central concepts in Ethical explainability is the human–AI collaboration (HAIC), which emphasizes a collaborative partnership where individuals and AI systems jointly contribute to shared results. The significance of this partnership is of extreme importance in the case of healthcare. The conceptual legitimacy of E_e derives from its alignment with FUTURE AI guidelines of Fairness, Universality, Transparency, Usability, Robustness, and Explainability, and the concept of “User Trust” introduced by the National Institute of Standards and Technology (NIST) [32,33]. As per NIST, user trust focuses on how the user thinks and feels about the system and perceives the risks involved in using it. Thus, different users may weigh the technical factors differently, “depending on their perception of the task itself and the risk involved in trusting the AI’s decision.” In line with the NIST and FUTURE AI guidelines, this study proposes a quantitative metric called Ethical Explainability (E_e), a composite index integrating (1) human agreement ratio (HAR), representing the extent of congruence between the AI outcomes and human decisions, and (2) entropy reduction indices (ERI), representing the effectiveness of explanations in reducing expert uncertainty.

3.1. Component 1: Human Agreement Ratio (HAR)

The first component, the HAR, quantifies the level of agreement between experts and AI systems regarding both final outputs and explanatory reasoning. It quantifies the proportion of cases for which the AI recommendation matches the calibrated human decision reference. It expresses how closely the experts believe that the AI’s decision is correct (similar to what they would evaluate) and determines if the underlying rationale and reasoning of the AI is ethically sound. HAR is operationalized as a composite metric that integrates two dimensions of agreement between the expert panel and AI decisions. HAR is inherently human-centered, but it can be operationalized with procedures that control variability across experts.

Expert panel and calibration: A multidisciplinary expert panel is recruited with documented experience criteria. The expert panel consists of domain specialists drawn from three disciplinary strata: licensed clinicians, certified cybersecurity analysts with HIoT experience, and biomedical engineers with device integration expertise. We recommend a panel size typically ranging from 10 to 20 participants, consistent with health sciences research practice [34], and determined by the disciplinary diversity required and practical feasibility constraints. Participants are selected based on documented domain experience, familiarity with AI-assisted decision systems, and prior involvement in clinical or cybersecurity workflows. Before scoring begins, experts complete (i) a calibration session using a shared set of reference vignettes and gold-standard rationales, (ii) a brief training on the explanation modality (e.g., SHAP feature attributions, counterfactual explanations), and (iii) a consistency check to ensure the rubric is understood.

For each case i, experts provide two ratings: (a) decision agreement A_i (does the expert agree with the AI-recommended action/label?) and (b) rationale agreement R_i (does the expert judge the explanation as clinically coherent and ethically acceptable?). Both are binary (0/1) or ordinal (e.g., a scale of 1–5) initially and then categorized as binary using pre-registered cutoffs.

The reference human decision is computed as a majority vote or a Delphi consensus. Inter-rater reliability is measured using Fleiss’ Kappa κ for categorical agreement (such as final labels, binary acceptability) or Intraclass Correlation Coefficient (ICC) for ordinal scores (such as Likert-scale acceptability). If κ/ICC falls below a pre-specified threshold (e.g., κ < 0.6), additional calibration is performed, and ambiguous cases are flagged for separate analysis. A threshold of κ ≥ 0.6 can be considered acceptable, indicating substantial agreement. When agreement falls below this threshold, additional calibration sessions should be conducted to improve consistency [35]. This ensures the consensus reference used in HAR represents a stable and auditable human standard rather than unconstrained subjective judgment.

Deriving the Composite HAR: We define HAR_outcome, the outcome-level agreement in Equation (1), and the HAR_rationale, the explanation-level agreement in Equation (2), and combine them to get the composite HAR in Equation (3). This combines two different agreement dimensions into one value: the HAR_outcome, which indicates whether the AI gave the right decision compared to humans, and HAR_rationale, which indicates if the explanation was acceptable to humans. By taking a weighted score, we can identify the divergence and understand if the AI outcomes were right but poorly explained (good outcome agreement, low rationale acceptability), well-explained but wrong (high rationale acceptability, low outcome agreement), neither right nor well-explained, or both right and well-explained (ideal).

So, HAR_outcome = (1/N) Σ_i 𝟙[y_AI(i) = y_consensus(i)] ∈ [0, 1]

(1)

where N is the total number of cases evaluated; y_AI(i) is the AI model’s output for case i (e.g., malicious vs benign classification for oncology cases); and y_consensus(i) is the human expert consensus label for case i (e.g., majority vote/Delphi result). 𝟙[condition] is an indicator function that equals 1 if the condition is met (AI agrees with consensus) and 0 otherwise.

and HAR_rationale = (1/N) Σ_iR_i

(2)

where R_i ∈ {0, 1} is a binary indicator (R_i = 1 if the expert consensus judges explanation i as acceptable, R_i = 0 otherwise).

This is the fraction of cases where the explanation itself is accepted by the expert panel. For each case i, experts review the AI explanation (e.g., SHAP highlights, rules, counterfactual, text rationale) and decide whether it is clinically coherent (makes sense to a clinician/security analyst), non-misleading (does not point to irrelevant factors), actionable (supports decision-making clearly), ethically acceptable (does not reveal unnecessary sensitive info and does not encode bias, etc.) and trustworthy (does not contradict the model’s behavior in an obvious way).

So, Composite HAR = λ × HAR_outcome + (1 − λ) × HAR_rationale

(3)

where λ ∈ [0, 1] is set by the governance context (default λ = 0.7 to prioritize safety-critical outcome agreement). By taking λ = 0.7, we assign 70% weight to outcome agreement and 30% weight to rationale acceptability. This proportion is recommended since in many safety-critical healthcare/cybersecurity contexts, governance typically prioritizes avoiding incorrect actions. So, correctness gets more weight than explanation quality, though both are required for oversight and trust.

3.2. Component 2: Entropy Reduction Index (ERI)

While HAR captures the level of alignment, the Entropy Reduction Index (ERI) measures the effectiveness of explanations in reducing expert uncertainty, thereby serving as a proxy for explanation transparency and clarity. We leverage the core concept of Shannon entropy, which is widely used in decision tree modeling of data analytics, with several research-based biological and clinical solutions being developed leveraging it [36,37].

Shannon entropy can potentially offer a solution, as given in Equation (4).

$$H\left(X\right)=-{\sum }_{i=1}^k{p}_i{\log }_2\left(p_i\right)$$

(4)

where $\mathrm{X}$ represents the distribution of possible outcomes $\left(p_1,p_2,\dots ,p_k\right)$, and $p_i$ denotes the probability of the $i$-th outcome. The term $p_i\left(p_i\right)$ is defined to be zero when $p_i=0$ which is justified by the fact that $p_i\left(p_i\right)=0.$ For simplicity, we denote the entropy by H instead of $\mathrm{H}\left(\mathrm{X}\right)$ when the underlying distribution is clear from the context.

Shannon entropy is maximized for a uniform distribution. In the case of binary events, entropy is maximized when $p=0.5$, representing maximum uncertainty, and minimized when outcomes are certain (i.e., $\mathrm{p}=0$ or $\mathrm{p}=1$). In a clinical context, the entropy—or uncertainty—of a patient with respect to their diagnosis is maximal when they enter the hospital, prior to testing or diagnostic evaluation. Box 1 contains an example of an event and possible outcomes with the calculations.

Using Shannon entropy as the underlying criterion, ERI is given in Equation (5):

ERI = (H_pre − H_post)/H_pre

(5)

(with ERI = 0 if H_pre = 0) where H_pre is the entropy before explanation (expert decision uncertainty), and H_post is the entropy after explanation (residual decision uncertainty). ERI reflects the proportion of decision uncertainty removed by the explanatory process. ERI values above 0.6 suggest significant clarity improvement, directly correlating with user comprehension and trust. The ERI thus captures the explanation effectiveness in reducing decision uncertainty. The composite E_e therefore represents a trust potential function comparable to those used in the FUTURE AI 2025 guidelines of traceability and robust transparency [9].

Box 1. Worked example (clinical triage): step-by-step computation of Shannon entropy and ERI.

Event: A remote patient monitoring system triggers an alert for a patient with abnormal vitals (e.g., declining SpO₂ trend + sustained tachycardia).

Outcome space (Ω): Four mutually exclusive actions (K = 4)- no action, telehealth follow-up within 24 h, same-day clinic evaluation, immediate ER referral.

Step 1—Elicit expert probabilities (pre-explanation)

Before seeing the AI explanation, the clinician is maximally uncertain and assigns

            p_pre = [0.25, 0.25, 0.25, 0.25].

Step 2—Compute pre-explanation entropy (H_pre). Shannon entropy (base 2) is

            H = −Σ_k p_k log₂(p_k)

Here, log₂(0.25) = −2. So, each term is computed as −0.25 * log₂(0.25) = −0.25*(−2) = 0.5.

Summing four identical terms: H_pre = 4 * 0.5 = 2.0 bits (This is the maximum entropy for K = 4 outcomes because (log₂(4) = 2)).

Step 3—Elicit expert probabilities (post-explanation): After reviewing an explanation (e.g., “persistent desaturation trend + CHF history + abnormal variability pattern”), the clinician updates to p_post = [0.05, 0.10, 0.20, 0.65].

Step 4—Compute post-explanation entropy H_post

Compute each contribution −plog₂(p):

For p = 0.05, log₂(0.05) = −4.321928, −0.05*log₂(0.05) = −0.05*(−4.321928) = 0.216096;

For p = 0.1, log₂(0.1) = −3.321928, −0.1*log₂(0.1) = −0.1*(−3.321928) = 0.332193;

For p = 0.2, log₂(0.2) = −2.321928, −0.2*log₂(0.2) = −0.2*(−2.321928) = 0.464386;

For p = 0.65, log₂(0.65) = −0.621488, −0.65*log₂(0.65) = −0.65*(−0.621488) = 0.403967.

Sum the four terms: H_post = 0.216096 + 0.332193 + 0.464386 + 0.403967 = 1.416642 bits.

Step 5—Compute ERI

ERI = (H_pre − H_post)/H_pre = [(2.0 − 1.416642)/2.0] = 0.291679.

Interpretation: The explanation reduced the clinician’s uncertainty by 29.17%.

In other words, the clinician’s probability mass shifted toward a more decisive action of an immediate ER referral, and ERI quantifies that shift as a normalized reduction in Shannon entropy.

Quantifying ERI from expert uncertainty

ERI requires an explicit mapping from expert uncertainty to a probability distribution over possible outcome. For each case, experts complete a probability-elicitation questionnaire twice: before seeing the explanation (pre) and after seeing the explanation (post).

Outcome space: Let Ω contain k mutually exclusive outcomes (e.g., {benign, suspicious, malicious} for an intrusion detection system (IDS) alert or a set of triage actions). Experts allocate probabilities across Ω such that Σ_k p_k = 1. This can be done by (i) direct probability sliders, or (ii) a calibrated confidence score c, k∈ [0, 100] per outcome converted to probabilities via normalization as shown in Equation (6), so that

p_k = c_k/Σ_j c_j

(6)

Entropy computation: For each case, compute Shannon entropy as given in Equation (7)

H = −Σ_k p_k log₂(p_k)

(7)

Let H_pre and H_post denote entropies from pre- and post-distributions.

Handling edge cases: If H_pre = 0 (expert is fully certain initially), then ERI = 0 by convention (no uncertainty can be removed). The normalization of ERI makes it comparable across cases with different baseline uncertainty because it measures the fraction of uncertainty removed rather than the absolute entropy change. ERI is bounded in [0, 1] when H_post ≤ H_pre, where ERI = 0 indicates no clarification and ERI = 1 indicates complete resolution of uncertainty. Ethical Explainability (E_e) is defined as the quantitative measure of the degree to which an AI system’s explanations simultaneously achieve human ethical consensus (HAR) and reduce epistemic uncertainty (ERI), weighted in proportion to normative domain priorities. Combining these two dimensions yields the Ethical Explainability Index as given in Equation (8):

E_e = w_H × HAR + w_E × ERI, subject to w_H + w_E = 1

(8)

where w_H, w_E ∈ [0, 1] and Ee ∈ [0, 1], assuming ERI ∈ [0, 1].

This holds when explanations do not increase expert uncertainty (i.e., H_post $\le$ H_pre). If uncertainty increases, ERI becomes negative and indicates confusing explanations. The weights reflect the relative importance of decision alignment and explanation clarity. The weights w_H and w_E reflect the relative governance cost of (i) incorrect or misaligned decisions (captured by HAR) versus (ii) insufficiently clarifying explanations (captured by ERI). In clinical cybersecurity, false negatives can translate to patient harm or large privacy breaches; therefore, decision alignment is often weighted more.

A principled approach is to set weights via stakeholder elicitation (e.g., Analytic Hierarchy Process) or via a utility-based model as given in Equation (9):

w_H = C_error/(C_error + C_explain), w_E = C_explain/(C_error + C_explain)

(9)

where C_error is the expected cost of an incorrect decision, and C_explain is the expected cost of an insufficient explanation (e.g., delayed response, inappropriate automation).

E_e can be interpreted in tiers, for example, low Ethical Explainability when E_e < 0.4, moderate Ethical Explainability when 0.4 ≤ E_e < 0.7, and high Ethical Explainability when E_e ≥ 0.7.

Operational threshold parameter (E₀): During deployment, institutions may define a minimum acceptable Ethical Explainability threshold E₀ ∈ [0, 1] to support governance actions. For example, alerts with E_e ≥ E₀ may be eligible for higher-automation responses, while alerts below E₀ are routed to manual review. E₀ is context-specific and should be set using local risk appetite, clinical safety requirements, and retrospective validation.

Here, w_H and w_E represent customizable domain-specific weights reflecting the relative importance of decision accuracy and explanation quality. This reflects a risk-aware prioritization commonly adopted in safety-critical domains, where the cost of incorrect decisions (e.g., missed intrusions or unsafe clinical actions) is typically higher than the cost of less interpretable explanations. Therefore, slightly greater emphasis is placed on decision alignment (HAR), while still maintaining a substantial role for explanation quality (ERI) to support trust, accountability, and human oversight. For this reason, we suggest a configuration that prioritizes agreement modestly more than uncertainty reduction, while still assigning substantial weight to clarity; hence, a weight configuration of w_H = 0.6, w_E = 0.4 is recommended.

The weights w_H and w_E reflect a governance trade-off between (i) decision alignment with expert standards and (ii) explanation-driven clarity. In clinical and security settings, incorrect decisions can impose high expected harm (e.g., missed intrusions leading to data breaches or device compromise; unsafe triage actions leading to patient harm), whereas insufficient explanation clarity often produces indirect costs such as delayed response, increased manual review burden, or reduced adoption. For this reason, we recommend a default configuration that prioritizes agreement modestly more than uncertainty reduction, while still assigning substantial weight to clarity:

$${\mathrm{E}}_{\mathrm{e}}={\mathrm{w}}_{\mathrm{H}}\times \mathrm{H}\mathrm{A}\mathrm{R}+{\mathrm{w}}_{\mathrm{E}}\times \mathrm{E}\mathrm{R}\mathrm{I},{\mathrm{w}}_{\mathrm{H}}=0.6,{\mathrm{w}}_{\mathrm{E}}=0.4.$$

This default can be justified using a simple risk/utility model:

$${\mathrm{w}}_{\mathrm{H}}={\displaystyle \frac{{\mathrm{C}}_{\mathrm{e}\mathrm{r}\mathrm{r}\mathrm{o}\mathrm{r}}}{{\mathrm{C}}_{\mathrm{e}\mathrm{r}\mathrm{r}\mathrm{o}\mathrm{r}}+{\mathrm{C}}_{\mathrm{e}\mathrm{x}\mathrm{p}\mathrm{l}\mathrm{a}\mathrm{i}\mathrm{n}}}},{\mathrm{w}}_{\mathrm{E}}={\displaystyle \frac{{\mathrm{C}}_{\mathrm{e}\mathrm{x}\mathrm{p}\mathrm{l}\mathrm{a}\mathrm{i}\mathrm{n}}}{{\mathrm{C}}_{\mathrm{e}\mathrm{r}\mathrm{r}\mathrm{o}\mathrm{r}}+{\mathrm{C}}_{\mathrm{e}\mathrm{x}\mathrm{p}\mathrm{l}\mathrm{a}\mathrm{i}\mathrm{n}}}},$$

where $C_{error}$ is the expected governance cost of incorrect or misaligned decisions and $C_{explain}$ is the expected cost of insufficient explanation clarity (e.g., delay, over/under-reliance, audit difficulty). The default $w_H=0.6$, $w_E=0.4$ corresponds to a plausible baseline assumption ${\mathrm{C}}_{\mathrm{e}\mathrm{r}\mathrm{r}\mathrm{o}\mathrm{r}}\approx 1.5\hspace{0.17em}{\mathrm{C}}_{\mathrm{e}\mathrm{x}\mathrm{p}\mathrm{l}\mathrm{a}\mathrm{i}\mathrm{n}}$, i.e., decision error is modestly more costly than explanation insufficiency. Importantly, these weights are not universal; institutions should calibrate them to local risk appetite and report sensitivity analyses (e.g., $w_H\in [0.4,0.8]$). This weighting is further aligned with governance frameworks, such as the NIST AI Risk Management Framework [23], which emphasize minimizing operational risk and harm while preserving transparency. Importantly, these weights are not fixed and may be adapted using stakeholder-driven approaches (e.g., Analytic Hierarchy Process) or cost-sensitive utility modeling, depending on the deployment context, and should be reported alongside sensitivity analyses.

The proposed computation of HAR and ERI relies on expert panels, calibration sessions, and probability elicitation, which introduces a practical time/effort requirement. In a typical binary or small multi-class problem statement (such as classification of a case as benign or malignant or evaluating the risk as high, medium, or low), we assume that an expert can usually complete one case in approximately 4–5 min. A feasible pilot evaluation can be conducted, consisting of 50 representative cases, and could be reviewed by five experts in one hour. To scale this approach in real clinical environments, ERI/HAR computation can be applied selectively via lightweight alternatives: (i) sampling-based audits focusing on high-risk or borderline cases rather than every alert, (ii) periodic offline governance cycles on a monthly basis to monitor explanation quality and drift, and (iii) proxy-assisted triage using automated explanation stability/faithfulness indicators to flag cases where expert ERI assessment is most needed. These strategies preserve the governance value of the metric while keeping expert burden compatible with operational constraints.

The ERI requires expert input for probability assignments and is therefore not intended to be computed for every high-frequency real-time alert. Rather, ERI is most feasible within tiered evaluation workflows such as sampling-based audits and periodic governance review.

The definitions above are designed to be directly computable in real-world settings, but they require a standardized evaluation workflow that specifies the dataset/task, model, and explanation methods, and the expert elicitation instruments used to estimate HAR and ERI. To make the approach reproducible and to address reviewer concerns about practical utility, we provide an empirical evaluation blueprint in the Section 4. Box 2 continues with the example in Box 1 to give a continued step-by-step workflow for how the E_e metric is computed.

Box 2. Example continuing from Box 1: computing HAR, ERI, and E_e in practice.

Event: Remote patient monitoring alert (Decreasing SpO₂ + tachycardia + CHF history).

Outcome space: {No action, telehealth 24 h, same-day clinic, immediate ER}.

Step 5: From Box 1, computed ERI = 0.291679, implying that the explanation removed ~29% of the clinician’s uncertainty.

Step 6: Computing HAR_outcome: Did the AI recommendation match expert consensus?

Suppose the AI recommends immediate ER referral and let us take a case of an 8-member panel, which suggests the final actions with 6 experts choosing “immediate ER”, 2 choosing “same-day clinic” with a calibrated consensus as “immediate ER”. Since the AI decision matches that of the experts, HAR_outcome = 𝟙[y_AI = y_consensus] = 1.

Step 7: Computing HAR_rationale: Was the explanation acceptable?

Experts also judge the explanation using a rubric (coherent, actionable, non-misleading, minimum disclosure). Suppose 7 out of the 8 experts vote “unacceptable”, this means that the consensus is not accepting the explanation provided, so HAR_rationale = 0.

Step 8: Combine into the overall HAR using λ = 0.7.

HAR = λ × HAR_outcome + (1 − λ) × HAR_rationale = 0.7(1) + 0.3(0) = 0.7.

Step 9: Compute Ethical Explainability E_e.

Using default weights w_H = 0.6, w_E = 0.4,

E_e = w_H × HAR + w_E × ERI = 0.6(0.7) + 0.4 (0.291679) = 0.42 + 0.02 = 0.44.

Hence, the alert scores E_e ≈ 0.44 because the AI is aligned with experts, but the explanation does not meaningfully remove the uncertainty. An institution can compare E_e to a predetermined governance threshold, to decide which alerts may be handled with higher automation versus mandatory manual review.

4. Operationalizing the Ethical Explainability Metric in Healthcare IoT Workflows

The need for explainable and ethical AI in healthcare IoT security is becoming increasingly critical as both the number and sophistication of connected biomedical devices expand. In contemporary hospital environments, networks routinely integrate thousands of endpoint systems, including infusion pumps, telemetry sensors, patient wearables, and diagnostic imaging devices, each of which is vulnerable to cyber intrusion and operational misuse and can lead to patient harm or patient data leakage. IDS leveraging black-box deep learning or ensemble AI models offers promising capacity for real-time anomaly detection, but without explainable outputs, cybersecurity experts often fail to act promptly or appropriately on alerts. Clinicians may also fail to receive the necessary patient information in time or, worse, receive false information, leading to them making sub-optimal treatment decisions, which may adversely impact patient safety. Integrating the Ethical Explainability (E_e) metric into healthcare IoT security workflows represents a practical advance toward more transparent, trusted, and auditable AI recommendations.

This section provides a protocol-level evaluation design for validating $E_e$ on real intrusion/HIoT datasets and with recruited experts. Because this validation requires coordinated expert recruitment, calibration, and reliability testing (and may require institutional ethics/IRB review), full empirical results are positioned as follow-on work; however, the blueprint below is sufficiently detailed to be executed directly by readers.

Blueprint for an Empirical Evaluation Design

We outline how we can reproduce the empirical validation protocol for $E_e$ that can be executed. The goal is to evaluate whether $E_e$ behaves as intended across models and explanation methods, and whether it provides governance-relevant differentiation beyond existing XAI evaluation metrics.

Figure 1 outlines how the integrated metric is created in healthcare IoT settings to identify malicious patterns. The evaluation is conducted on a labeled intrusion dataset representative of connected-device monitoring (e.g., benign vs. malicious traffic, or multi-class attack family classification). AI-based IDS modules operating on network gateways generate continuous anomaly scores and flag potentially malicious devices or traffic patterns. The task will be defined either as binary detection with benign and malicious as the two classes Ω = {benign, malicious} or as a multi-class detection where Ω is defined by attack families, matching the label granularity. Standard preprocessing procedures, such as normalization, data preprocessing, and feature extraction for neural models, will be documented to support reproducibility.

At least two model families should be evaluated to ensure model-agnostic applicability. Standard predictive metrics such as accuracy, Macro-F1, and AUROC will be reported to contextualize explainability evaluation and to avoid evaluating explanations in isolation from predictive performance. Explanations can be generated using multiple, widely adopted methods spanning different explanation families, for example, (i) SHAP-based feature attributions, (ii) LIME local surrogate explanations, and (iii) counterfactual explanations indicating minimal changes required to flip the predicted class.

For each case, the experts will evaluate a single explanation method at a time, enabling within-case comparison across explanation modalities. Post this, they will undergo a calibration session using shared vignettes and rubric training to reduce variability. For each case $i$, experts provide (a) a final decision label/action recommendation to form y_consensus and compute HAR_outcome; (b) explanation acceptability judgments using a rubric (coherence, actionability, non-misleadingness, minimum disclosure) to compute HAR_rationale; and (c) pre- and post-explanation probability distributions over $\Omega$ to compute H_pre, H_post, and ERI.

Inter-rater reliability will be reported using Fleiss’ $\kappa$(categorical agreement and acceptability) and ICC (ordinal rubric scores), and low-agreement cases will be flagged for adjudication or sensitivity analysis. To position E_e against established evaluation approaches, the validation will compute representative model-grounded baselines, such as perturbation-based or sufficiency scores, and human-grounded baselines. Convergent validity will be assessed via correlation analysis between E_e and baseline measures, and discriminant behavior will be analyzed in cases where metrics diverge (e.g., faithful explanations that do not reduce human uncertainty). Robustness will be assessed via sensitivity to the weight parameters w_H, w_E, and the HAR mixing parameter $\lambda$, and via subgroup stratification relevant to justice/fairness (e.g., device categories, network segments, clinical unit context where available). We also recommend reporting the test–retest reliability for a subset of cases to assess the stability of ERI/HAR under repeated evaluation.

Executing the blueprint above yields (i) HAR and ERI distributions across explanation methods, (ii) E_e sensitivity to weights and governance thresholds, (iii) reliability statistics (κ/ICC), and (iv) comparisons against established faithfulness and trust/usability measures. In the next section, we discuss how these outputs support ethical governance in connected healthcare settings.

Alerts with high E_e values combining strong user-model agreement and robust uncertainty reduction can be prioritized for semi-automated defense actions (e.g., temporary device quarantine, automated notification to the affected ward, or proactive configuration rollback). In contrast, those with low E_e scores are routed to manual review, ensuring that edge cases or ambiguous reasoning do not escape human oversight. This workflow, depicted in Figure 2, not only supports risk-based incident response but also generates an ongoing evidentiary record for later auditing, regulatory reporting, or root-cause analysis.

5. Linking HAR and ERI to the Five Ethical Domains

The five ethical domains—fairness, transparency, confidentiality, accountability, and patient-centered design—directly shape the Ethical Explainability metric E_e through its two components, the HAR and ERI, as summarized in

Table 3. Mapping ethical domains from the review to E_e components and reporting requirements.

Ethical Domain (from Review)	How It Is Operationalized in Ee	What to Measure and Report	Practical Implementation/Governance Cues
Justice and fairness	Fairness is assessed by examining HARoutcome, HARrationale, and ERI across subgroups to identify disparities in agreement or uncertainty reduction.	Report HARoutcome, HARrationale, ERI, and Ee stratified by relevant groups (e.g., device type, unit/ward, patient demographic groups), plus disparity metrics (confidence intervals).	If subgroup gaps exceed governance thresholds, trigger re-training, re-calibration of explanations, or policy review; include subgroup auditing in periodic monitoring.
Transparency and explainability	ERI captures explanation utility as proportional uncertainty reduction; HARrationale captures whether explanations are judged coherent/actionable.	Report ERI distribution (% cases with ERI ≥ target; report HARrationale with criteria breakdown (e.g., coherence, actionability, non-misleadingness).	Compare multiple XAI methods; select explanation modality that maximizes ERI without harming HARoutcome; use ERI to detect opaque explanations.
Consent and confidentiality	Incorporated via HARrationale by penalizing explanations that expose unnecessary sensitive information or violate minimum-necessary disclosure.	Report the proportion of explanations failing privacy/consent criteria document explanation content controls.	Establish explanation redaction rules; ensure explanations do not reveal identifiers; align with local consent policies.
Accountability	HARoutcome provides auditable alignment with expert consensus; ERI demonstrates that explanations reduce uncertainty; together support governance thresholds (E0).	Report inter-rater reliability (κ/ICC), consensus method, calibration protocol; report Ee relative to E0 (pass/fail rates); provide audit logs of cases where Ee < E0.	Define automation policy: if Ee ≥ E0, allow higher automation; else require human oversight; incorporate periodic audits and drift monitoring.
Patient-centered design	Ensures explanations improve clinician/analyst decision-making and fit workflow constraints: ERI measures clarity gains; HARrationale includes usability/actionability items; HARoutcome supports safety.	Report ERI alongside user-centered outcomes (optional but recommended): perceived usefulness, time-to-decision, workload; include actionability items in HARrationale	Tailor explanation format to user roles; adopt human factors evaluation; ensure explanations support safe patient-impacting decisions and do not increase cognitive burden.

. ERI operationalizes transparency by measuring how much explanations reduce expert uncertainty. HAR supports accountability by quantifying agreement between AI recommendations and calibrated expert consensus; together they separate “right but opaque” from “clear but wrong.” Fairness is assessed by reporting HAR and ERI overall and across relevant subgroups to detect disparities. Confidentiality is incorporated via the HAR rationale rubric, which penalizes explanations that disclose unnecessary sensitive information. Patient-centered design is reflected by requiring explanations to be usable and actionable, captured through ERI’s uncertainty reduction and HAR_rationale’s usability criteria, linking ethical requirements to measurable human–AI collaboration outcomes.

6. Benefits of Leveraging the Ethical Explainability Metric in Healthcare IoT

Ethical Explainability requires both correct alignment with human decisions and a measurable reduction in uncertainty. HAR alone cannot ensure explanations are helpful, and ERI alone cannot ensure decisions are correct. E_e provides a governance-ready composite that can be integrated into compliance and oversight workflows. The Ethical Explainability E_e metric has immediate potential implications for the application of Artificial Intelligence technologies throughout healthcare IoT ecosystems, as given below and summarized in

Table 4. Indicative use cases of E_e in connected health systems.

Application Area	AI Scenario/Alert	How Ee Is Used	Outcome When Ee Is Low
Remote patient monitoring	Arrhythmia alert on wearable	Clinician and nurse review/explain	Model triggers manual validation, not auto-intervention
Device security monitoring	Network anomaly on patient monitor	Engineers and experts review SHAP explanation	Device isolated or flagged for further probe
Population health/fairness auditing	Risk score disparity in different groups	Medical teams review scores per group	Bias mitigation and retraining initiated
Digital health apps and consent	Lifestyle/intervention recommendation	User feedback on explanation comprehensibility	Algorithm revised, content adapted, or user given more context
Regulatory compliance audit	Annual hospital AI systems review	Aggregate Ee statistics reported	Noncompliant systems suspended or remediated

.

One use case is real-time remote patient monitoring, where physiological parameters are continuously captured and transmitted by wearable and implantable medical devices. Here, anomaly detection algorithms are vital for early warning and decision support. By integrating E_e, every AI-generated alert (such as a stroke prediction) would be accompanied by a quantified measure of explainability. If an AI system flags a patient event, its accompanying explanation, such as an explicit attribution to heart rate variability or signal outlier status, is reviewed not only for technical correctness but also for clarity and acceptance by clinical experts.

At the network and device management layer, E_e has value in AI-driven intrusion detection for connected medical devices. For instance, an explainable anomaly detection system might identify a network packet sequence as potentially malicious. The E_e score would indicate how well the AI’s explanatory rationale reduces uncertainty and aligns with the expert judgment and guides whether the network should take autonomous protective measures (such as quarantining a device) or escalate for manual investigation. This supports a risk-stratified, justifiable approach to device isolation versus routine operation, improving both safety and efficiency. E_e also serves as a quantifiable tool in the auditing of clinical AI fairness and regulatory compliance.

For patient-facing applications, the use of E_e ensures that digital health interventions, such as personalized behavioral recommendations or automated medication reminders. These would be accompanied by explanations that are both interpretable and trustworthy for patients themselves. The incorporation of patient feedback enables iterative design of more effective, transparent, and compliant digital therapeutics. It also supports informed consent and regulatory documentation. Finally, from a systems and governance perspective, aggregated E_e statistics can provide hospitals and regulators with continuous, dashboard-ready data. This ensures explainability, transparency, and adaptive oversight in line with regulatory frameworks.

Overall, $E_e$ is presented as a framework and protocol contribution that operationalizes ethical requirements into measurable components for governance-oriented evaluation. Demonstrating measurable improvements in patient safety, clinician trust calibration, or response efficiency would require follow-on empirical studies using real datasets, multiple explanation methods, and calibrated expert panels.

Limitations of the study: This work should be interpreted as a framework and protocol contribution, with full empirical validation planned as follow-on work. The intent of the study was to synthesize ethical requirements and translate them into metric design requirements rather than to estimate effect sizes. We mitigate this limitation by providing a detailed empirical blueprint of datasets, models, explanation methods, elicitation instruments, and an analysis plan to enable immediate implementation by other researchers and institutions. Also, the E_e is designed as a governance-ready proxy for trustworthy human–AI collaboration, but causal links between higher E_e and downstream outcomes such as reduced incident response time, fewer security escalations, lower clinical error, or improved patient safety still need to be established. Further, HAR and ERI explicitly incorporate expert evaluation, which remains influenced by domain experience, institutional policy, local threat models, and workflow norms. Consequently, E_e may not be directly comparable across institutions without harmonized protocols, and cross-site benchmarking requires careful standardization. Another limitation of the proposed framework is its reliance on expert-driven probability elicitation for computing ERI, which may limit real-time applicability in high-speed clinical environments. In practice, continuously obtaining expert probabilities for each decision may not be feasible in time-sensitive scenarios such as real-time patient monitoring or automated intrusion detection. To address this, ERI estimation can be approximated using pre-calibrated expert models, historical distributions, or surrogate uncertainty estimators derived from user interaction logs. Future work should explore automated or semi-automated approaches for estimating uncertainty reduction without requiring continuous human input.

Future studies can consider (i) applying the full protocol to real HIoT security datasets and cyber-range evaluations, (ii) comparing multiple explanation modalities with known fidelity properties, (iii) reporting inter-rater reliability and probability calibration, (iv) testing robustness under drift/adversarial conditions, and (v) evaluating predictive validity against operational endpoints and safety outcomes.

7. Conclusions

This manuscript defines a governance-oriented metric for Ethical Explainability, ${\mathrm{E}}_{\mathrm{e}}$, intended to support human–AI collaboration in connected healthcare systems. Our first contribution is a structured synthesis of ethical requirements into five domains—justice and fairness, transparency and explainability, consent and confidentiality, accountability, and patient-centered design—and an explicit mapping from these domains to measurable evaluation components. Our second contribution is the formalization of ${\mathrm{E}}_{\mathrm{e}}$ as a composite of Human Agreement Ratio (HAR) and Entropy Reduction Index (ERI) with consistent notation, edge-case handling, and interpretable component decomposition. Our third contribution is an operational protocol specifying expert calibration, probability elicitation mapped to Shannon entropy, and reliability reporting (e.g., κ/ICC), enabling reproducible computation of HAR and ERI as governance signals.

The main limitation of this work is the absence of full empirical validation on real-world deployments. While we provide internal consistency checks and a detailed empirical evaluation blueprint, external validity and practical robustness must be established through dataset-based experiments and expert studies across models and explanation methods.

Future work will execute the empirical protocol on real healthcare IoT intrusion datasets using representative model families and multiple explanation methods. A calibrated expert panel will compute HAR and ERI in practice, enabling comparison of ${\mathrm{E}}_{\mathrm{e}}$ against established faithfulness/fidelity metrics and trust/usability measures, along with sensitivity analysis over ${\mathrm{w}}_{\mathrm{H}},{\mathrm{w}}_{\mathrm{E}},\mathsf{\lambda }$, subgroup-stratified fairness reporting, and drift monitoring. These steps will determine the practical utility of ${\mathrm{E}}_{\mathrm{e}}$ as a measurable governance metric for trustworthy AI in connected healthcare.