Healthcare Internet-of-Things (H-IoT) deployments — wearable biosensors, bedside monitors, and connected diagnostic devices — generate dense streams of telemetry that increasingly underpin clinical and operational decisions. Their attack surface is correspondingly large, and the dominant defensive primitive, the deep-learning intrusion detection system (IDS), is opaque, brittle under non-IID data, and difficult to govern under medical-device regulation. This article develops a Trust-by-Design Analytics framework for H-IoT intrusion detection that couples three layers: a federated Bi-LSTM detector trained across hospital and at-home clients without sharing raw traffic; a Shapley-based explainable-AI (XAI) layer that attributes each detection to a small set of human-auditable features; and a risk-aware decision layer that translates calibrated detector posteriors and explanation faithfulness scores into a triage action — accept, abstain, or refer to a security analyst — under an explicit cost model. We present a controlled numerical study, calibrated to noise levels and prevalence figures from the ToN-IoT and CICIDS2019 corpora, in which the framework achieves an F1 of 0.961 on ToN-IoT and 0.971 on CICIDS2019, recovering most of the centralised-baseline ceiling while preserving privacy, and reduces normalised expected misclassification cost by approximately 38% relative to a fixed-threshold federated baseline at a clinically realistic 5:1 cost ratio between false negatives and false positives. We further show that explanation faithfulness, measured by an insertion-test AUC, is monotone in detection confidence and acts as a useful gate for the abstain-and-refer pathway. The framework is positioned as a deployment template for analytics teams working at the boundary of regulated medical devices and at-scale digital-health operations: it disaggregates the IDS pipeline into separately governable components, surfaces calibration and explanation quality as first-class operational metrics, and ties the detection cost to a transparent, contractible decision policy.