Health Data Sharing Will Follow the Open Banking Model

The trend toward API-based banking offers a model for health records, giving patients access to and control over their personal health data.

Guest Commentary, Guest Commentary

September 12, 2018

5 Min Read
Image: Pixabay/McMurryJulie

There’s a data crisis in healthcare today, with patient care hindered by paper-based record systems and information that’s siloed within different provider systems. Electronic health record (EHR) systems were designed to solve these problems, but a lack of interoperability is holding the industry back. Consumer demand for mobile apps and open APIs will move the healthcare industry toward an open data model similar to the nascent open banking effort, in which people can easily access their health information and share it with providers of their choosing.

When you go to the doctor today, chances are you are writing your medical history and other information on a piece of paper attached to a clipboard, for every single provider you visit. When you change insurance or move, you have to update each provider separately. Information sharing between providers gets complicated and the patient gets no say in what information is shared, how, and with whom. However, if the patient has control over their medical records, they can more easily share their records with providers and control which data is shared with which doctors. The key is making the system convenient for patients and providers to use in order to save time and reduce errors.

This type of consumer-friendly modernization is happening now with banks in Europe. Earlier this year the UK adopted Open Banking standards that require the region’s nine biggest banks to share data via open APIs. This enables third-party developers to offer innovative tools and apps that will give people more insight into their finances and control over what they want to do with their money. Just like the Mint personal finance app spurred interest in open banking, Apple’s new Health App, which lets people consolidate health data from different providers, will help spark a data sharing revolution in healthcare as consumers demand more control over their information.

The stakes are even higher for healthcare than finance. A significant portion of the 250,000 deaths in the U.S. each year attributed to medical errors are due to poor coordination of patient care. EHR systems can help reduce errors, and health information exchange via open APIs can provide chronological views of medical histories, illnesses, allergies, medications and other critical information, as well as improve communication between patients and providers. Being able to better manage my bank account helps my financial wellbeing, but effective and efficient management of my medical data can be a matter of life or death.

To make this happen we need interoperability and standards. Right now the different systems aren’t talking to each other, either between providers or within a provider. For example, the average hospital has 16 EHR platforms, according to HIMSS Analytics. This disparate framework contributes to a poor user experience and a higher margin for error. 

Tech companies have already solved the data sharing problem using two protocols to delegate access to sensitive information: OAuth and OpenID Connect. These protocols provide protection of APIs that hold sensitive user information. They make sure that the person who is logging in has permission to access the information, and that they have been properly authenticated. Adoption of authentication and identity protocols is becoming more widespread by the day across a wide number of verticals. 

With an identity-based medical record system, patients can log in on the web or on a mobile app to access their medical records and history. They can pay on the app and share their records, or partial records, with different providers. What’s more, medical records accessed via APIs can be protected with multiple layers of fraud protection, which makes them inherently more secure. Patients often forget which medications they’ve been prescribed, what medications they are allergic to, and what procedures they’ve had. An identity-based, open-API EHR architecture will record a more accurate log of a patient’s medical history so that patients don’t have to remember every detail and providers can provide the best customized treatment.

I’ve seen some encouraging startups putting patients in control of their data. For example, Docket created a phone app that allows for control of medical records by scanning QR codes, and Live and Leave Well gives people the ability to easily share their end-of-life wishes with loved ones, or those listed as emergency contacts. Meanwhile, an industry effort that is making headway is the CARIN Alliance, which is working with government leaders on advancements in consumer-directed digital health information exchange. 

A core element to any open data sharing is the concept of data ownership. My finance data is mine to do with as I please, and my health data is mine as well. One day people will have all their information available at their fingertips, to share with trusted providers of their choosing. Sweden is nearly there, on its way to providing all adults with their electronic medical records by 2020. I’m hoping we’ll be heading down the open healthcare data path within the next five to 10 years so patients can get more efficient and personalized care. 


Sarah Squire is a Senior Technical Architect at Ping Identity. She is a co-author of NIST Special Publication 800-63C Digital Identity Guidelines, which outlines federated authentication standards for all US federal agencies. She is the Vice President of IDPro, a nonprofit professional organization for identity practitioners. She has been named one of the top 100 influencers in identity. She has acted as a subject matter expert in identity and access management to several government agencies, private companies, and open standards groups including NIST, Yubico, OpenID Foundation and the Mozilla Foundation. Sarah holds a Bachelor of Science in Physics and a Master of Science in Information Management from the University of Washington where she was a NASA Space Grant Scholar. She is also a Certified Information Security System Professional (CISSP).

About the Author(s)

Guest Commentary

Guest Commentary

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT professionals in a meaningful way. We publish Guest Commentaries from IT practitioners, industry analysts, technology evangelists, and researchers in the field. We are focusing on four main topics: cloud computing; DevOps; data and analytics; and IT leadership and career development. We aim to offer objective, practical advice to our audience on those topics from people who have deep experience in these topics and know the ropes. Guest Commentaries must be vendor neutral. We don't publish articles that promote the writer's company or product.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights