Health IT infrastructure forms the foundation for everything that happens in a healthcare organization, from quality improvement and patient safety to financial sustainability and business intelligence.
While many different health IT strategies can support success, ensuring that an organization has scalable, flexible, and future-proof tools at its disposal will reduce the possibility of getting stuck with outdated capabilities.
Open source software is one promising way that healthcare organizations can reduce IT infrastructure costs while remaining agile enough to adopt new IT solutions that will enable future improvements in patient care and business operations.
Open source encourages collaboration among vendors, providers, and developers to build ever-changing and improving infrastructure technology by sharing source code.
This collaborative strategy has the potential to bring technology innovations into the healthcare space much more quickly than independent development.
Healthcare organizations need to understand what open source is and how it is significant to future health IT infrastructure innovations that will save money and help clinicians treat patients more efficiently.
What is open source software?
If a software tool claims to be “open source,” that means the source code is freely accessible to anyone. This encourages the creation and development of multiple platforms using the same standard.
In contrast to proprietary software, which only gives the end user access to machine code, open source software allows its end users to access and modify source code under a licensing agreement. Access to the source code allows developers to make new machine code to meet their needs or improve upon the technology.
Open standards encourage competing implementations of the same standard, rather than creating competing platforms. This can benefit consumers, according to a report published by the Journal of Medical Internet Research.
The report, authored by Carl J Reynolds, BSC(Hons) MB BS and Jeremy C Wyatt, MB BS DM FRCP, differentiates between different standards by placing them into classifications:
- Closed: the standard is owned by a company and is kept secret (eg, the Skype communication protocol)
- Disclosed: the standard is owned by a company but is made available to other companies and users (eg, Adobe PDF format)
- Concerted: there is a consultation on a new standard, but admission to the consultation process and management of the process is controlled by a company (eg, Java programming language)
- Open concerted: there is an open participation in the process through which the standard is defined and managed (eg, World Wide Web Consortium [W3C] HTML)
- Open de jure: the standards are owned and managed by official international or national standardization bodies (eg, the Digital Imaging and Communications in Medicine [DICOM] standard)
An open standard must be developed using all of the following requirements:
- The standard specification document must be publicly available, either free of charge or at a nominal fee
- The standard must be owned and managed by an official standardization body or by an open group or consortium, and must not be owned or controlled by a single party, and no single party must have special rights to it
- The standard must be defined and managed according to an open process, where every interested party is able to join the standardization process, which must be based on an open decision-making procedure (eg, consensus)
- The standard must be free to implement for all interested parties, without any royalty fee, and any patented technologies included in the standard must be licensed with royalty-free nondiscriminatory terms
- It must be possible to extend and reuse the standard in other open standards
“The rationale is that open standards lower entry barriers and encourage competing implementations of the same standard, which in turn tends to foster innovation and lower costs to the consumer,” Reynolds and Wyatt explained.
“The consumer is empowered to change products without losing data or facing significant conversion costs, thereby preventing lock-in. Further, together with antitrust laws, open standards help to protect consumers from monopolies.”
Open source allows organizations to develop or change software to make it compatible and interoperable. This may help provider organizations avoid many of the data interoperability issues that have made it difficult to exchange health information between electronic health records and other health IT systems.
How secure is open source?
Open source understandably raises security concerns in healthcare. How can the source code be available to everyone without the risk of a hacker getting the code and using it to gain access to protected health data?
Healthcare companies should not develop on community-based open source because there aren’t usually companies or organizations behind it to secure and support it, according to Red Hat Director of Healthcare Craig Klein.
Open source code should be “enterprise grade” before healthcare organizations use it in a commercial environment.
Enterprise grade open source can be used successfully in a healthcare setting because the open source code is taken by a vendor and made secure for enterprise. Enterprise grade open source is what allows open source software to be HIPAA compliant.
“Five or six years ago, organizations were very concerned about security with open source, but the opposite is actually true,” Klein stated. “There are so many people looking at the code that open source code is more secure than a proprietary code.”
“I don’t hear security concerns much anymore and organizations are really looking at open source as a way to secure things better than just having a proprietary environment because there are more people working on it.”
More people working on the source code means that developers can quickly modify the code and improve security after a cyberattack, which allows organizations to be more proactive with their network security.
Why is open source used in healthcare?
Open source is the key to fast health IT innovation that will help healthcare defeat some of its biggest technological challenges, such as interoperability and security. It also gives organizations the opportunity to implement new technology while still using legacy systems.
“Open source allows entities to work with other vendors so when the software is developed, it’s developed to work with everything,” Klein explained. “When organizations deploy open source, it makes it much easier to share data and information and to integrate. Interoperability is all about open source, which is absolutely critical in healthcare.”
Klein compared open source infrastructure to how doctors work together. Doctors collaborate with other doctors and specialists because having more people work on a problem increases the chances of finding a solution quicker.
“The same is true with open source,” said Klein. “There’s multiple people working on a similar problem. It’s a natural fit into healthcare because clinicians understand the open source development model.”
Organizations may implement proprietary IT infrastructure solutions from different vendors. If a new proprietary solution is introduced into an IT infrastructure ecosystem it may not be compatible with the systems already in place, causing major interoperability issues between disparate systems.
Entities cannot afford the time or money it takes to rip out their entire infrastructure and replace it. Open source allows organizations to explore different technology options without needing to replace everything, while only investing in the open source license and the developers they need.
Open source lets healthcare organizations use proprietary solutions where needed and supplement that technology with flexible open source software. This is why carefully considering and planning the future of their IT infrastructure is so important.
Proprietary and open source technologies work together because having access to the source code allows the developer to adjust the open source solution to be compatible with a proprietary solution. Many proprietary vendors understand this type of hybrid infrastructure and develop their products to be able to interoperate with open source software.
Providers need to adopt open source in a way that allows the organization to build on it and take advantage of future technology as well as maintaining legacy solutions that don’t need to be urgently replaced.
Open source also give healthcare organizations more complete control over their IT infrastructure. They have more knowledge as a purchaser than they would if they were buying a proprietary solution. Healthcare organizations benefit greatly from having elevated control over their IT infrastructure solutions because they can build a flexible IT infrastructure around what they currently have in their infrastructure and what they hope to implement in the future.
“Purchasers are in a stronger position if they inspect, and allow others to inspect, the quality of the code,” Reynolds and Wyatt stated in their report.
“If they ensure that the programming code will be easily maintainable and that the data are stored in an established open format so that it will be cheap to get the data out and switch software when needed; and, finally, if they acquire the rights to the code, including the right to take it to another programmer or software company.”
“In general, then, purchasers will be in a stronger position when they buy open source software rather than proprietary software.”
How is open source used in healthcare?
OSEHRA’s Veterans Health Information Systems Technology Architecture (VistA), is one of the largest open source healthcare software systems available. It has been used and improved for over 30 years. According to the AMA Journal of Ethics, VistaA is “among the most extensive EHR implementations available and includes support for inpatient care, outpatient care, and imaging.”
According to OSEHRA, “most current [VistA] distributions pre-date the creation of OSEHRA VistA, which was launched to fill the need for a common reference version of VistA to serve the entire community. Moving ahead, content from these distributions are being integrated into OSEHRA VistA as prioritized by the community.”
OSEHRA embraces the fundamental goal of open source software development in the healthcare industry by absorbing useful distributions into the main VistA source code. OSEHRA continues to include improvements submitted by the VistA developer community.
OSEHRA community groups provide developers with an official place to gather resources, and engage with other developers to ask questions and discuss current source code developments.
Major VistA distributions include FOIA VistA, vxVistA, OpenVistA, and RPMS. These distributions, along with others, provide healthcare organizations seeking specific features with different open-source options.
The healthcare blockchain is also highly dependent on open source development. Several blockchain projects are using open source code and communities to bring blockchain to healthcare in the future.
Hyperledger added its first health IT member, Change Healthcare, to its collaborative blockchain project in May 2017.
"Blockchain is a promising and exciting new technology for secure online transactions," Change Healthcare CTO Aaron Symanski said in a statement. "But it's crucial that healthcare leaders step up to champion innovation to help take blockchain from its early implementations to tomorrow's healthcare IT solutions.”
Blockchain is emerging as a secure way to share clinical data and PHI because it eliminates the need for organizations to trust the entities with which they are exchanging information. However, the technology currently lacks the standardization necessary for widescale healthcare deployment.
Another open source blockchain project, Enterprise Ethereum Alliance (EEA) stated that, “open source framework will enable the mass adoption at a depth and breadth otherwise unachievable in individual corporate silos and provide insight to the future of scalability, privacy, and confidentiality.”
Open source continues to be a staple in health IT infrastructure and plays a large part in the development and improvement of IT infrastructure technology. Open source allows organizations to embrace new technology in a way that is forward-thinking while still compatible with legacy solutions.