Open Source, Open Standards, Open Minds: How the Shifting Standardization Landscape May Impact Health IT

By Liz Neiman

The US Department of Commerce’s International Trade Administration just released a staggering statistic. According to their latest research, up to 93 percent of global trade is impacted by standards and technical regulations.1

Feel free to trot that number out the next time someone tells you that standards are boring, or that they don’t matter.

And because standards are so very important to the global economy, the American National Standards Institute (ANSI) keeps a close watch on issues and challenges that affect the standardization community, the way standards are developed, and the way that standards developing organizations (SDOs) do business.

Over the past year, ANSI staff has heard from a number of ANSI’s members—primarily those in the information and communications technology (ICT) sector—that open source is a huge issue. The open source model of software development makes source code freely available, and permits wide distribution and modification by any interested party. This stands in contrast to the “traditional” development model for voluntary consensus standards, where a balanced group comes together, reaches consensus, and publishes a fixed standard that is revised on a predetermined schedule. With this contrast in mind, some have described the rise of the open source model as a problem, as a challenge, or even as a threat. But most describe it as an opportunity, as a successful collaboration between tradition and innovation, and even as the inevitable next step for the business of writing specifications.

To help get to the bottom of this issue, ANSI hosted a free conference in Washington, DC, on April 15, 2016. The event was called “Open Source, Open Standards, Open Minds,” and brought together over 140 industry professionals from government, industry, business, academia, and consumer groups—including AHIMA staff and several stakeholders from the health IT and medical device sectors.

Two partners joined ANSI in planning the conference; American University and George Washington University Law School. Presentations and photos from the event can be found at

While there were clearly some specific challenges outlined throughout the course of the day, the prevailing sentiment was one of collaboration and acceptance. In a world where even your toaster is “smart,” the notion that one can divorce software code from standards is unrealistic. To move forward, the focus should be on how the traditional standards development community and the open source community can best work together.

During the first panel of the day, attendees heard directly from the manufacturers and service providers that are already being impacted by the co-mingling of open source and standards, including Intel, Microsoft, and the Pacific Northwest National Laboratory. When it comes to the intersection and interaction between open source and traditional standards, panelists felt that people tend to get wrapped up in the legal issues and licensing, but it’s really about organizational culture. Each organization, each company, each agency should ask itself, “Is this the type of organization that can embrace open source solutions?”

And when it comes to standards and open source working together, panelists found that technical interoperability is almost never the problem. Rather, the roadblocks come from borders, semantics, people, organizational culture, and business models.

Finally, panelists described open source as synonymous with innovation and continuous improvement. But some areas of industry prefer solutions that have long-term stability to protect their investment, particularly in risky fields like cybersecurity. Doubtless, the same is true of the health IT and medical device fields, where functional and effective equipment can truly be a matter of life and death.

The second panel brought together SDOs and consortia that have already “hybridized” their efforts and are working effectively in both the traditional standards development and open source environments. Panelists from the Internet Engineering Task Force (IETF), OASIS, and W3C were unanimous in stating that standards and open source have already been working well together. In their view, it’s all about implementation and which solution or solutions are right for the product, service, or scenario.

In terms of the practical aspects of specification development, panelists noted that Github, a free software project hosting service, is like Facebook for the open source community—everyone is using it. They felt that the standards industry may see a transition to a Github-like approach in traditional standards development as well, where contributors work remotely and in real time to collaboratively edit a specification.

Finally, if the traditional standards community wants to move faster, one panelist suggested that SDOs look even beyond Github to other aspects of the open source model. But another panelist suggested some caution for SDOs here. Part of what allows the open source model to move quickly is the ability for parties in disagreement about the best technical solution to simply “fork” the specification and simultaneously try out two or more different approaches. For some, this can result in a great deal of confusion and extra effort, which may be frustrating to the “traditional” standards community that is accustomed to building consensus up front.

The third and final panel looked at how organizations’ intellectual property rights (IPR) policies and business models have been impacted by hybridization. Panelists from Qualcomm, the law firm Choate Hall & Stewart LLP, and the Open Connectivity Foundation (OCF) acknowledged that this is quite a thorny issue, given the importance of copyright assertions and patent policies, both to SDOs and manufacturers/implementers.

As with most issues in the standardization community, it’s fair to say that one size does not fit all here. Patent issues are complex, and different organizations are using different approaches to this challenge. While the Apache 2.0 license is common in the open source community—you can do what you like with the software as long as you include the required notices—there is no one best practice that has yet emerged across all organizations. Panelists cautioned SDOs to examine the issue carefully, and to review their IP and patent policies closely in light of how their model for standards development may shift to embrace open source.

Beyond IP issues, panelists also discussed the business models that make different types of standards development work possible. Some “traditional” SDOs are structured in such a way to keep membership costs low. This way, they can be sure to get a broad, balanced group of participants. Then, to keep the operation going, they sell the resulting standards. Open source flips this concept on its head. The end product—the software, the code—is free. But in many cases, to be part of its development you may have to pay, and sometimes the fees are steep.

Panelists noted that there is definitely some tension surrounding this issue within the standardization community, especially for those organizations that work in both environments. Interestingly, building on this point from the corporate side, presentation attendees heard that there is sometimes also tension between different internal teams. For example, an IT company might have a whole department that works through standards developers, and another separate department that works in the open source environment. Sometimes those departments are effective communicators, sometimes they might as well be strangers, and other times they are actively at odds.

Each SDO, each company, and each industry sector is taking a different approach to this challenge. Some are clearly focusing on traditional standards development. Others are focused on open source. And most likely fall somewhere in the middle, with feet in both camps, watching to see how the development environment evolves.

That’s certainly true of the health IT space, where interoperability has been and continues to be a tremendous challenge. Of course, health IT involves a vast number of actors, from medical teams to hospital administrators to equipment manufacturers to service providers to insurance companies to patients. Each of these has particular needs, and regulatory matters also come into play in a significant way. It’s vastly complex, and while great strides have certainly been made over the past decade, much more remains to be done.

ANSI staff certainly found this to be true when the organization administered the Healthcare Information Technology Standards Panel (HITSP), along with ANSI’s strategic partners the Healthcare Information and Management Systems Society (HIMSS), the Advanced Technology Institute (ATI), and Booz Allen Hamilton. HITSP was founded in 2005 under a contract with the US Department of Health and Human Services (HHS), and concluded work in 2010. HITSP’s efforts were focused on advancing electronic health records so that patients and their doctors would have electronic access to records no matter where treatment was delivered. Open source was not as prevalent then, but HITSP definitely had a clear focus on supporting widespread interoperability among healthcare software applications. With today’s open source and hybrid approaches, surely much more is possible.

When it comes to the future of health IT standardization, the innovative approaches currently in play throughout the ICT sector will have a significant role. Here in the US there are already both government mandates and multiple public-private standardization partnerships in place. And many health IT standards have been broadly adopted, at least by those looking to take advantage of the Centers for Medicare and Medicaid Services’ “meaningful use” EHR Incentive Programs. The next big leap forward will likely come from some private sector innovation, and maybe even by someone reading this article today.


[1] Okun-Kozlowicki, Jeff. “Standards and Regulations: Measuring the Link to Goods Trade.” US Department of Commerce. June 2016.

Liz Neiman ( is senior director of communications and public relations for the American National Standards Institute (ANSI). ANSI is the coordinator of the private sector-led US standardization system.

Article citation:
Neiman, Liz. "Open Source, Open Standards, Open Minds: How the Shifting Standardization Landscape May Impact Health IT" Journal of AHIMA 87, no.11 (November 2016): 24-27.