The healthcare industry's growing interest in open-source software (OSS) presents both opportunities and challenges. While OSS offers the potential for cost savings, flexibility, and improved interoperability compared with proprietary systems, it raises critical questions about security and operational feasibility.
As the industry navigates a rapidly evolving digital landscape and recovers from one of its biggest cyberattacks, health information (HI) professionals must weigh these factors carefully to determine whether OSS can meet their needs without compromising patient data or organizational integrity.
The Evolution of Open Source
OSS is software with publicly accessible source code. Individuals and companies can inspect, use, modify, and redistribute this code, customizing the program to suit their needs. OSS has been instrumental in shaping digital infrastructure across industries, including healthcare. According to the Health Sector Cybersecurity Coordination Center (HC3), part of the US Department of Health and Human Services, OSS provides the foundational support for every critical infrastructure sector and every National Critical Function.
The roots of OSS trace back to the early days of computing when companies such as IBM bundled free software with hardware. Over time, the rise of software companies shifted the industry toward treating code as intellectual property sold as standalone products. Despite this shift, OSS continued to evolve, driven by milestones like the General Public License in 1989, the launch of Linux in the 1990s, and the creation of GitHub in 2008, accelerating collaboration among OSS developers and users.
“People don't realize that the computers running the internet use Linux, which is open source,” says Aaron Neiderhiser, CEO of Tuva Health, an open-source healthcare data analytics platform based in Salt Lake City. “If you look outside of healthcare, every other industry is using [open source] because it enables this unique go-to-market distribution where users can try out the software, get familiar with it, and join a community of people working to improve it.”
Healthcare’s Open-Source Landscape
Despite its widespread adoption in other industries, healthcare has historically approached OSS with caution, largely due to concerns about security, compliance, and the complexity of implementation. However, there are examples of OSS making inroads into healthcare.
For instance, the US Department of Veterans Affairs initially used an open-source model to enhance its electronic health record (EHR) system. While the VA has since transitioned to a proprietary solution, this example highlights open source’s potential in addressing healthcare challenges.
Various OSS healthcare applications also are available for those wanting to replace traditional EHR, medical billing, and clinical data management systems. But many emerging OSS programs aren’t necessarily seeking to replace closed-source software; instead, they’re aiming to sort through the data already being collected.
That’s because one of OSS’s key strengths lies in its ability to break down data silos and improve interoperability.
Jay Patel, assistant professor and director of the Center for Dental Informatics and Artificial Intelligence at Temple University in Philadelphia, notes that open-source natural language processing (NLP) tools can extract meaningful insights from EHR free-text fields, enabling retrospective data analysis and predictive modeling.
“We’re talking about millions of patient samples—what we call Big Data,” Patel says. These tools allow healthcare organizations to leverage data more effectively, improving care and operational efficiency, he says.
OSS can also simplify the management of complex datasets, such as ICD-10 or SNOMED codes. Suppose a Medicaid-managed care organization providing wraparound clinical and social support services has 50 different terminology datasets that update constantly. With OSS, Neiderhiser says, “You can load all of them directly into your data warehouse, so your analytics team has access to them with a single command,” freeing staff from tedious tasks and streamlining analysis.
Aaron Baum, VP of analytics and economics at Waymark, a Medicaid provider enablement company, says the streamlined data analysis improves care management workflows by identifying care gaps and population trends earlier and guiding interventions. Waymark pairs Tuva’s platform with an internally developed patient relationship manager. “The integration uses APIs [application programming interfaces] for bidirectional data flow with access controls and audit trails,” Baum says. “This architecture helps us combine patient information with processed claims, ADT [admission, discharge, and transfer], and ancillary data while maintaining system security.”
Open-source applications are also increasingly central to public health and research efforts. Patel points out that traditional disease prevalence efforts relied on surveys, which were expensive to distribute and could introduce bias because people with higher socioeconomic status or more resources were more likely to respond. He says that open-source AI tools allow HI teams to analyze vast datasets from EHRs and registries while minimizing bias in the sample. Earlier this year, the Office for Civil Rights (OCR) director Melanie Fontes Rainer urged the healthcare community to prioritize transparency and nondiscrimination when using healthcare AI tools.
Balancing Benefits and Risks
While OSS offers advantages like flexibility and cost-effectiveness, it also introduces challenges. One significant concern is security. Unlike proprietary software, which typically comes with dedicated vendor support, OSS often relies on a community of developers and users for maintenance and troubleshooting. That may be sufficient for some tech-savvy HI and IT departments, but it can prove overwhelming for others already plagued with staffing shortages and without broad OSS expertise.
Additionally, OSS codebases can contain vulnerabilities that may expose patient data. A study by Black Duck found that 73 percent of healthcare, health tech, and life sciences open codebases contained high-risk vulnerabilities. These risks underscore the importance of rigorous security protocols when implementing OSS.
On the other hand, OSS can provide organizations with greater control over their data. Neiderhiser explains that it allows healthcare organizations to retain data within their environment rather than sending it to external vendors. However, he emphasizes that HI leaders should hold OSS platforms to the same security and quality standards as proprietary systems, ensuring the developers are committed to practices like virus scanning and manual code reviews to prevent the release of malicious code.
“From a development standpoint, they [should be] doing all the same things they would be doing if it was private, but they're just doing it out in the open,” he says.
Considerations for HI Professionals
Before jumping into OSS, experts say HI professionals should consider the following:
- Strategic Planning: OSS success requires an interdisciplinary team, so HI staff should work closely with clinicians, IT specialists, and administrators to identify data requirements, desired outcomes, and compliance needs.
- Security Standards: Establishing robust security standards for encryption, access control, and audit logging is crucial before implementation. HI departments may need to establish a dedicated security team to conduct real-time monitoring and address potential threats.
- Data Management: Organizations must implement rigorous data quality controls and maintain diverse, representative datasets for AI model training and testing. "Machine learning will spit out what we put in—garbage in, garbage out,” cautions Patel.
- Organizational Support: Comprehensive staff training programs and ongoing technical support are key. Organizations without the expertise to manage these systems effectively should consider establishing relationships with open-source communities to stay current on changes and updates.
As healthcare continues its digital transformation, OSS applications may become increasingly valuable assets in the HI professional's toolkit—but only if approached with the same rigor and precautions as proprietary systems.
Steph Weber is a Midwest-based freelance journalist specializing in healthcare and law.