Healthcare Driven by Open Source Software

Mahshad Koohgoli

Guest post by Mahshad Koohgoli, CEO, Protecode, and Martin Callinan, director at Source Code Control.

From relieving people of repetitive tasks, to building everything around us that shapes our lifestyle, and on to transformation of volumes of data into new insights and perspectives, software has become the new feedstock for the human evolution. All facets of life are touched by software, and healthcare is no exception.

The Complex Web of Health Industry

The health and social care industry is a highly fragmented and complex industry with medical practitioners, nurses, health professionals, hospitals, clinics, government, and non-government agencies all providing health services.

Martin Callinan
Martin Callinan

The spectrum of healthcare providers range from individual clinicians such as general practitioners to large monolithic entities, such as the National Health Service in the UK, which is the third largest employer in the world today.

Health and social care providers offer a complex and diverse range of facilities and services. By the nature of these services, the healthcare industry is driven by large and varied amounts of data which in turn require varied and complex IT systems to manage this data. Generally, these systems come under the umbrella term of eHealth. While there is no consensus on the exact definition of eHealth, two example definitions are:

“…the cost-effective and secure use of information and communication technologies in support of the health and health-related fields including healthcare, health surveillance and health education, knowledge and research.” –The World Health Organization (WHO)

“…the use of modern information and communication technologies to meet needs of citizens, patients, healthcare professionals, healthcare providers, as well as policy makers.” –The European Commission

Whatever way people choose to define eHealth, it generally encompasses:

eHealth Software Complexity

Software complexity is increasing with no end in sight as today’s code becomes the foundation for tomorrow’s more complex functionality. Historically, healthcare organizations have created platforms to manage these solutions fairly autonomously, both within individual organizations and industry wide. Quite often, these systems were procured at significant expense from software vendors who lock them into solutions that restrict innovation, stifle diversity, and have little ability to be re-used.

In the past, developing all software internally was a point of pride for many organizations. Today, the complexity of modern software, coupled with the pressures to release applications and products on tight deadlines, has made delivering projects that rely exclusively on internal code development almost impossible. Increasingly, organizations are turning to commercial third party code, code brought in from outsourcers and contractors, and open source software (OSS) to accelerate development and reduce costs.

For one minute, let’s compare this approach to the automotive industry – in the early days of car manufacturing, car models were largely custom made. In more recent times, automotive manufacturers have developed “platforms,” commonly re-used across companies and continents. This gives them the ability to re-use existing components and enables greater flexibility – a new model is no longer a completely new design and as a result costs are significantly reduced.

The same approach is now being applied to eHealth systems and with the emergence of open source software there is a shift to adopt open systems, open platforms and open data. These solutions are developed efficiently without licence restriction where the code can be shared and re-used across the public and private healthcare industry.


A great example of this repurposing is an initiative launched recently by NHS England called Code4Health.

Code4Health is a resource used by healthcare professionals and providers of services to deliver better patient outcomes. It provides a platform for clinicians to come together with IT suppliers to identify and experiment with the systems in their Trusts and develop new functionality and products or solutions that they can potentially deploy.

Code4Health is currently piloting “App In a Day” where individual clinicians are being trained and encouraged to play an active role in the development of apps or even develop their own apps using LiveCode.

Overtime, the goal of the NHS is to:

Managing Open Source and Other Third-party Content

Clearly, there are huge benefits to be gained from this approach, but it is not without its risks. Along with the advantages realized by using third party code, there are a few challenges that can arise. Governing the quality, security, licensing, and intellectual property (IP) ownership attributes are imperative in avoiding risks and potential downstream costs of using third party software. Last year Community Health Systems Inc. lost data related to 5.4 million patients which could end up costing the health system between $75 and $150 million. This data breach leveraged the bug Heartbleed to access VPH log-in credentials.

The process of managing third party content in a code base can be time-consuming and resource intensive, and an understanding of the effort associated with this exercise is the first step in optimizing the process and mitigating the costs. This highlights a need for a governance program to underpin Open Source initiatives. For example, the NHS has created a custodian model for Code4Health and will have “code custodians” to manage the risks of OSS and make the adoption of OSS based solutions easier for less technically proficient trusts.

A study of common practices deployed at software organizations, concerning adoption of open source and other third party software components, has revealed a pattern consisting of a number of necessary as well as some discretionary steps.

Originally coined as Open Source Software Adoption Process (OSSAP), this process is equally applicable to any third party software that is deployed and used in a project within any organization.

Eight steps are identified in a structured open source adoption process.

The purpose of steps 2-7 is that all the code that could potentially end up in a project is logged and approved in that it satisfies the project IP, security, and exportability policies. By the time the final application is built at step 8, there will be no surprises if steps 2-7 are diligently followed.


There is a significant opportunity to advance the calibre of healthcare by applying intelligent software solutions to electronic health records, delivery of consumer health information, and the provision of mobile and virtual health services. Leveraging open source software and drawing on the associated groups accelerates the identification and development of healthcare applications, creates a level playing field for all ecosystem communities, and allows the sharing and re-use of efforts across a wide range of healthcare domains and geographies. The distributed and crowd-based nature of the open source development can be managed by applying a structured open source software adoption process that will ensure quality, security and legal compliance to the re-use obligations inherent in any open source code.

Mahshad Koohgoli has more than 25 years’ in the technology industry, with a specialty in technology start-up businesses, having successfully managed three companies from the ground up. Currently, Mahshad is the CEO of Protecode, a provider of open source license management solutions, headquartered in Canada. For more information, visit

Martin Callinan has more than 20 years’ experience in the software industry with a focus of software asset management, IT governance and risk avoidance. He is currently the director at Source Code Control. For more information, visit:

One comment on “Healthcare Driven by Open Source Software”

Write a Comment

Your email address will not be published. Required fields are marked *