Data Exchange Vendor Metriport Adopts Open Source

Andy OramMetriport is addressing a problem similar to other IT companies in health care—a service to ingest and clean patient data for tasks such as providing care summaries during a patient transition—but is doing so in a very unusual way: through an entirely open source service. Because the choice to go open source is so central to their business model, I will discuss the importance of free and open source software in health care, then explain Metriport's service.

What Free and Open Source Software Can Do for Health Care

Free and open source software (often called OSS, FOSS, or FLOSS) offers many advantages. Most notably, the software stays around after the original programmers have left the project, whereas proprietary software can be shut down with a minimal grace period. If you encounter a bug in free software, you can hire a programmer to fix it instead of waiting for the vendor to find the time. You can have more influence over the direction of the project.

In a field that depends on interoperability as much as health care, free and open source software provides the major benefit of creating a de facto standard. A good format can be used by many different tools, all of which work together automatically without the need for the grueling conversion efforts so many companies go through in health care.

Also notably, you are protected from price-gouging (It can cost a billion dollars to install a proprietary EHR). And although a lot of software costs involve maintenance, a requirement for both open source and proprietary software, you are more likely to find experts at a reasonable price if you use a popular open-source project.

Metriport has justified their own choice to release their code as open source in a blog posting. A long article of mine lays out the history and philosophy of open source in health care, so I will defer to these two articles for more background.

Metriport Team Photo

There are several reasons why open source has made little headway in health care. Some organizations that promoted open source were unappreciated and denied financial support from the health care organizations that would have benefitted from the projects. Some open source projects made missteps: Most importantly, the historic VistA project from the US Department of Veterans Affairs remained stuck in an eccentric development model that didn't meet the needs of other open source developers or potential customers outside of the department.

But two major factors stand in the way of open source today. The first is difficulty of making money when anyone is free to download and use the software—and also to offer support or build new features on top of your software with no benefit to your business.

The second factor is the popularity of online, cloud-based offerings, which were dubbed Software-as-a-Service (SaaS) some time ago. An online service can use open source software, but doing so provides no benefit to the client over using proprietary software.

Now we'll turn to Metriport's ways of handling these factors.

Metriport's Data Service and Business Model

Dima Goncharov, co-founder and CEO of Metriport, says that data exchange is still clogged by obsolete and incompatible technologies; medical summaries and release notes are often still sent by FAX. A person entering hospice can die before they receive the treatment that can extend their life, merely because the necessary medical information failed to come in time from the doctors.

Dima GoncharovMetriport, like similar tools in the marketplace, ingests data, converts it to a common format, and performs some data cleaning operations such as deduplication. The common format is based on FHIR and JSON, the current standards.

A typical operation improving the data, according to co-founder and COO Colin Elsinga, is to look at an ICD or LOINC code and retrieve a plain text description of the diagnosis that is inserted into the patient record.

Metriport secures its platform through Oneleet's penetration testing, a cybersecurity platform used by major companies to ensure security. Naturally, Metriport is externally audited and is compliant with HIPAA and SOC 2 Type II requirements. They point out that the open source code permits any expert anywhere to check for security flaws.

All the code is open source and available on GitHub under the GNU Affero General Public License, version 3. Practically, this means that anyone can install the code on their own systems and even run their own service to compete with Metriport. But any code changes they make, if they offer the service to others, must be offered back to the central repository so that others can benefit from the changes, if they choose.

How, then, does Metriport appeal to customers and make money? Essentially, they can do a better job cleaning the data than their clients. Metriport has the online resources to run its tools, and the human expertise to intervene as necessary.

This should be the future of data exchange in health care. We've been waiting decades for proprietary vendors to provide standardized data; let's go the open source route.

About the Author

Andy Oram is a writer and editor in the computer field. His editorial projects at O'Reilly Media ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. Andy also writes often on health IT, on policy issues related to the Internet, and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM (Brussels), DebConf, and LibrePlanet. Andy participates in the Association for Computing Machinery's policy organization, USTPC.