Governance Deep Dive

Interoperability With Accountability

Healthcare has made significant progress on technical interoperability. Data moves between systems more readily than ever. What travels less reliably is governance context: the consent, provenance, and responsibility that make data usable and accountable. This page examines what must travel with data for systems to remain accountable across boundaries.

The Context

Why Technical Interoperability Is Insufficient

FHIR adoption, API standards, and shared infrastructure have reduced the friction of moving data between systems. This is genuine progress. But technical interoperability solves only part of the problem.

When data crosses a boundary, questions arise that APIs do not answer. What consent authorised this data to move? Where did it originate, and how has it been transformed? Who is responsible for acting on it now? These are governance questions, and they require governance answers.

Systems that exchange data fluently can still fail to exchange the context needed to use that data safely. A receiving system may not know whether the data it receives is authoritative or derived, current or stale, consented for its purpose or not. Technical success masks governance failure.

Signal: When systems can exchange data but not accountability, interoperability creates new risks rather than eliminating old ones.

The Gaps

What Gets Lost at Boundaries

Four categories of governance context are routinely lost or degraded when data crosses system boundaries.

Consent Context

The consent that authorised data collection does not reliably travel with the data. Receiving systems cannot verify what purposes are permitted, what restrictions apply, or whether consent remains valid. They proceed on assumption rather than evidence.

Provenance Chain

Data lineage degrades through transformation, copying, and aggregation. Receiving systems cannot trace data to its authoritative source or understand what processing has occurred. Trustworthiness cannot be assessed.

Responsibility Transfer

When data moves, responsibility for acting on it should transfer explicitly. Instead, responsibility is often assumed rather than acknowledged. Gaps emerge that are invisible until something goes wrong.

Clinical Context

The clinical intent behind data capture, the conditions under which it was recorded, the qualifications attached to it. This context is often lost when data is extracted from its original system.

Each gap creates risk. Consent gaps create legal and ethical exposure. Provenance gaps undermine clinical confidence. Responsibility gaps create accountability vacuums. Clinical context gaps lead to misinterpretation.

These gaps are not visible in integration dashboards or API metrics. They become visible in incidents, complaints, and audit findings.

Signal: Integration success measured by data flow volume masks governance failure measured by accountability gaps.

The Requirement

Governance Continuity

The alternative to governance loss is governance continuity: ensuring that when data crosses a boundary, its governance context travels with it.

Governance continuity does not require every system to implement identical governance. It requires systems to communicate governance context in ways that receiving systems can interpret and act upon.

What Must Travel

Consent assertions: what purposes are authorised, what restrictions apply, what the expiry conditions are. Not copies of consent forms, but machine-readable assertions that can be evaluated at point of use.

Provenance chains: where data originated, what transformations have occurred, what systems have handled it. Not complete audit logs, but sufficient lineage to establish trustworthiness.

Responsibility markers: who is currently responsible for acting on this data, what acknowledgement is required from receiving parties. Not organisational hierarchies, but clear accountability at the point of handover.

Clinical qualifications: what context is needed to interpret this data correctly, what limitations apply. Not complete clinical narratives, but essential context for safe use.

How It Works

Governance continuity requires governance context to be structured, portable, and evaluable. Consent must be queryable, not just documented. Provenance must be traceable, not just recorded. Responsibility must be explicit, not just assumed.

This is a higher bar than current practice. It requires governance to be designed into data exchange, not bolted on afterward. The investment is upfront; the return is downstream, in reduced risk and increased confidence.

Signal: Governance continuity means the rules travel with the data. Without it, every boundary crossing is a potential accountability gap.

The Architecture

Layers of Accountable Interoperability

Accountable interoperability requires three layers working together. Most current architectures address only the first.

Technical Layer

Data formats, APIs, transport protocols. FHIR, HL7, REST. This layer enables data to move. It is necessary but not sufficient.

Semantic Layer

Shared meaning, terminologies, data models. SNOMED, ICD, consistent representations. This layer enables data to be understood.

Governance Layer

Consent, provenance, responsibility, clinical context. This layer enables data to be used accountably. It is often missing.

The technical layer has received significant investment. API standards are maturing. FHIR adoption is growing. Data moves more easily than ever.

The semantic layer has received moderate investment. Terminology standards exist. Mapping challenges remain, but progress is real.

The governance layer has received insufficient investment. Consent is captured but not portable. Provenance is recorded but not maintained. Responsibility is assumed but not explicit. This is where the gap lies.

System-of-Systems Thinking

Accountable interoperability requires thinking at the system-of-systems level, not just the integration level. Individual integrations can be technically successful while the overall system fails to maintain accountability.

This requires governance to be designed as infrastructure, not as a feature of individual integrations. The governance layer must span systems, not sit within them.

The Implications

What This Means for Different Actors

For Architects

Design governance into data exchange from the start. Treat consent, provenance, and responsibility as first-class elements of integration architecture, not afterthoughts. Evaluate integrations against governance continuity, not just data flow.

For Integration Teams

Understand that successful data exchange is not the same as successful integration. Ask what governance context needs to travel with data. Build mechanisms to maintain that context through transformation and routing.

For Governance Leads

Engage with integration architecture, not just integration outcomes. Ensure governance requirements are specified before integrations are built. Develop standards for governance context that can be implemented across systems.

For Clinical Safety Officers

Recognise that integration introduces new hazard surfaces. Data that moves without governance context can be misused in ways that static data cannot. Assess integrations for governance continuity, not just data integrity.

For System Leaders

Invest in the governance layer as seriously as the technical layer. Recognise that interoperability without accountability creates new risks. Measure integration success by accountability maintained, not just data moved.

Related

How This Connects

Interoperability with accountability operates at the system-of-systems level. It builds on the Seven Flows framework and connects to questions about how governance compounds across boundaries.

These pages describe governance as infrastructure: capabilities that compound when shared, and reset when rebuilt.

Governance Infrastructure

The parent framework for shared governance foundations

The Seven Flows

Governance invariants including Provenance and Alert & Responsibility

Shared Foundations

What must be shared for governance to compound

Assurance at Scale

How clinical safety assurance operates across systems
Common Questions

Frequently Asked Questions

Why is technical interoperability insufficient for healthcare?

Technical interoperability enables data to move between systems. It does not ensure that the governance context—consent, provenance, responsibility—moves with it. Systems can exchange data fluently while losing the information needed to use that data safely and accountably.

What is governance continuity?

Governance continuity means that when data crosses a boundary, its governance context travels with it. The receiving system knows what consent authorised the data, where it originated, how it has been transformed, and who is responsible for acting on it. Without governance continuity, accountability gaps emerge at every boundary.

What happens to provenance when data crosses system boundaries?

In many current architectures, provenance degrades or is lost entirely at system boundaries. Data is copied, transformed, or aggregated without maintaining lineage. Receiving systems cannot verify whether data is authoritative, derived, or stale. Clinical decisions are made on information whose trustworthiness cannot be assessed.

How does responsibility transfer work in integrated care?

When a patient moves between settings or organisations, clinical responsibility must transfer explicitly. In well-governed systems, the transfer is acknowledged by both parties, timestamped, and auditable. In poorly-governed systems, responsibility is assumed rather than transferred, creating gaps that are invisible until something goes wrong.

Building Accountable Integration?

We work with architects and integration teams on governance continuity that makes interoperability truly accountable.

Book a discovery call