The API Illusion: Why Health Interoperability Is Stuck in Yesterday's Thinking

The Uncomfortable Truth

The health technology industry has a consensus problem. Everyone agrees that interoperability is the answer. Everyone agrees that FHIR is the standard. Everyone agrees that APIs are the mechanism. And everyone is wrong. Not about the destination, but about the depth of the problem.

We are investing enormous sums in yesterday's technology. APIs aren't bad. But we've confused the ability to move data with the ability to move care. These are fundamentally different problems, and only one of them matters to patients.

The current approach to health interoperability treats healthcare like an engineering problem: connect System A to System B, map the data, validate the schema, confirm receipt. Job done. Except it isn't. Because healthcare isn't a data problem. It's a responsibility problem. And responsibility doesn't travel through an API.

What APIs Actually Solve

Let's be precise about what point-to-point API integration gives us.

Even a well-implemented FHIR API solves only data exchange. It answers the question: can I get a piece of clinical information from one system to another? That's a necessary capability. It's also a solved problem. HL7v2 solved it in 1987. FHIR solves it more elegantly. But solving it again, with better syntax and RESTful semantics, doesn't address the failures that actually harm patients.

When a GP refers a patient to a specialist, what needs to happen isn't a data transfer. It's a transfer of clinical responsibility. That transfer must be bounded, auditable, consent-governed, and reversible. The referring clinician needs to know the specialist has accepted responsibility. The specialist needs to know the clinical intent behind the referral, not just the diagnosis code. The patient needs to know who is responsible for their care at every moment. And the system as a whole needs to know that the chain of accountability is unbroken.

None of this is an API problem. All of it is an architecture problem.

The Seven Failures of API-First Thinking

When we look at the real-world failures in health data exchange, the ones that lead to patient harm, duplicated care, dropped referrals, and regulatory breaches cluster around seven distinct domains. Not one of them is solved by better APIs.

1. Identity Without Context

APIs can pass an NHS number. They cannot propagate the certainty of an identity match, the provenance of the demographic data, or the governance conditions under which identity was verified. Cross-organisational identity isn't a lookup. It's a chain of trust. When a patient moves between organisations, the receiving system needs to know not just who the patient is, but how confident the sending system was in that identification, and under what authority it was established.

2. Consent That Doesn't Travel

Patient consent is not a boolean. It's a dynamic, contextual, revocable grant with scope, duration, and conditions. Current interoperability approaches treat consent as a gate. You have it or you don't. They don't treat it as a flow that must propagate across organisational boundaries in real time. When a patient consents to share data with their insurer for a specific claim, that consent has boundaries. Those boundaries must travel with the data, be enforceable at every node, and be auditable after the fact. APIs don't carry consent semantics. They carry data with a flag.

3. Provenance That Stops at the Boundary

Where did this data come from? Who created it? Under what clinical context? Was it manually entered, device-generated, algorithmically derived, or copied from another record? Provenance isn't metadata. It's clinical safety information. A blood pressure reading entered by a consultant during a face-to-face examination carries different clinical weight than one uploaded from a consumer wearable. Both are valid FHIR Observations. Both look identical in an API response. Only one should trigger a prescribing decision.

Current interoperability standards can encode provenance. The infrastructure doesn't enforce it. The difference is everything.

4. Clinical Intent Lost in Translation

A referral carries intent. A diagnostic request carries intent. A prescription carries intent. But API-mediated exchanges strip intent down to structured codes. SNOMED terms, ICD classifications, OPCS procedure codes. These capture what but not why. The clinical narrative, the reasoning chain, the differential diagnosis that informed the request: all of this is either lost in translation or buried in unstructured free text that the receiving system cannot act on.

This is not a vocabulary problem. It's an architectural failure. We've built systems that can transmit a request without transmitting its purpose.

5. Responsibility Without a Chain

Here is the central failure of API-first health interoperability: at no point in a standard FHIR exchange is there an explicit, auditable, timestamped transfer of clinical responsibility from one organisation to another.

Think about what that means. A hospital can send a discharge summary to a GP practice. The API confirms receipt. But receipt is not acceptance. The GP hasn't acknowledged they've read it, agreed with the care plan, or accepted ongoing responsibility for the patient's medications. The patient exists in a governance vacuum. Technically discharged. Technically notified to primary care. Actually under nobody's active responsibility.

This gap kills people. Not in dramatic, visible ways. In slow, administrative ways. Missed follow-ups. Duplicated tests. Medication errors during handover. Referrals that sit in queues until they're clinically meaningless.

6. Routing That Doesn't Understand Services

Current interoperability treats routing as an addressing problem: send this message to this endpoint. But healthcare service routing is a clinical decision. It depends on capacity, capability, geography, commissioning arrangements, patient preference, urgency, and the clinical pathway being followed. An API endpoint tells you where data can go. It tells you nothing about where data should go, or whether the receiving service can actually act on it.

The NHS's own experience with e-Referral demonstrates this: technically interoperable, practically dysfunctional, because routing a referral to an endpoint is not the same as routing a patient to the right care.

7. Outcomes That Never Close the Loop

The final failure is that APIs are overwhelmingly unidirectional in practice. Data flows from A to B. What happens at B, the outcome, rarely flows back to A in a structured, actionable form. The referring clinician doesn't know what the specialist found. The commissioning body doesn't know whether the intervention worked. The system as a whole cannot learn because the feedback loop is broken.

We have built a healthcare data infrastructure optimised for sending and indifferent to knowing.

The Real Architecture Problem

These seven failures aren't implementation bugs. They're design constraints of an API-centric architecture. When you start from the premise that interoperability means connecting systems, you inevitably build infrastructure that connects systems. The problem is that healthcare doesn't need connected systems. It needs governed flows.

The distinction is fundamental. A connected system moves data between endpoints. A governed flow moves responsibility between organisations, with identity, consent, provenance, intent, accountability, routing logic, and outcome tracking built into the flow itself. Not bolted on afterwards.

This is the difference between plumbing and architecture. The health technology industry has spent two decades perfecting the plumbing. It hasn't started on the architecture.

Why We Keep Investing in Yesterday

The gravitational pull toward API-first thinking is significant, and it's worth understanding why.

Familiarity. The technology industry knows how to build APIs. Every developer, every platform, every procurement framework understands them. API-first interoperability fits existing skills, existing vendor capabilities, and existing commissioning models. It's comfortable.

Measurability. APIs produce satisfying metrics. Endpoints connected. Messages exchanged. Uptime percentages. These are easy to report, easy to procure against, easy to celebrate. The fact that they measure activity rather than safety is quietly ignored.

Vendor incentive. The current interoperability model is enormously profitable for technology vendors. Every point-to-point connection is a project. Every project needs a team. Every team needs a contract. The architectural complexity of the current approach is a feature, not a bug. At least for the supply chain, if not for patients.

Regulatory inertia. Standards bodies and regulators have invested heavily in the current paradigm. FHIR is good. HL7 governance is rigorous. The specifications themselves aren't the problem. The problem is that the ecosystem treats the specification as the destination rather than the foundation.

The result is an industry that is technically advancing while architecturally stagnating. We're building faster, more elegant, more standards-compliant versions of an approach that was insufficient when it was first conceived.

What Advantage Looks Like

An interoperability architecture that actually advantages the health system would look fundamentally different from what we're building today.

It wouldn't start with APIs. It would start with flows. The seven domains of governance that every inter-organisational clinical interaction requires. Identity. Consent. Provenance. Clinical Intent. Alert and Responsibility. Service Routing. Outcome. These aren't nice-to-haves. They're the minimum viable governance for safe care transfer.

It would treat compliance as infrastructure, not overhead. Clinical safety standards like DCB 0129 and 0160 wouldn't be documentation exercises performed after the system is built. They'd be embedded in the architecture. Continuous, automated, and auditable. The system wouldn't just claim to be safe. It would prove it, continuously, in production.

It would adopt data mesh principles. Not as a buzzword, but as a recognition that health data is domain-owned, not centrally managed. Each clinical domain owns its data products, publishes them through governed interfaces, and retains accountability for quality, timeliness, and clinical accuracy. The alternative, centralised data platforms that aggregate everything and govern nothing, has been tried. It produces data warehouses, not interoperability.

It would be event-driven rather than request-response. Healthcare is asynchronous. A patient's journey generates events over days, weeks, months. An architecture built on synchronous API calls cannot model this reality. Events can be subscribed to, filtered, routed, and audited in ways that request-response interactions cannot.

And it would close the loop. Every flow that begins, every referral, every transfer, every diagnostic request, would have a defined completion state. Not just sent and received, but acted upon, outcome recorded, responsibility confirmed. The system would know, at any moment, where clinical responsibility sits for any given patient interaction.

The Cost of Waiting

There's a temptation to treat this as a future problem. Something to solve after we've finished connecting the existing systems. That temptation should be resisted.

Every API integration built on the current model embeds the current model's limitations. Every procurement that specifies point-to-point FHIR connectivity without governance flows creates technical debt that will need to be unwound later. Every year we spend optimising yesterday's architecture is a year we're not building tomorrow's.

The private healthcare and insurance sectors are beginning to recognise this. When a patient moves between an insurer, a digital triage platform, a specialist, and a rehabilitation provider, the API-first model requires bespoke integration at every junction. The governance model, who's responsible, what was consented, what was the clinical intent, is either manual or missing entirely. At scale, this is unsustainable.

The NHS, with its sheer complexity and regulatory burden, needs this even more urgently. But the procurement cycles are longer, the installed base is larger, and the political appetite for architectural change is limited. Which is precisely why the private sector will get there first, and the NHS will follow the proven model rather than pioneering one.

An Invitation, Not a Sales Pitch

We're not suggesting that APIs should be abandoned. They're a necessary transport layer. We're suggesting that transport isn't enough. The health system deserves infrastructure that governs the movement of clinical responsibility, not just the movement of data.

This requires different thinking. Not better APIs, but better architecture. Not more connections, but more governance. Not faster pipes, but smarter flows.

The technology exists. The standards exist. The clinical safety frameworks exist. What's been missing is the architectural commitment to put them together in a way that actually serves patients, clinicians, and the organisations that carry clinical risk.

That's what we're building. Not another integration layer. Not another API gateway. A responsibility infrastructure for healthcare, where every clinical interaction is identity-verified, consent-governed, provenance-tracked, intent-preserved, responsibility-assigned, intelligently-routed, and outcome-measured.

Because patients don't need their systems connected. They need their care joined up. And those are very different things.

Inference Clinical builds infrastructure for inter-organisational responsibility transfer in healthcare. Our platform implements the Seven Flows governance architecture with continuous clinical safety compliance, designed for organisations that understand the difference between connecting systems and governing care.

Julian Bradder

Founder & CEO, Inference Clinical

30 years in digital transformation, cloud infrastructure, and clinical safety. Architect of the Seven Flows governance framework. Full bio