As healthcare finally connects, the real question becomes trust
Digitization of health records was only a first step. The industry now struggles with the trust component of exchanging medical information.
When the world changes, it rarely announces itself with a parade.
More often, it starts in a small room — a handful of idealists leaning over a table, arguing about first principles, trying to name what’s broken and what could be rebuilt. Jared Jeffery captured that feeling perfectly in a recent post about Utah and digital self-sovereignty; he notes how the world’s biggest shifts can begin in places that look almost too small to matter – a room, a table and a conviction that the future has to be better. (Here’s the post: small room of idealists.)
That framing is crucial, because something similar is happening right now in healthcare — and it’s easy to miss it if you’re only watching the headlines.
The headlines will tell you that we’re in an AI moment, and we are. But the more interesting truth is what sits underneath it – healthcare is entering a trust moment.
All one has to do is take notice of the onslaught of legal swats being taken between Epic and the rest of the industry. At the core of all those legal punches is the absence of trust.
Now back to my small room, idealists and world-change narrative.
I saw this clearly during a recent roundtable conversation at the State of Utah-sponsored gathering of international leaders who are seeking to scale trust across digital sharing ecosystems, including those in healthcare. These summits named for their core intents and deep contributions to driving trust need to be known. SEDI stands for State Endorsed Digital Identity, and KERI which stands for Key Event Receipt Infrastructure.
These two back-to-back events represent a movement that this author is predicting will encompass the world as distrust and discord in digital coordination continues to grow. This is THE challenge of our generation.
During the events, several healthcare-focused panel discussions were held. This article and two more that will follow focus on the core elements of a key panel discussion that took place between key leaders inside and outside of healthcare, namely Ryan Howells of Leavitt Partners, Scott Stuewe of DirectTrust, Karla McKenna of GLEIF and Jared Jeffery of healthKERI. They weren’t debating whether healthcare can connect. They were debating whether healthcare can connect trustworthily at the scale we’re about to demand.
That difference — connect vs. trust — is the entire story.
We haven’t scaled the trust
To understand why this is happening now, you have to zoom out.
Over the last 15 years, U.S. healthcare did something historic. We converted paper into digital form at national scale. Howells described the early reality in plain terms — file folders behind the front desk, then billions of dollars in incentives to move those folders into electronic health records. The result today is obvious: the data is digital, and the systems are everywhere.
But we made a critical tradeoff without fully recognizing it. We digitized the record without building a scalable infrastructure for trusted exchange. We created modern databases, then tried to move data between them using fragile trust assumptions and inconsistent mechanisms.
In Howells’ words, it started with something like, “I know you, I trust you,” and then scaled into billions of transactions in an ecosystem that doesn’t actually behave like trust at scale.
The next chapter demands identity
The 21st Century Cures Act pushed the industry toward APIs, modern access and information blocking enforcement. It also expanded the number of actors who can legitimately request data — patients, providers, payers and innovators who are authorized to act on behalf of patients.
But that expansion surfaces a brutally practical question. When data starts moving more freely, how do you prove the identity of the actor making the request? It’s easy to underestimate how foundational that question is.
Stuewe expanded this by saying that identity assurance sits at the center of successful transactions. You can’t modernize exchange if you can’t reliably answer basic questions, such as, Who is this organization? Who is this person? What are they authorized to do? And are they acting in the manner they claim? That is the shift we have not solved.
The digital world meets the real world
At a technical level, healthcare already has trust mechanisms. Some networks use certificates; some systems lean on directories; and some rely on enrollment processes.
But the panel’s point wasn’t that trust doesn’t exist in pockets. The point was that it doesn’t scale cleanly across networks, use cases and identities, especially as we expand beyond “treatment-only” exchange into broader purpose-of-use categories like payment, operations and consumer-directed access.
In other words, healthcare has trust fragments. It doesn’t have a trust layer.
If you’re a health data leader, you know the consequences. When trust fragments, the system fills the gaps with friction. This can include manual verification, redundant onboarding, unclear authorization pathways; and the quiet expansion of legal exposure. There’s a constant fear that the network is doing something you can’t see.
This is why the conversation has shifted and why identity is suddenly central (both organizational identity and individual identity). The panel's core argument was that you can’t stop at individual identity. Healthcare also needs something it’s never fully had at scale – verifiable organizational identity.
The missing half of the equation
In healthcare, the organizational identity problem is not theoretical. Stuewe made it painfully concrete by noting that providers are often poorly enumerated in ways that don’t translate cleanly into modern exchange. Payers often don’t have standardized enumeration at all. And across networks, the relationship between an individual and the organization they represent is frequently ambiguous.
Healthcare has identifiers. It doesn’t have clarity. And clarity is what the next chapter requires. Enter the LEI and vLEI.
The promise of approaches like LEI and verifiable LEI (vLEI), as the panel described it, is not simply “a better number.” It’s the ability to prove — cryptographically and portably — that an organization is what it claims to be, and that a person acting in a network is acting with a defined role and authority on behalf of that organization.
This is crucial because organizations don’t act on their own; people act on their behalf. And networks need a way to verify that relationship without relying on fragile, centralized oversight. This provides a layer to finally breed trust beyond just interoperability.
Why this is bigger than interoperability
If you’re still tempted to categorize this as “interop talk,” resist that instinct. This is not only an exchange problem. It is a cost problem, a security problem, a patient empowerment problem, a governance problem, a rural health problem and a national infrastructure problem.
Howells connected the dots in the closing minutes by explaining that healthcare is filled with inefficiencies that have become business models. There are industries built entirely around moving records from point A to point B because patients can’t reliably access and share their own data. There are organizations profiting from the gaps created by weak identity assurance and inconsistent exchange.
If healthcare can build a trust layer — one that strengthens identity proofing, supports modern authorization and enables secure, privacy-preserving exchange — it doesn’t just make interoperability better. It removes waste. And it changes the trajectory of what becomes possible in care delivery.
Mitchell Josephson is CEO of Health Data Management.