[projectvrm] VRM Lessons from Healthcare

[Adrian Gropper < >]

Why
 are corporations reluctant to adopt VRM principles even when such 
principles are clearly aligned with the corporation’s mission? My years 
of trying to introduce VRM thinking to healthcare have had limited 
impact. The reasons are becoming clearer and can be generally helpful to
 our group. Although healthcare and health records are very different 
from typical commerce, I offer one observation from healthcare 
information management that highlights a barrier to VRM in general.

In healthcare, the IT technology vendors are quite powerful and they’re well organized against VRM. Healthcare IT vendors are so powerful and so well organized that they can protect their business model even when the outcome conflicts with the mission of their corporate customer. The IT vendors are powerful because healthcare clients are not prepared to mess around with open source software and best-of-breed integrations. The IT vendors are so well organized that they can completely dominate the open standards process as well as whatever regulations various public institutions try to introduce into the mix.

VRM threatens the “vendor lock-in” business model. The key point is that vendor here is the IT technology vendor, rather than their client hospital or medical group who is the Vendor in VRM. The result is that VRM progresses much more slowly than one would expect by simply looking at the overlap between the mission of the Vendor and the Customer. Although this is most evident in healthcare where many Vendors are not-for-profit (sadly, often in name only) I believe it also plays some role in general commerce where platforms such as Oracle, Apple, and maybe Amazon evolve with IT vendor lock-in as the central principle.

I’m writing this ahead of IIW because I believe there is something the VRM and identity community can do to help both Vendors and Consumers. IT vendor lock-in relies on maintaining control over access to the Vendor’s database by requiring vendor “plug-ins” for access on the back end instead of consumer linkage of accounts on the front end.

In my opinion, VRM and federated identity management will continue to move slowly as long as our community ignores the technological and standards poisoning by the IT vendor lock-in business model. One antidote is OAuth 2.0 (with a strong helping of Vendor certificate standards behind the scenes) that enables consumer consent to persistent linkage of information and begins to bypass the IT vendor’s control over information flow. The result will be the kind of innovation and progress VRM is all about.

-Adrian