Interoperability of health information systems is the ability of different healthcare technologies to exchange patient data and use that data meaningfully. It means your lab results from one hospital can travel to your primary care doctor’s system, be correctly understood, and factor into your treatment without anyone re-entering information or making a phone call. As of 2023, 70% of U.S. non-federal acute care hospitals engaged in all four domains of interoperable exchange (sending, finding, receiving, and integrating outside patient data), up from 46% in 2018. That’s real progress, but only 43% of hospitals do this routinely, meaning gaps in health data sharing remain common.
The Four Levels of Interoperability
Interoperability isn’t a single capability. It operates across four distinct levels, each building on the one before it.
Level 1, Foundational: One system can receive data from another. This is the most basic requirement. Think of it as making sure the pipe exists between two systems, even if what comes through isn’t yet organized or interpreted.
Level 2, Structural: The data arrives in a consistent format. The structure is preserved so the receiving system knows which piece of information is a diagnosis, which is a medication, and which is a lab value. Without this, a blood pressure reading could land in a notes field with no context.
Level 3, Semantic: The meaning of the data is preserved. If one system records “Type 2 diabetes mellitus” and another uses “T2DM,” both systems understand they refer to the same condition. This is where standardized medical vocabularies become essential.
Level 4, Organizational: The governance, legal agreements, privacy policies, and workflows are in place so that organizations actually trust and use the shared data. Technology alone doesn’t solve interoperability. People, policies, and processes have to align too.
How FHIR Changed Health Data Exchange
For years, health data exchange relied on older messaging standards that were complex to implement and required deep technical knowledge. FHIR (Fast Healthcare Interoperability Resources) was built to fix that. Developed from lessons learned over decades of earlier standards, FHIR uses a modular approach where everything exchangeable is defined as a “resource,” a self-contained unit of health information like a patient record, a medication, or a lab result.
Rather than forcing developers to learn an enormous theoretical data model and then constrain it down to what they need, FHIR lets them combine small, well-defined resources to match specific use cases. Each resource includes a human-readable part, shared metadata, and a common structure built from reusable data patterns. The specification was deliberately kept concise so developers could start writing working code quickly. FHIR also maintains built-in links to older health data models, so organizations that invested in previous standards can transition without starting from scratch.
Two special resource types keep implementations consistent. A Capability Statement describes what data exchanges a particular system supports. A Structure Definition adds rules about required fields, allowed values, and terminology requirements for a given use case. Together, these let two systems verify whether they can “speak the same language” before exchanging data.
Standardized Vocabularies That Make Meaning Portable
Semantic interoperability depends on everyone coding clinical information the same way. Three terminology systems do most of the heavy lifting.
SNOMED CT is the world’s largest clinical terminology. Its biggest categories cover disorders (22% of its concepts), procedures (17%), and body structures (11%). Electronic health record systems use SNOMED CT to document problem lists, procedures, and clinical findings like smoking status. It also maps to international classification systems used for billing and public health reporting, which means a diagnosis coded in SNOMED CT can be translated for insurance claims or disease surveillance without losing meaning.
LOINC covers observations and measurements. It started in 1995 as a standard for laboratory tests but has expanded to more than 86,000 terms spanning vital signs, radiology, patient-reported outcomes, and clinical documents. Each LOINC term captures what was measured, what property was evaluated, the time frame, the specimen type, and the scale of measurement. When your blood work travels from a reference lab to your doctor’s office, LOINC codes are what ensure “fasting glucose, serum, quantitative” means the same thing in both systems.
RxNorm handles medications. It provides a standardized way to name drugs so that a prescription written in one system is correctly identified in another, regardless of whether the original entry used a brand name, generic name, or a specific dosage form.
The National Framework: TEFCA
Individual standards help two systems talk to each other, but the U.S. needed a broader framework to connect entire networks. TEFCA, the Trusted Exchange Framework and Common Agreement, was created by the federal government to remove barriers to sharing records among providers, patients, public health agencies, and payers.
TEFCA establishes a universal floor for interoperability, creating a path for data to flow beyond the boundaries of any single vendor or network. It works through designated Qualified Health Information Networks (QHINs) that agree to common rules for data sharing, privacy, and security. In December 2023, the first QHINs were designated, and health data began flowing among them within days. The goal is that any provider, payer, or public health agency connected to a QHIN can securely access patient information regardless of where it was originally stored.
Common Barriers to Health Data Exchange
Despite the standards and frameworks, hospitals still face real obstacles. A study of non-federal acute care hospitals identified eight specific barriers, and the pattern is revealing.
The most widespread problem is vendor mismatch. Eighty-four percent of hospitals reported greater challenges exchanging data across different vendor platforms, and 42% called it a major barrier. When your hospital uses one electronic health record system and the specialist across town uses another, the technical work of bridging them can be substantial.
Patient matching is the next most damaging barrier. Forty-five percent of hospitals cited difficulty identifying the correct patient across systems. Without a universal patient identifier in the U.S., hospitals rely on name, date of birth, and address to match records, which breaks down with common names, address changes, and data entry errors. Hospitals that reported patient matching as a barrier were significantly less likely to have providers routinely using outside information.
Cost is the barrier most strongly associated with providers simply not using outside data even when they can get it. Hospitals reporting exchange costs as a major barrier were roughly 10 to 18 percentage points less likely to have providers routinely using information from other organizations. Other barriers include partners who don’t exchange data at all, contractual constraints between providers and vendors, inconsistent data formatting, and privacy law disputes where one party cites regulations that don’t clearly apply to the situation.
Rules Against Information Blocking
The 21st Century Cures Act made it illegal for certain actors to interfere with the access, exchange, or use of electronic health information. The law applies to healthcare providers, health IT developers of certified systems, and health information exchanges. For providers, the standard is whether they know their practice is unreasonable and likely to block access to health data. The information blocking regulations took effect on April 5, 2021, and the Department of Health and Human Services has the authority to establish disincentives for providers who violate them. This was a deliberate policy shift: interoperability is no longer optional, and organizations that obstruct data sharing face consequences.
How Security Works in Practice
Opening up health data exchange creates obvious privacy concerns. The SMART on FHIR framework addresses this by layering security protocols on top of FHIR’s data exchange capabilities. All transmissions involving sensitive information, whether patient records, login credentials, or access tokens, must use encrypted connections.
When a third-party app requests access to your health records, the system uses an authorization process where you authenticate directly with your healthcare provider’s system rather than sharing your credentials with the app. The app receives a limited-use token that grants access only to the specific data you approved, for a defined period. You can see what the app is requesting, what scope of access it wants, and accept or reject individual permissions. Partner organizations with formal data-sharing agreements can use a separate process that relies on digitally signed credentials, but the principle is the same: access is scoped, time-limited, and auditable.
Why It Matters for Patient Care
The clinical stakes of interoperability are concrete. Denmark’s national health information exchange reduced clinical errors by 70% by ensuring structured, semantically consistent data flows between providers. In the U.S. and other developed nations, enhanced interoperability among electronic health records has been projected to save up to $30 billion annually by eliminating redundant diagnostic tests and reducing administrative inefficiency.
For individual patients, interoperability means your emergency room doctor can see the medications your cardiologist prescribed, your allergist’s notes are visible to your surgeon before an operation, and your lab results don’t need to be repeated because they’re trapped in a system that can’t share them. It reduces the burden on you to be the carrier of your own medical history and lowers the risk that critical information gets lost in transit between the people caring for you.