Data coordination at scale: Where trust breaks, and why
Transaction volume is enormous, and the purposes of exchange are multiplying. The trust model must evolve to keep pace.
In an initial article, I made the case that healthcare is entering a trust moment. We can connect now. The “pipes” exist; APIs exist; networks exist; and data moves.
But trust at scale is still missing. And when trust is missing, the industry does what it always does — it fills the gap with friction, legal boundary-setting and growing operational overhead.
That begs the practical question at the center of this article. Where does trust break today — and why?
This article series builds on a critical roundtable conducted in the fringes of healthcare and technology conferences where movements happen. Panelists included Ryan Howells of Leavitt Partners, Scott Stuewe of DirectTrust, Karla Mckenna of GLEIF and Jared Jeffery of healthKERI.
We have good intentions
Healthcare leaders do not wake up wanting weak trust. Most people building networks are trying to do the right thing by enabling more impactful and efficient care, reducing waste, helping the industry realize its true potential on behalf of the constituents of care who depend on it.
But our current trust models were built for a smaller ecosystem that involved fewer actors, fewer transactions and narrower purposes for data exchange.
However, now the ecosystem is expanding, the transaction volume is enormous, and the purposes of exchange are multiplying. Unfortunately, the trust model hasn’t evolved at the same pace.
The ‘directory as a trust registry’ is fragile
One of the most candid comments from the panel came from Stuewe, noting that many national networks effectively use their directories as a trust registry. In sum, presence in the directory becomes the signal of membership, and membership becomes the signal of trust.
That works, until it doesn’t. A directory can indicate that an entity exists in a list, but it can’t independently prove the quality of onboarding, the legitimacy of authority, the relationship between individuals and organizations, or the purpose for which data is being requested.
When the directory becomes the trust model, the network becomes brittle, and in healthcare, brittleness turns into uncertainty.
The onboarding gap as the first crack
Stuewe described the onboarding challenge faced by every network at scale. When a new organization enters a network, the system has to answer basic questions, such as, what kind of organization is this? Are they who they claim to be? Are they authorized to participate in this exchange context? Are they being enrolled under the right policies and guardrails?
In theory, networks have processes for this. But in practice, when enrollment is pushed downstream and spread across many entities, trust becomes inconsistent. And when trust becomes inconsistent, the network becomes vulnerable to the lowest-quality onboarding experience in the ecosystem.
This is the point that often gets missed in national policy conversations. It’s easy to design a rule, but it’s much more difficult to design a trust mechanism that behaves the same way across thousands of organizations.
Enumeration is still surprisingly unresolved
Another sharp reality that appeared during the discussion is that the industry still struggles to enumerate who is who.
Stuewe pointed out that providers often poorly enumerate themselves. Even when identifiers exist, they can be overly granular, inconsistently maintained or not useful for the practical question a network needs to answer — which organization is this exactly?
He also made a point that should make any health data leader pause — payers aren’t enumerated cleanly at all. There is often no universal “number” to identify a payer in an automated exchange context.
In any effort to build a digital trust system, reverting to, “We’ll just use the name” is not a serious answer.
The relationship gap
Even if enumeration were perfect, there is a deeper problem.
Networks often lack a reliable way to bind together three essential truths — the organization, the individual, and the individual’s role and authority within that organization.
Stuewe described this as the missing relationship between individuals in the network and the organizations in which they participate.
Clinicians work across multiple organizational contexts. Leaders have multiple affiliations. Delegated authority exists everywhere in healthcare. Contractors, clearinghouses, business associates and ecosystem partners act in complex chains.
This graduation of correlation forces many current trust models to behave beyond what they were scaled to do.
Purpose-of-use abuse is a predictable outcome
The panel also discussed a stark example shared by Jared Jeffery, framed carefully as allegations within ongoing legal proceedings.
The story, as described, involved an actor allegedly gaining access to a nationwide network by presenting themselves as a clinician, without proper vetting, and then using the access for non-clinical purposes.
Whether that specific allegation ultimately holds up in court isn’t the point to be emphasized. The point is that the category of failure is predictable.
When onboarding is inconsistent, when enumeration is weak, when organizational identity is not verifiable, when individual credentials are not reliably bound to organizational authority, and when purpose-of-use cannot be proven in a way that scales – that’s when misuse is not surprising. In fact, it’s inevitable.
And when it happens, it doesn’t stay technical. It becomes legal. It becomes reputational. It becomes a reason for organizations to retreat back into defensive postures.
The effects of enforcement and scaling pressure
This is also why the timing matters. As the ecosystem expands beyond treatment-only exchange and into broader categories — payment, operations, consumer-directed access — the surface area grows. The transaction volume grows, and the incentives for misuse grow.
And, as Howells sees it, the ability of any centralized entity to “oversee” it all remains structurally limited.
That is the core tension — we are scaling exchange faster than we are scaling trust.
What’s needed before further expansion
If we want healthcare exchange to scale without collapsing into friction and fear, the next phase has to be trust by design. That’s different than trust-by-directory or trust-by-paper-policy.
This entails trust-by-credential; trust-by-verifiable identity; trust-by-role; and trust-by-purpose. That is where our collective conversations need to be heading.
It’s why organizational identity is not a side issue; rather, it is foundational. It’s why individual identity can’t remain trapped in usernames and passwords. And it’s why purpose-of-use needs to become something that can be proven, not merely asserted.
In Article 3, I’ll bring this to the constructive finish line and the blueprint that this panel is pointing toward — how SEDI (individual identity), vLEI (verifiable organizational identity) and modern credentialing can work together to create an exchange ecosystem where trust becomes portable, verifiable and scalable.
The future of healthcare interoperability won’t be decided by whether we can connect. It will be decided by whether we can trust the connection.
Mitchell Josephson is CEO of Health Data Management.