​To implement a PSD2-like policy in healthcare, the sector would need to introduce major technological, regulatory, and cultural innovations.

 

PSD2 (the European Union's Second Payment Services Directive) transformed banking by mandating open APIs, giving users control over their data, and enabling third-party innovation. A similar policy in healthcare would aim to create Open Health Data ecosystems, with patient consent at the center.

​

Here’s a breakdown of the key innovations the healthcare sector would need:

​

1. Data Access & Consent Infrastructure

PSD2 parallel: Strong customer authentication (SCA) + explicit consent for third-party access

Healthcare needs:

• Universal patient ID and consent management frameworks

  • Patients must be able to easily grant, revoke, and audit access to their health data.

  • Use of OAuth 2.0, token-based authorization, or emerging healthcare-specific standards (e.g., IHE, UMA2).

• Dynamic consent tools to allow patients to tailor who accesses which data for what purpose.

• A shared digital identity and access control standard, much like eIDAS in the EU.

​​

​

2. Interoperable, Standardized APIs

PSD2 parallel: Mandated banking APIs for account info and payments

Healthcare needs:

• FHIR-based APIs (Fast Healthcare Interoperability Resources) fully implemented and standardized across EHR vendors, labs, pharmacies, and insurers, (in the US).

• API gateways at every provider organization to expose data securely to third-party apps.

• Certification and sandbox testing frameworks for API consumers (third-party digital health apps, research platforms, etc.).

​​

3. Regulatory Mandates & Governance

PSD2 parallel: Banks were legally required to comply or face penalties.

Healthcare needs:

• Legislation mandating data portability and open access to health information (e.g., the U.S. ONC Cures Act Final Rule is a partial example).

• Regulatory bodies to oversee:

  • Third-party app certification

  • Data sharing agreements and breaches

  • Security and privacy auditing

• Development of health sector equivalents of payment service providers (TTPs) – e.g., Health Data Intermediaries (HDIs).

​​

4. Culture & Business Model Shift

PSD2 parallel: Banks had to accept competition from fintechs and open innovation.

Healthcare needs:

• Shift from data-hoarding to data stewardship — incentivize providers/hospitals  to share, not silo, patient data.

• New value propositions for healthcare institutions:

  • Monetize anonymized data through secure data marketplaces (this may sound quite controversial, however, realistically (with data being the essential fuel of the new technological era) it is likely inevitable.

  • Offer premium services based on shared analytics insights.

• Reimagine relationships between all participants in the patient treatment pathway including, providers (primary and secondary), pharma, in the US payers, third-parties and HealthTech startups.

​​

​​

5. Innovation Enablers

• Healthcare Software Development Kits, (SDKs) and developer portals to lower the barrier to entry for health app developers.

• Smart contract-based data sharing for traceability and trust, something along the lines of blockchain perhaps? Though the algorithm would need to be more thoroughly assessed for its suitability and alignment to sustainability objectives, especially of the NHS

• Data provenance and lineage tools to track usage and consent trail.

• AI-powered tools to scan for bias, misuse, and privacy risk in third-party algorithms.

​​​​

​

​Summary: Key Innovations Needed​​​