it's difficult to know exactly what's in a piece of software -- unlike the past, where a company knew precisely what was in the software it was running because the company wrote the software itself or bought it from a major vendor.
Now, an enterprise downloading a mixed-code application has to worry about what third-party intellectual property might be in that application. This could pose a serious problem to an enterprise, especially if some mission-critical application is discovered to contain a few lines of third-party code and the enterprise is forced to shut the application down until lawyers determine whether an intellectual property violation occurred.
"You've got to know, from a governance standpoint, a maintenance standpoint, even a vulnerability standpoint, 'What's in there? What am I using?'" he said. "There is a real notion that's growing that responsible software development today needs transparency and visibility of all the components that were chosen to use."
Open source software in the health-care world isn't exactly new, but doesn't seem anywhere close to hitting critical mass.
Perhaps the longest-running and most successful "open source" health-care program is VistA -- a fully integrated information system built around an EHR and developed by the Department of Veterans Affairs.
VistA supports hospitals and clinics serving veterans nationwide, and has been deployed in thousands of health-care facilities in the United States and abroad.
Because it was developed by a government agency, VistA is available in the public domain and no license fees are charged to use the software. It's not necessarily "open source" software, but it comes very close.
Joel West, associate professor of Innovation and Entrepreneurship at San Jose State University's College of Business, was a co-founder of the VistA Software Alliance, a nonprofit trade association formed to promote VistA.
West said it's not that the health-care world isn't ready for open source health IT programs or applications; it's a matter of the enterprise scale of health IT.
"A lot of successes in open source have not been in enterprise software," West said. "They've been in infrastructure, in plumbing, in tools and -- to a limited degree -- in user applications."
Much of open source software development comes from the need to scratch a particular itch, West explained, so a person sits down to write a piece of software targeted at a specific task, say compiling a binary, or a group of people fed up with existing Web server software decide to write their own.
"Health enterprise IT is a very different kettle of fish when it comes to an open source collaboration than, say, something like the Apache Web server," West said. "Health-care IT is not just a little package, 20,000 or 50,000 or 100,000 lines of code that takes inputs from one end and makes outputs on the other end.
"Health-care IT, like other enterprise software, has to be tailored to specific configurations," he explained. "Any time you talk about IT touching business processes, you've got an element of customization and configuration that goes beyond just downloading a program and running make.config and, all of a sudden, you've got a compiled binary on your hard disk."
Open source software can play a critical part in health IT, and West said he believes that will be a supporting part to proprietary software -- though many questions remain unanswered.
"Which parts are going to be shared because they're infrastructure, because they're commodity, because they're not really an opportunity for people to make money?" he said. "Which parts are going to be proprietary because they're too hard to collaborate on, because they require too much service around them or because nobody is going to get around to building a free one