Interoperability & Digital Sovereignty as Strategic Criteria in Hospital Information Systems Procurement
Aim and Research Question(s)
Hospital operators procuring a Hospital Information System (HIS) face a problem: procurement decisions lock in vendor relationships for a decade, yet selection underweights architectural risk and dependency. Research Questions: RQ1: What role do cloud architectures and regulatory constraints — including the European Health Data Space (EHDS) — play in shaping HIS interoperability and digital sovereignty? RQ2: Which interoperability and digital sovereignty criteria are strategically relevant for HIS procurement? RQ3: Can these criteria be operationalised into an MCDA-based scoring matrix for structured HIS procurement decisions?
Background
Interoperability:four levels (foundational, structural, semantic, organisational); without level distinction, standards enumeration overestimates real integration capability (HIMSS, 2020). Digital Sovereignty requires architectural, contractual, and organisational alignment; vendor lock-in operates through technical, contractual, and data channels (Pfeffer & Salancik, 2009). Regulatory Framework (non-compensatory preconditions): GDPR, EHDS, ELGA, NIS-2. Cloud enables interoperability via open interfaces but constrains sovereignty through provider dependency; hybrid models dominate in DACH.
Methods
Five-phase sequential design (qualitative method):(1)literature review, (2)guided expert interviews (Mayring content analysis), (3)MCDA model development, (4)validation interviews, (5)synthesis. Technical Interoperability and Digital Sovereignty.
Results and Discussion
MCDA Criteria Catalogue-Digital Sovereignty: SD0 Regulatory Knockout (GDPR, ELGA, NIS-2); SD1 Data & Infrastructure Control (30%); SD2 Procurement Governance (15%); SD3 Vendor Independence / Exit Provisions (30%); SD4 Cloud & Hybrid Infrastructure (25%).
Key Discussion Findings: Vendor lock-in was the most consistently identified risk (5/9 experts); interface pricing alone can render switching economically unfeasible regardless of contractual exit provisions. Procurement governance proved as consequential as vendor capability — organisations without internal technical capacity cannot enforce contractual sovereignty rights even when formally present. All validation experts confirmed readiness to apply the model in a real tender.
Conclusion
Summary: The MCDA model operationalises interoperability and digital sovereignty as co-equal, dimensions within a single procurement instrument.
Limitations: Small empirical base; untested in live procurement; GDPR/ELGA knockouts limit transferability; EHDS and EU AI Act post-date data collection.
Recommendations
- Now: Embed criteria in tenders; require verified conformance evidence and proof-of-concept testing; mandate contractually binding data portability and migration pathways.
- Long-term: Pilot under live procurement; extend to licence and ecosystem criteria; anticipate EHDS and EU AI Act obligations.
References
(selected) HIMSS (2020); Pfeffer & Salancik (2009); Da Silva Carvalho et al. (2025); Mayring (2022)
