Data and Standards in Digital Systems

Interoperability is the ability of two or more systems to exchange information and use it without bespoke transformation work. Achieving it requires agreement on syntax (how the data is structured) and semantics (what the data means). Standards codify both.

Without standards, every integration between two systems requires custom mapping. The mathematics compound quickly: four systems without a shared standard require six bespoke integrations. Ten systems require 45. Twenty systems require 190. Each integration is also a maintenance liability. When either system changes, the mapping must be updated.

The NHS illustrates this at scale. UK hospitals use more than 900 different clinical information systems. A patient referred from a GP surgery to a hospital outpatient department may have their record held in systems that cannot directly exchange data. Clinicians re-enter information manually at each handover. SNOMED CT (Systematised Nomenclature of Medicine Clinical Terms) was mandated for NHS clinical records in 2019 to begin addressing this fragmentation. The standard gives every clinical concept a unique identifier, so a diagnosis code in one system means the same thing in another.

An open format is publicly specified, available without licence fees, and implementable by any developer or organisation. CSV (Comma-Separated Values), JSON (JavaScript Object Notation), and XML (Extensible Markup Language) are open formats. Any system can read and write them without paying a vendor.

A proprietary format is controlled by a single vendor. Data stored in a proprietary format cannot be read without that vendor's product or an incomplete reverse-engineered implementation. The PHE Excel incident is also a proprietary format story: government data being exchanged in a format whose row limits and silent truncation behaviour were not documented in any open specification.

The Cabinet Office mandated open standards for UK government software, data, and document formats in 2012. GDS built the GOV.UK design system using open web standards throughout. When published in 2016, any government service could adopt it without licence fees or vendor dependency. Over 300 services adopted it in the first two years.

Three specifications cover the majority of API integration scenarios in UK organisations. The choice of standard is determined by the communication pattern (synchronous request-response, asynchronous event, or client-driven query), not by technical preference.

OpenAPI Specification 3.1 describes REST APIs. A REST API described in OAS 3.1 can generate client code, interactive documentation, and contract tests automatically. UK central government and the NHS API catalogue both require published APIs to provide an OAS description.

AsyncAPI 2.6 serves the same function for event-driven APIs. Systems that publish events to a message broker (Apache Kafka, RabbitMQ) rather than responding to HTTP requests use AsyncAPI to describe their channels, message schemas, and bindings.

GraphQL is a query language that allows clients to specify exactly the fields they need. GitHub's API v4 is GraphQL-based. GraphQL suits developer tooling and dashboards with diverse data requirements; it is not a replacement for REST or AsyncAPI.

Standards govern how data is exchanged. Master data management (MDM) governs how key business entities are defined and maintained across an organisation. MDM creates a single authoritative record for customers, products, locations, and employees, ensuring that the same entity is represented consistently in every system.

The NHS patient matching problem illustrates MDM at the most consequential scale. A patient may be registered under different names, dates of birth, or NHS numbers across different hospital trusts. When a GP refers a patient to a specialist at a different trust, the two trusts may not automatically recognise the records as belonging to the same person. The NHS Master Patient Index (MPI) maintains a canonical patient identifier to address this, but adoption across the 900+ clinical systems remains incomplete as of 2024.

The UK government's GOV.UK One Login programme, launched by GDS in 2022, applies the same MDM principle to citizen identity. Its goal is to give every person who uses government services a single verified digital identity, replacing dozens of separate credentials across departments.

Reference data provides the controlled vocabularies and classification schemes that give master data consistent meaning across systems. Country codes, currency codes, industry classification, and postcode formats are all reference data problems.

The ONS (Office for National Statistics) maintains UK authoritative reference data for statistics, including Standard Industrial Classification (SIC) 2007 codes used to categorise businesses. Companies House uses SIC codes when companies register. HMRC uses SIC codes for tax reporting. When a system uses SIC codes and another uses free-text industry descriptions, joining those datasets requires human judgement for every record. The ONS reference data eliminates that judgement by providing a shared vocabulary.

UK postcode validation is another reference data dependency. The ONS Postcode Directory (ONSPD), updated quarterly, maps every current and terminated UK postcode to its geographic coordinates, local authority, and electoral ward. Applications that validate postcodes against the ONSPD can detect invalid entries at input rather than during downstream processing.