The Infrastructure of Trust: A Playbook for Building “Plaid for Healthcare”
What if health data were as portable as Venmo, as composable as Stripe, and as trusted as… well, anything in healthcare?
Grab a snack, this one's a ride.
Plaid didn’t win by having the best fintech UX.
They won by shipping boring infra that actually worked.
Devs could self-serve.
Apps could launch in weeks.
Banks tried to block them—consumers pushed back harder.
I listened to Plaid CEO Zach Perret’s Spotify interview and couldn’t stop thinking:
Why hasn’t anyone done this in healthcare?
🏦 From Plaid to Patients: Why Infrastructure > Apps
Plaid didn’t win fintech because they had the flashiest UX or slickest brand.
They won because they cheated… strategically.
They screen-scraped their way into every bank portal they could find.
They made a developer cry (in a good way) with how easy their API docs were.
They built a network effect before the industry even admitted APIs were a thing.
And then?
They layered services on top like Transfer, Identity, Beacon, Layer - turning plumbing into a platform. Now 1 in 3 adults in the U.S. are on the Plaid network.
That’s not an app. That’s infrastructure.
🏥 Enter Healthcare: Same Fragmentation, Different Flavor
Let me introduce you to Plaid’s twin in a parallel universe: healthcare.
It’s a mess. A beautiful, messy, trillion-dollar problem of:
10,000+ EHRs
Siloed payers
Fax machines (yes, still)
Consent that’s basically ✨vibes✨
But here’s the kicker the government mandated interoperability (hello, Cures Act). So while Plaid had to fight for open data, healthcare’s regulatory door is already open.
It just needs someone to walk through it.
🧬 Meet CuraConexus: A Blueprint for a Healthcare Data Utility
What if Plaid and Epic had a love child raised by HL7?
Let me pitch you CuraConexus.
🎯 Mission: Make health data portable, private, and programmable for every patient and every app.
Here’s the playbook, inspired by Plaid but rebuilt for HIPAA, FHIR, and trust:
🧱 Phase 1: Connectivity (Years 1–2)
MVP: USCDI v3, read-only, one API.
Edge: Abstract the chaos of 1,000 inconsistent FHIR endpoints and legacy HL7 pipes.
Hook: “We’ll get you compliant, consented patient data from any EHR no contracts required.”
🔁 Phase 2: Read/Write Interoperability (Years 2–4)
Goal: Full bi-directional FHIR.
Tactic: Partner with TEFCA, HIEs, EHR vendors, and providers.
Mode: Stop asking for access help incumbents comply with the law.
💰 Phase 3: Value-Add Platform (Years 4+)
Just like Plaid moved up the stack, CuraConexus evolves into:
🧾 CuraConexus Pay – Real-time benefits checks + cost transparency.
🪪 CuraConexus Identity – Federated login + anti-fraud for PHI.
🧳 CuraConexus Onboard – Instant patient sign-up + autofill.
📊 CuraConexus Analytics – Consent-based research data that’s de-identified but ethically aligned.
📊 CuraConexus AI – Safety first and ethical AI on top of your data
Plaid's Move:
They went from data pipes to products like Transfer (payments), Identity (verification), and Beacon (fraud intel). Each new service reinforced the value of the network.
Why Healthcare Hasn’t:
Most data aggregators stop at access. They aren’t layering smart services like automated prior auths, consent orchestration, or identity verification. Without value-add products, they’re stuck competing on raw connectivity and losing on margins.
🛡️ HIPAA-Plus Trust Framework
Let’s talk real differentiators.
In Plaid’s world, people worried about security: “Will my bank login get stolen?”
In healthcare, the question is deeper: “Will my HIV status show up on LinkedIn?”
CuraConexus response: make consent the product.
Patient Dashboard: Every app connection, audit log, and revoke button—one click away.
Minimum Necessary: Not just legalese. Actual scope-restricted API calls.
Tokenization: Nobody sees raw PHI unless they need to. Ever.
Plaid's Move:
Plaid looked boring (intentionally), acted like a bank, and treated trust as product. They became the de facto name consumers recognized even when using other apps.
Why Healthcare Hasn’t:
No one owns the “infrastructure of trust” brand in health data. The user experience of patient consent is still clunky or hidden. No company has put privacy, visibility, and control front-and-center for patients and made it a competitive differentiator.
🔌 Go-To-Market: Love Your Developers
Plaid didn’t pitch bank CIOs they won dev hearts first. CuraConexus will too.
🔧 Public docs, SDKs in Python/JS/Swift, 5-min quickstart.
🧪 Sandbox environments with synthetic PHI.
👨🔬 Workshops, FHIR meetups, and maybe a t-shirt that says “I 🖤 OAuth2.”
Free tier? Yup. Build your app, connect 100 patients, all free.
Pay-as-you-scale, and bring your BAAs when you go big.
Plaid's Move:
They won the hearts of engineers by building a beautiful, self-serve API with public docs, fast onboarding, and killer dev support. Their team texted developers, hosted parties ("Plaid Outs"), and built a cult following from the bottom-up.
Why Healthcare Hasn’t:
Health tech still sells top-down to CIOs with 12-month sales cycles, not to engineers trying to ship next week. Most FHIR APIs are behind portals, incomplete, or just painful to use. The vibe is "compliance checkboxes" not "product-led growth."
📈 How This Scales
CuraConexus becomes a utility like Twilio for PHI.
As more apps connect, more providers want to plug in. As more data flows, new value unlocks. As patient trust grows, so does adoption.
The secret sauce?
It’s not just tech. It’s being boring, trustworthy plumbing in an industry that desperately needs it.
Plaid's Move:
They aggressively subsidized adoption (e.g., one year free if you launched fast). They didn’t charge until developers had real user traction—optimizing for ubiquity, not revenue.
Why Healthcare Hasn’t:
Healthcare data companies monetize too early. They charge per record, per endpoint, or for access before delivering network scale or developer value. The result? Fragmented integrations that don’t compound.
🤔 TL;DR - What Healthcare Needs to Steal from Plaid
Screen-scraping = Legacy HL7 fax-hacking
Consumer demand = Regulatory mandate (Cures Act)
Trust = Consent management
Dev-first = FHIR-first
Infrastructure first, apps later
Cheap, easy button
Plaid's Move:
Screen-scraping was frowned upon, but it got them in the door. It solved the chicken-and-egg problem and proved consumer demand existed, forcing banks to open up APIs.
Why Healthcare Hasn’t:
There’s no equivalent “gray zone” in healthcare that companies have been willing to exploit. Everyone waits for clean FHIR APIs or ONC rules to force change. Few have leaned into creative workarounds (e.g., fax scraping, HL7 proxies) at scale to prove the value prop and build leverage.
💬 So... Who’s Building This?
If you are, I want to help.
If you want to fund it, let’s talk.
If you want to use it, let’s jam.
If you think I’m wrong, tell me why - nicely.
The infrastructure of trust isn’t built in a day.
But it can be built in a few smart sprints - with the right blueprint.
✍️ Eugene Vestel
FHIR Nerd. Infrastructure Romantic.