Search for a command to run...
Health systems must accelerate digitalization while protecting patient safety, privacy, and compliance in regulated environments. While cost-effectiveness drives digital transformation, evolving regulations can increase implementation costs and slow adoption unless systems are designed for seamless regulatory adaptation. Conventional development cycles cannot keep pace with the regulatory dynamics of digital health ecosystems. This chapter examines how model-driven software engineering (MDSE) and low-code/no-code (LC/NC) platforms can help reconcile speed with assurance in healthcare digitalization. We introduce MDSE and explain how explicit, executable models improve traceability, quality assurance, and alignment with life cycle standards in regulated health software (Brambilla M, et al. Model-driven software engineering in practice. 3rd ed. Springer, Cham. https://doi.org/10.1007/978-3-031-02546-4_4 , 2022; Walderhaug S, et al. Int J Med Inform 79(10):e333–e341. https://pubmed.ncbi.nlm.nih.gov/20841686/ , 2010). We define LC/NC, outline its synergies with MDSE, and propose a reference architecture with native HL7® FHIR® interoperability to reduce bespoke integration effort (Ajimati MO, et al. J Syst Softw 222:112300. https://doi.org/10.1016/j.jss.2024.112300 , 2025; HL7 International. FHIR Release 4.0.1 Specification. https://hl7.org/FHIR/R4/ , 2019). Drawing on DACH-region initiatives—Germany’s “Krankenhauszukunftsgesetz” (KHZG) and “Informationstechnische Systeme in Krankenhäusern” (ISiK) programmes, Austria’s “Elektronische Gesundheitsakte” (ELGA), Switzerland’s Elektronische Patientendossier (EPD)—and cross-sector examples such as the Onlinezugangsgesetz -Cloud (OZG-Cloud) and the A12 platform, the chapter analyses how shared information models and open, federated infrastructures enable faster yet sovereign digital transformation. Benefits such as shorter time-to-value, model-level consistency, and rapid regulatory adaptation are weighed against governance overhead, performance constraints, security risks, and potential vendor lock-in. Risk mitigations are framed by GDPR, OWASP LC/NC guidance, and sovereign-cloud standards including BSI C5 and ENISA recommendations (OWASP. Low-Code/No-Code Top 10 Security Risks. https://owasp.org/www-project-top-10-low-code-no-code-security-risks/ , 2025; GDPR. Regulation (EU) 2016/679 (general data protection regulation). Off J Eur Union. https://eur-lex.europa.eu/eli/reg/2016/679/oj , 2016; BSI. Cloud computing compliance criteria catalogue (C5:2020). Bundesamt für Sicherheit in der Informationstechnik. https://www.bsi.bund.de/c5 , 2020; ENISA. NIS2 technical implementation guidance. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications/nis2-technical-implementation-guidance , 2025). The outlook introduces agentic modelling with artificial intelligence, in which AI agents assist in updating regulatory models, generating tests, and producing conformance evidence under human supervision (Li X, et al. J Med Internet Res 27:e65932. https://doi.org/10.2196/65932 , 2025). The chapter concludes with decision guidance for healthcare leaders and a research agenda for MDSE-centred LC/NC ecosystems that combine interoperability, clinical safety, and digital sovereignty.