I’ve been covering health policy debates on Parliament Hill for years now, and this week’s announcement about Ontario’s new electronic medical records system brought me right back to conversations I had nearly a decade ago. The same promises. The same cautious hope. But this time, there’s a twist that’s keeping me awake at night.
Health Minister Sylvia Jones stood before reporters earlier this week outlining plans to replace our current patchwork of disconnected medical records. She promised a unified system accessible across the entire province. It sounds wonderful. Every Ontario resident connected with primary care by 2029. Seamless information sharing between doctors and hospitals. No more repeating your medical history to every new specialist.
But I remember 2009. I was covering Queen’s Park when David Caplan resigned as health minister. The eHealth scandal dominated headlines for months. Ontario’s auditor general released a devastating report showing $1 billion spent with almost nothing to show for it. Later reviews put the total cost of various electronic health record attempts at $8 billion. That’s billion with a B.
Dr. Kumanan Wilson sits in his office at the Bruyère Health Research Institute just blocks from Parliament Hill. He’s the CEO and chief scientific officer there. When I spoke with him about this latest announcement, his words were measured. Careful. The kind of careful you hear from someone who’s seen this movie before.
“In theory it is a good idea, but the devil is going to be in the details,” Wilson told me. “They have tried this before.”
He’s right to be cautious. Most Ontario family doctors already use electronic medical records. The problem isn’t adoption. It’s integration. These systems don’t talk to each other. Parents still hand-write their children’s vaccination records for schools. Public health agencies can’t access immunization data electronically. It’s 2025 and we’re using paper and pen.
Wilson pointed out something that keeps him up at night. Ontario doesn’t have reliable vaccination rate data. Not really. Not the kind that would help us track and respond to outbreaks. And vaccine-preventable diseases are rising. We saw that with measles outbreaks across Canada last year.
A connected system could change that. It could prevent unnecessary duplicate testing. Save money. Save time. Potentially save lives. But getting there requires navigating a minefield of technical and political challenges.
Building a centralized system is hard enough. Convincing doctors already comfortable with their current software to switch presents another hurdle entirely. I’ve talked to family physicians who worry about workflow disruptions. Training requirements. The time investment needed to learn new systems.
But Wilson sees an even bigger issue. One that touches on national security and Canadian sovereignty. Where will this data actually live?
He co-authored an article in the Canadian Medical Association Journal this year with Michael Geist and Mari Teitelbaum. Geist holds the Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa. Teitelbaum serves as chief innovation officer at CHEO. Their warning was clear and urgent.
Canadian health data faces real risks from foreign surveillance and monetization. American law allows the U.S. government to access data held by American companies. They cite national security reasons. Recent legislation extends that reach to data held by U.S. companies on foreign soil.
Think about that for a moment. Your medical records. Your children’s vaccination history. Your mental health treatment notes. All potentially accessible to a foreign government without your knowledge or consent.
And it’s not just government surveillance. Foreign companies could monetize Canadian health data without appropriate consent. Sell it. Use it for research. Package it for pharmaceutical companies or insurance providers.
Most electronic medical records today sit on cloud servers managed by American providers. Tech giants own and operate these systems. The data crosses borders constantly.
Wilson was direct when I asked him about Ontario’s plans. “I think it needs to be a Canadian company,” he said firmly. “I am not comfortable with U.S. companies hosting Canadian data. We can’t give more of our health-care data to U.S. companies.”
Europe is already moving aggressively on this front. The European Union has implemented strict requirements ensuring health data remains under European control. Citizens have rights. Institutions have protections. Data sovereignty isn’t just a buzzword there. It’s policy.
Wilson argues Ontario needs to make this a priority when talking to potential vendors. Not an afterthought. Not something to address later. A core requirement from day one.
The authors of that CMAJ article recommended specific protections. Encryption by default. Federal and provincial privacy laws requiring data storage in the region where it originates. These aren’t radical suggestions. They’re basic security measures.
I grabbed coffee last week with a family doctor friend who practices in the Glebe. She’s excited about potential improvements but worried about implementation. She’s been through two system changes already in her career. Each one disrupted her practice for months.
“If they’re going to do this, they need to do it right,” she told me between sips of her latte. “And they need to guarantee our patients’ information stays in Canada.”
That sentiment captures the mood I’m hearing across Ottawa’s medical community. Optimism tempered by experience. Hope shaded by history.
The McGuinty government’s eHealth disaster taught us expensive lessons. Technology projects fail when governments rush implementation. When they ignore expert warnings. When they prioritize speed over security.
Ontario has a chance here. A real opportunity to build something that works. Something that protects patient privacy while improving care. Something that keeps Canadian health data on Canadian soil under Canadian law.
But only if the government learns from past mistakes. Only if data sovereignty becomes non-negotiable. Only if they listen to experts like Wilson who understand both the promise and the peril.
The 2029 deadline is ambitious. Maybe too ambitious. But I’d rather see this done right than done fast. I’d rather wait for a Canadian-made system that protects our privacy than rush into another billion-dollar mistake.
Wilson’s warning deserves serious attention. The next time Minister Jones speaks about this project, someone should ask her directly. Will this data stay in Canada? Will Canadian companies build and manage the system? What protections will exist against foreign surveillance?
The answers to those questions matter more than any implementation timeline.
