Bill S-5 creates a federal framework aimed at making health information technology products and services easier to use, exchange and access by requiring vendors to deliver interoperable systems and by enabling rules that target practices that prevent data exchange. The measure focuses on vendor obligations rather than health-care providers, and it sets the stage for standards and enforcement mechanisms to be established by regulation.
Professionals in procurement, compliance and digital health should note that the bill gives the federal government tools to (1) specify interoperability standards, (2) define prohibited data‑blocking practices, (3) verify vendor compliance and (4) impose administrative penalties. It also includes a mechanism to apply the Act in provinces or territories by order when local requirements are not judged substantially similar.
At a Glance
What It Does
The bill requires health information technology vendors to ensure their products and services are interoperable and enables a prohibition on data‑blocking practices, with the detailed standards, prohibited acts and penalties to be set by regulation. It empowers the Governor in Council and the Minister of Health to make and enforce those rules, including verifying vendor compliance and creating administrative monetary penalties.
Who It Affects
The primary targets are companies that license, sell or supply health information technology as products or services; downstream effects reach hospitals, clinics, provincial health systems, digital health integrators and vendors' contracting partners. Provincial governments are affected indirectly because the federal scheme can be made applicable to a province by order if the province lacks substantially similar rules.
Why It Matters
If enacted and implemented, the bill would shift some interoperability obligations onto vendors and create a federal enforcement backstop, altering procurement specifications, contract negotiations, product roadmaps and compliance programs. It also creates a pathway for national standardization of health data exchange while raising federal–provincial coordination questions.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
Bill S‑5 defines core terms (electronic health information, health information technology, data blocking, vendor) and places the legal duty squarely on health information technology vendors to ensure their products and services are interoperable. Interoperability under the bill is functional (allowing easy, complete and secure access, use and exchange of electronic health information) and normative (subject to standards, specifications or other requirements the regulations will set).
The definition explicitly preserves limits where applicable privacy laws restrict access or exchange.
The Act prohibits data blocking by vendors, but leaves the concrete list of blocked practices and enforcement mechanisms to the regulations. Those regulations may: specify interoperability standards; enumerate data‑blocking practices; authorize the Minister of Health to verify compliance (including requiring documents and information from vendors); establish complaint procedures; and create administrative monetary penalties to promote compliance.
The bill removes a common incorporation-by-reference timing limitation so the regulations can reference standards that evolve over time.A distinctive feature is the Governor in Council order power: the federal government may declare the Act applicable in a province or territory after applying regulatory criteria and processes if the jurisdiction’s rules aren’t substantially similar or stronger. The Governor in Council may also amend or repeal such orders.
The bill also explicitly states that section 126 of the Criminal Code (a general offence provision) does not apply to contraventions of the Act or its regulations, signaling that enforcement will rely on administrative, not criminal, tools.Finally, the Act comes into force on a day fixed by order in council, so its practical start date and the timing of the regulations will determine when vendor obligations and enforcement mechanisms take effect. Taken together, the statute sets up a federal regulatory architecture that delegates most operational detail to regulations and to orders bringing provinces into the federal scheme where provincial rules are judged inadequate.
The Five Things You Need to Know
Section 5 requires every health information technology vendor to ensure the products or services they license, sell or supply are interoperable as defined in the Act.
The Act’s interoperability test requires easy, complete and secure access, use and exchange of electronic health information, subject only to limits imposed by applicable privacy laws.
Section 6 prohibits data blocking by vendors, with the specific practices constituting data blocking to be listed in the regulations.
Section 7 lets the Governor in Council apply the Act to a province or territory by order if, after regulatory criteria are applied, that jurisdiction’s requirements are not substantially similar to or do not exceed the Act’s.
Regulations may empower the Minister of Health to verify vendor compliance, create administrative monetary penalties, define prohibited acts and set review procedures; the Act removes a timing limitation so regulations may reference evolving external standards.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions that focus obligations on vendors and electronic health information
Section 2 establishes the statutory terms the rest of the Act uses: it ties duties to 'health information technology vendors' and defines 'electronic health information' and 'personal health information' broadly. Because obligations attach to vendors rather than health‑care providers, the compliance burden and the scope of enforcement are framed around commercial actors that design, sell or host health IT.
Statement of purpose centered on access and person‑centred care
Section 3 frames the Act’s objectives—easy, complete and secure access to electronic health information and prohibition of data blocking—which will guide regulatory interpretation. The purpose clause will be relevant for courts or tribunals interpreting ambiguous regulatory provisions and enforcement actions.
Vendor duty to deliver interoperable health IT
Section 5 imposes a positive duty on vendors: their products and services must be interoperable. The provision has both a functional element (practical access, use and exchange) and a standards element (must meet regulatory requirements). Practically, that pushes vendors to design products that support data portability and standardized exchange formats or risk regulatory action.
Prohibition on data blocking, implemented by regulation
Section 6 declares data blocking by vendors unlawful, but defers to regulations to define the prohibited practices. This drafting gives regulators flexibility to target specific acts (for example, contract clauses, interface restrictions, or withholding APIs) while keeping the statute concise.
Governor in Council orders to extend the Act to provinces or territories
Section 7 gives the federal executive the discretion to make the Act apply in a province or territory by order if the jurisdiction’s requirements aren’t substantially similar or don’t exceed the Act’s after review under regulatory criteria. It also permits amendment or repeal of such orders. This mechanism is a federal tool to create national effect without relying on provincial adoption.
Broad regulatory powers and dynamic incorporation of standards
Section 8 lists broad rule‑making powers—amending definitions, specifying standards, detailing prohibited practices, authorizing verification and complaint handling, and establishing administrative penalties and review processes. Section 9 removes a statutory limitation so regulations can incorporate external technical standards as they evolve, meaning regulators can point to up‑to‑date interoperability specifications without reprinting them in the Gazette.
Enforcement choice and coming into force
Section 10 bars application of Criminal Code section 126 to contraventions, signaling a preference for administrative enforcement rather than criminal penalties. Section 11 leaves the Act’s start date to an order in council, so the government controls sequencing—regulations, standards reference, and any provincial orders can be aligned before obligations begin.
This bill is one of many.
Codify tracks hundreds of bills on this topic across all five countries.
Explore this topic in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Patients and caregivers — gain clearer legal backstops for accessing and moving electronic health information across systems, improving continuity of care and self‑management.
- Clinicians and health‑care teams — benefit from reduced friction in obtaining complete patient records when interoperable systems and enforced vendor obligations increase data availability.
- Researchers and health system planners — gain more consistent, potentially standardized access to electronic health information for population health analysis if regulations enable standardized exchange.
- Public payers and provincial health authorities — stand to benefit from more interoperable vendor offerings that reduce integration costs and enable system‑level data use, particularly where a federal order brings uniform requirements.
Who Bears the Cost
- Health information technology vendors — face direct compliance costs to redesign products, document standards conformance, respond to ministerial verifications and potentially pay administrative penalties for breaches.
- Small digital health suppliers and startups — may be disproportionately affected by compliance and certification expenses, potentially raising market entry barriers or consolidating market power toward larger vendors.
- Provincial governments with bespoke regimes — may incur negotiation and administrative costs if federal orders are used; they may also have to reconcile existing procurement and privacy frameworks with federal standards.
- Health-care organizations and IT integrators — will need to revise contracts, procurement specs and deployment plans to reflect vendor changes and new contractual protections for data flow.
Key Issues
The Core Tension
The bill tries to reconcile two legitimate goals—rapidly improving patient access and nationwide data exchange by imposing vendor obligations, and respecting provincial jurisdiction and commercial realities—but doing so transfers considerable power to federal regulators and the Minister while relying on administrative enforcement; the tension is between achieving uniform, functional interoperability and avoiding overbroad federal intrusion or onerous vendor burdens that could stifle innovation or complicate provincial privacy regimes.
The Act delegates nearly all substantive detail—what interoperability means in practice, which acts count as data blocking, complaint and review procedures, penalty amounts, and the criteria for bringing provinces into the federal scheme—to the regulations. That makes implementation speed and regulatory choices decisive: the policy will look very different depending on whether regulators set prescriptive technical standards, adopt international specifications by reference, or use a principles‑based approach.
The removal of the timing limitation on incorporation by reference is practically useful but raises transparency and parliamentary‑oversight concerns because standards can be updated outside the full legislative process.
The federal order mechanism in section 7 is an intentional instrument for national reach but sits in a contested constitutional space. The Act avoids direct federal takeover of provincial health regulation by making provincial application discretionary and contingent on comparisons of regulatory equivalence, yet applying the Act by order could trigger intergovernmental friction and practical complexity when provincial privacy laws, procurement rules, or health system architectures differ.
Finally, the Act opts for administrative enforcement: Criminal Code section 126 will not apply, and the primary sanctioning tools are administrative monetary penalties and ministerial verification powers. That approach accelerates remediation but narrows the range of remedies and raises procedural fairness and evidentiary questions about how verifications, notices of violation and penalty reviews will be handled.
There's more to this law than the bill.
Codify Laws traces every connection across the legislative lifecycle.