Balancing Harm Reduction With Maximizing Benefits: A Review of Principle 5 of the Pan-Canadian Health Data Charter

Abstract

Principle 5 of the Pan-Canadian Health Data Charter highlights the importance of maximizing public benefit from reusing health data with minimizing harm, focusing on quality, security, privacy, and reliable governance. This article brings together findings showing that Canada’s fragmented and non-interoperable data landscape, along with inconsistent governance, leads to reduced clinical safety, slower research and innovation progress, and significant economic setbacks. Moreover, prioritizing privacy above all can unintentionally hinder valuable data sharing. Our recommendations are to mandate data sharing with protective safeguards, implement national interoperability standards, shift towards stewardship models, and create culturally grounded health data governance for Indigenous and equity-seeking groups.

Introduction

Principle 5 of the Pan-Canadian Health Data Charter (“Charter”), one of ten principles of the Charter, requires balancing the maximization of public benefit from health data use with the mitigation of health data-related harms through high-quality, secure, and privacy-respecting governance. This article provides a critical assessment of Principle 5 by (1) summarizing the Health Data-Related Harm (HDRH) framework, (2) reviewing evidence on Canada’s data quality and interoperability gaps and their clinical and economic consequences, (3) examining governance challenges with the Alberta Health Information Act, and (4) evaluating recent policy developments, including federal harmonization efforts such as Bill S-5.

It also examines the relationship of Principle 5 with other Charter principles. The aim is to clarify how protective functions (privacy, security, and stewardship) and enabling functions (interoperability, mandated sharing, and data quality) must operate together, and to offer recommendations for aligning policy and practice with the Charter’s intent.

Charter Principle 5

Principle 5 of the Charter, “the quality, security and privacy of health data to maximize benefits, build trust, and reduce harm to individuals and populations,”¹ places emphasis on balancing the quality of health services with potential harm arising from poor data use as prerequisites for public trust. While data security requires protection from unauthorized access, cyberattacks, loss, corruption, or insider misuse, achieving quality health programs and services requires the capacity to access health data to support clinical care, population health, and research and innovation.

Principle 5 explicitly calls for the need to strike a balance between maximizing public benefit through appropriate sharing of health data while still assuring the mitigation of all potential forms of health data-related harm, including but not limited to privacy.

Health Data-Related Harm Framework

The concept of HDRH frames privacy as one of ten forms of harm that can arise from poor health data access, quality, and use (Figure 1).² Harm to individuals, populations, or the health system can result from both the oversharing and under-sharing of health data.

Figure 1.

Health Data-Related Harm Framework

While privacy is about limiting data collection to what is necessary, using data only for legitimate, consent-aligned purposes, ensuring individuals understand how their data are used, and applying de-identification and privacy-preserving technologies, other forms of harm including damage to patient health and well-being, cultural harm, health provider burnout, failure to support research and innovation, and health system dysfunction can arise from obstacles or excessive limitations on the ability to access appropriate health data.

For Canadians to feel confident about the health system, they must be assured that their data are not being exploited, commercialized without consent, or used in ways that undermine autonomy, but at the same time are accessible and effectively used to support their health and well-being. Striking this balance is what Principle 5 of the Charter aims to achieve. This is perhaps the most significant insight that Principle 5 affords, that privacy is not the principal risk of health data use but is reimagined as one of many forms of health data-related harm.

Public Trust in Health Data

Principle 5 is a cornerstone principle of the Charter, as all other principles rely on using health data to maximize public benefits and minimize harm. For this to happen, interoperable systems must facilitate the flow of data, ensuring the portability and accessibility of health information, as outlined by the Canada Health Act.³ Health data must be accurate, complete, up-to-date, collected consistently across jurisdictions, and fit for clinical, administrative, research and innovation purposes.⁴ When clinicians cannot access or trust data, they can duplicate tests, miss critical information, and increase patient risk. Poor-quality data can lead to misdiagnosis, inequitable decisions, flawed research, and system-level inefficiencies.

While public trust is a functional requirement for safe clinical care, trust in Canadian health data is currently lacking, and improving data access, quality, and interoperability is vital for restoring confidence.⁴ Interoperability is fundamental to the Charter and necessary for achieving Principle 5’s goals, but Canada’s health data regulations encourage fragmentation among independent service-based electronic medical record systems that cannot share information.

While Canada collects large amounts of health data, it fails to make them timely, connected, accessible, comprehensive, relevant, contextualized, or trusted.⁵ Difficultly in moving health data efficiently where they are needed negatively impacts individuals, populations, and the health system.⁶ Poor interoperability leads to unsafe care, medical mistakes, physician burnout, and missing critical patient information—resulting in avoidable errors, compromised safety, and preventable deaths.⁷

Research shows that enhancing interoperability can cut unnecessary tests, prevent hospital admissions and readmissions, improve chronic disease management, and reduce medication errors, all of which can add quality-adjusted life years annually.⁴ Poor data quality and restricted access bring significant systemic costs—a form of harm itself. Canada is estimated to lose over $9 billion each year due to poor data quality, inadequate interoperability, and underused data.⁵ Canada Healthwatch estimates that data fragmentation costs the country $2 billion annually,⁸ while the Canadian Medical Association’s Interoperability Task Force in 2024 reports that digital tools frequently fail to support care due to inaccessible or non-exchangeable critical information.⁹

At present, Canada lacks clear, standardized, and legally supported data-sharing frameworks that facilitate responsible Artificial Intelligence (AI) model training while safeguarding individual privacy and maintaining public trust. Moreover, there is limited public policy focused on mitigating the broad spectrum of health data-related harms. Existing harm reduction efforts have predominantly emphasized privacy, with insufficient attention to data standards that support the welfare of Canadians, promote health innovation, and ensure effective health system functioning.⁷

Better data quality and access strengthen clinical decision-making, support AI and machine learning, enhance research productivity, improve policy development, and foster growth in the health technology sector. Transforming data systems to be secure, high-quality, interoperable, and trusted will decrease health data-related harm and provide substantial benefits to Canadian healthcare.

Health Data Access

Principle 5 highlights foundational considerations regarding how benefits can be maximized from the use of health data while minimizing harm associated with both excessive and insufficient sharing of data. Health data constitute a fundamental asset within modern health systems, underpinning clinical decision-making, public health surveillance, artificial intelligence development, and precision medicine.⁴ Recent analyses indicate that Canada’s opaque health data access processes, inconsistent privacy regulations, and absence of interoperable infrastructure impede the generation of real-world evidence, delay clinical trials, hinder AI development, and diminish the nation’s competitiveness in digital health and life sciences.¹⁰

A 2024 national assessment revealed that none of the 48 evaluated Canadian health datasets employed standard metadata or discovery tools.¹¹ The resulting impacts on innovation include prolonged navigation periods for researchers due to unclear access procedures, abandonment of promising studies because of feasibility concerns, and Canada’s lagging position relative to countries with streamlined data access such as the United Kingdom, Denmark, and Australia.

The absence of robust public policy, well-defined governance principles, and shared data infrastructure has contributed to Canada’s diminished global standing as a preferred destination for testing and developing health innovations.¹² The current environment restricts innovators’ ability to build or validate data-driven products and deters investment in Canadian ventures due to uncertainty around data access, placing Canada at a disadvantage in AI-enabled health technologies. These challenges negatively impact the life sciences sector and compel patients and clinicians to compensate for systemic shortcomings, resulting in slower scientific progress, delayed access to novel therapies, and forfeiting opportunities to enhance safety and quality.

Secondary use of health data has the potential to generate substantial societal benefits; however, such benefits are contingent upon the strength of privacy, security, and governance frameworks necessary to uphold public trust. Privacy protections not only fulfil legal requirements but also serve as a societal contract enabling data utilization. Public confidence in third party data access relies on trust in data security and privacy as well as transparent enforcement mechanisms.⁶ To maximize the advantages of data sharing and simultaneously reduce privacy-related risk, it is essential to implement clear and transparent consent models alongside definitive guidelines for secondary data usage—for research, AI training, public health, and private sector purposes.

For indigenous populations, including First Nation, Métis, and Inuit communities, maximizing the benefit from health data requires culturally appropriate privacy measures, community-led governance, and high-quality data reflecting Indigenous priorities. One proposed approach involves establishing community-governed data access committees which could also be extended to other equity-seeking groups.

Case: Alberta Health Information Act

Although Principle 5 acknowledges the need to maximize benefits while minimizing harm, there is a lack of specific standards for quality, security, or privacy, as well as limited ways to monitor or enforce them. A recent review of Alberta’s Health Information Act (HIA) observed that privacy restrictions can block valuable data flow, resulting in numerous health-related harms due to restricted access.¹³ The review determined that the HIA’s custodial model unintentionally contradicts the Charter’s intent, creating fragmented data systems that undermine patient care, well-being, and health system efficiency. Even though the HIA was designed to allow safe information sharing, its primary focus on privacy fails to balance the necessity of sharing data to advance quality health services and programs. This imbalance discourages data sharing for research and innovation and hinders investment in interoperable health data platforms.

For instance, although one goal of the HIA is “to provide for appropriate sharing of this information to ensure excellent patient care and excellent management of the Alberta health system,”¹⁴ risk-adverse custodians often prefer to restrict information sharing rather than face potential penalties for violating the HIA. Without an obligation to share, withholding health data frequently becomes the default decision.

A key recommendation from the HIA review called for mandatory sharing of essential health information, balanced with privacy and security safeguards.¹³ Such an approach would encourage proper data exchange for care, safety, quality, research, and system management, while protecting against privacy risks, governed by stewardship instead of strict custodial control. The review’s findings support Charter Principle 5’s spirit: that data quality, security, and privacy should facilitate benefits and not obstruct them, and that reducing overall harm demands governance promoting secure, prompt, and connected health data access.

The assessment that Alberta’s custodial model places excessive emphasis on privacy at the expense of other values highlights the need to update governance to support safe and interoperable data access, consistent with Principle 5. Health system governance modernization should prioritize data stewardship as a fundamental responsibility, with effective stewardship requiring capable individuals and constructive organizational practices, including training for clinicians, administrators, and data scientists.

Governance, Harmonization, and Legislative Developments

Data stewardship requires leadership accountability and incentives for privacy by design, but current political and legal barriers in Canada hinder effective data sharing and governance.⁴ Inconsistent provincial rules and vendor lock-in limit secure data mobility, while privacy and security frameworks remain inadequate.⁶ Harmonized governance is essential to standardize privacy, security, and data quality across jurisdictions. The Pan-Canadian Health Strategy Expert Advisory Group and Principle 10 of the Charter emphasize the need for health data governance which commits Canada’s territorial, provincial, and federal governments to the “harmonization of health data governance, oversight, and policy.”¹⁵ Person-centric design (Principle 1) means data should follow individuals across care settings, while common standards (Principle 2) require interoperability, access, and portability. Ensuring quality, security, privacy, and harm reduction (Principle 5) requires data reuse that is safe and trustworthy.

Principle 5 articulates the core value tension between maximizing benefits and minimizing harm, while Principle 10 establishes harmonization of governance, oversight, and policy as the structural mechanism required to achieve this balance. Collectively, these principles explain the necessity for interoperability, with Principle 10 further detailing how governmental collaboration is essential for its realization.

However, similar to other principles within the Charter, Principle 10 does not constitute statute or regulation and is therefore not legally enforceable. Jurisdictions are not compelled by law to harmonize their statutes, making implementation reliant on political will, intergovernmental cooperation, and local legislative reform. In the absence of federal legislative modernization, harmonization risks remaining symbolic, which may allow the challenges posed by data fragmentation to persist in a legal environment that discourages, appropriate, safe, and beneficial data sharing.

Current initiatives are addressing the lack of standardization systems and incompatibility among electronic platforms used by health service providers, clinical practices, and healthcare organizations across Canada. Bill S-5 (2026 “Connected Care for Canadians Act”) proposes to establish “requirements for interoperability,” setting standards that developers of electronic medical record systems must follow.¹⁶ This vendor-centric legislation aims to facilitate secure and efficient sharing of health data among service providers, potentially extending across provinces and territories.

Bill S-5 would align with the Charter by requiring all information technology companies providing digital health services in Canada to adopt common standards supporting secure information exchange.¹⁶ It would also prohibit health information companies from engaging in “data blocking,” thereby preventing undue restrictions on information access or sharing, while preserving patient privacy rights. However, Bill S-5 would only apply where existing provincial or territorial regulations are not “substantially similar,” which could result in a fragmented landscape of standards and possibly undermine the uniform security, privacy, and quality benchmarks set out by the Charter. The initial iteration of Bill S-5 (formerly Bill C-72) progressed only to first reading in the House before being removed from the agenda. The federal government has since reintroduced the bill in the Senate, which was reviewed by the Standing Senate Committee on Social Affairs, Science and Technology (“SOCI Committee”). Notably, the Report of the Committee observed,¹⁷

that health information technology vendors constitute only one element of a broader health data ecosystem. Focusing solely on vendors is insufficient to achieve comprehensive interoperability and meaningful access to personal health information for Canadians. To fully realize the benefits of interoperable health data, the government should consider extending responsibility for the access to and exchange of electronic health information to all individual or institutional providers of health care.

At the time of writing, the third reading of Bill S-5 is underway. It must proceed through the upper chamber before consideration in the House of Commons.

Conclusion

Principle 5 underscores the need for robust governance. However, as discussed in this article, Canada continues to face challenges stemming from fragmented legal frameworks, inconsistent provincial regulations, and systemic as well as institutional barriers that constrain secure data mobility. Security and privacy protocols can be redesigned to facilitate appropriate data sharing, with trust being cultivated through accountable governance structures. In the absence of comprehensive federal legislation, enhanced alignment across jurisdictions will require more ambitious approaches to governance.

tEfforts to increase public awareness of data rights and protections should be encouraged and aligned with educational initiatives that highlight the value of data access. Sustained efforts to foster public trust in digital health systems, combined with more responsible data-sharing practices for research and innovation, will help maximize benefits while reducing associated harms.

A balanced interpretation of Principle 5 necessitates recognizing that its two central themes—maximizing benefits by building trust and mitigating harm due to data under-sharing, as well as minimizing risk to the security and privacy of health data from over-sharing—are not competing priorities; rather, they are mutually reinforcing elements. Safeguards such as privacy measures, robust security controls, ethical governance, Indigenous data sovereignty, and transparent oversight constitute the foundational structure that enables the safe and responsible utilization of health data. These protective measures are designed not to inhibit the flow of health data but to establish the conditions that render appropriate sharing both value-adding and trustworthy.

Fulfilling the vision of the Charter will require greater political will and aligned capabilities that enable benefit, such as high-quality, interoperable data, a commitment to data sharing for care and research, innovation analytics, and reduced administrative burden. These capacities will enhance the Canadian health system’s ability to deliver safer care, support population health initiatives, drive research and innovation, and mitigate the diverse forms of health data-related harm identified in recent assessments. When protecting and enabling mechanisms operate cohesively, guided by progressive data stewardship, they will more likely achieve the outcomes set forth in the Charter and Principle 5.

Footnotes

ORCID iD

Geoff Gregson

Ethical Considerations

The research described in this manuscript did not constitute human participants research, and as such did not require ethics approval.

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

Declaration of Conflicting Interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data Availability Statement

No data were collected, generated, or used as part of this research.*

References

Health Canada . Pan-Canadian Health Data Charter. Government of Canada. Available at: https://www.canada.ca/en/health-canada/corporate/transparency/health-agreements/shared-health-priorities/working-together-bilateral-agreements/pan-canadian-data-charter.html

Health Data-Related Harm Framework. Adapted with permission from Deonarine A . Validation of a Novel Framework for Assessing Health Data-Related Harm Arising From Artificial Intelligence and Information Systems Use in Healthcare: A Pilot Survey and Mixed Methods Study. Unpublished manuscript; 2026.

Department of Justice . Canada Health Act, RSC 1985, C C-6, s. 7. Government of Canada. Available at: https://laws-lois.justice.gc.ca/eng/acts/c-6/page-1.html

Affleck

Kain

Lindeman

, et al. Health data access, quality, and use: factors impacting physician performance. Healthc Manag Forum. 2025;38(5):425-430.

Mullie

Chuck

Razak

. A health economic analysis of the potential in transforming Canada’s health data systems. Healthc Q. 2025;28(2):37-45.

Affleck

Murphy

Williamson

, et al. Interoperability saves lives. Alberta Virtual Care Coordinating Body (AVCCB). Published October, 2023. Available at. https://cpsa.ca/wp-content/uploads/2023/11/Interoperability-Saves-Lives-Final.pdf. Accessed March 3, 2026.

Torab-Miandoab

Samad-Soltani

Jodati

Rezaei-Hachesu

. Interoperability of heterogeneous health information systems: a systematic literature review. BMC Med Inf Decis Making. 2023;23(1):18.

Pyper

. The Health Data Imperative: Why Canada’s Health Future Depends on Secure Interoperability. Canada Healthwatch; 2025. Available at: https://canadahealthwatch.ca/2025/08/07/the-health-data-imperative. Accessed March 11, 2026.

Canadian Medical Association . Digital health interoperability task force report. Published November, 2024. Available at: https://policybase.cma.ca/media/PolicyPDF/PD25-06.pdf. Accessed February 27, 2026.

10.

Wolfson

. Indicators for assessing the interoperability of health data in Canada. CMAJ (Can Med Assoc J). 2024;196(42):E1389-E1390.

11.

Read

Gibson

Leahey

, et al. Understanding the challenges associated with finding and accessing restricted data in Canada: a mixed methods study. FACETS. 2024;9:1-9. doi:10.1139/facets-2023-0102.

12.

Sen

. The missing pillar of Canada’s AI strategy: data supply chains. CD Howe Inst Comment. 2026;706:1. Available at: https://cdhowe.org/publication/data-supply-chains-are-a-missing-link-in-canadas-ai-strategy/. Accessed March 4, 2026.

13.

Tam

Affleck

Bucci

, et al. Disconnected care: the impact of the Alberta Health Information Act on the health and wellbeing of Albertans. 2025. https://www.albertavirtualcare.org/_files/ugd/3eb345_e662771046f74983b9e62f55410946dd.pdf. Accessed March 2, 2026.

14.

Hibbitt

Cramm

. Annotated Alberta Health Information Act. 1st ed. Toronto, ON: LexisNexis; 2026:38.

15.

Health Canada . Pan-Canadian Health Data Charter. Government of Canada; 2023. Available at: https://www.canada.ca/en/health-canada/corporate/transparency/health-agreements/shared-health-priorities/working-together-bilateral-agreements/pan-canadian-data-charter.html. Accessed February 25, 2026.

16.

Health Canada . The Government of Canada Introduces Legislation to Build a More Connected Health Care System. Government of Canada; 2026. Available at: https://www.canada.ca/en/health-canada/news/2026/02/the-government-of-canada-introduces-legislation-to-build-a-more-connected-health-care-system.html. Accessed March 2, 2026.

17.

Senate of Canada . Observations to the Seventh Report of the Standing Senate Committee on Social Affairs, Science and Technology (Bill S-5). Government of Canada; 2026. Available at: https://sencanada.ca/en/committees/SOCI/report/155378/45-1. Accessed May 20, 2026.