top of page
< Back

Quebec Dossier Sante Quebec (DSQ) Certification

Discover how Fractional CTO Oshri Cohen successfully led two EMRs through full DSQ certification in Quebec—handling architecture, code, and compliance end-to-end. A must-read for healthtech founders scaling in Canada.

DSQ Certification for Two EMRs: From Architect to Integrator, End-to-End

As Fractional CTO and FCOO for two healthtech startups operating in Quebec, I personally led the entire DSQ integration effort for each platform—from architectural blueprinting, through administrative coordination, all the way to the hands-on code that made it all work.

In both cases, I was more than an executive overseeing a process. I was the DSQ integrator—functioning simultaneously as:

  • The architect defining how our systems would interface with Quebec’s highly specific protocols.

  • The administrator managing correspondence, compliance milestones, and government audits.

  • The engineer writing the actual code and integration logic for the DSQ modules.

If there was a hat to wear, I wore it. Sometimes all at once.


 The Challenge: Entering Quebec’s Health Data Ecosystem


Any EMR in Quebec must be certified with Dossier Santé Québec (DSQ), the provincial health data exchange. This means complying with a dense web of SOAP APIs, PKI encryption, multi-factor identity validation, and patient consent tracking—not to mention government bureaucracy that moves on its own schedule.


When I stepped in, neither EMR had a DSQ strategy. One hadn’t even started. The other had code partially written by a dev shop unfamiliar with Quebec regulations and was months into the weeds with nothing usable.


🧠 My Role: Lead Integrator, Not Just CTO


I became the integration engine—personally responsible for getting these EMRs DSQ-ready and certified:

At the Architectural Level:

  • Refactored core EMR components to introduce modular service boundaries compatible with DSQ specs.

  • Designed and implemented a DSQ integration layer that abstracted complex SOAP calls and XML schemas into predictable internal services.

  • Built fallback mechanisms and retry queues to handle inevitable DSQ downtime (and avoid support calls at 3am).

At the Administrative Level:

  • Registered the EMRs and their partner clinics with MSSS.

  • Managed all documentation and communications with government stakeholders, including security audits, data flow diagrams, and exception justifications.

  • Led weekly alignment calls with MSSS DSQ teams to validate progress, resolve ambiguity, and maintain momentum.

At the Code Level:

  • Personally implemented all critical DSQ modules: lab results, prescription history, immunizations, diagnostic imaging, and the client registry.

  • Created a full local test harness and mock DSQ endpoints to allow the dev team to iterate independently of MSSS.

  • Wrote and tested the PKI integration pipeline, managing secure certificate handling, encryption/decryption routines, and identity validation.

Outcomes

  • Two separate EMR platforms certified by MSSS and fully DSQ-compliant.

  • DSQ integration was delivered in 6 months, shaving 6–12 months off typical industry timelines.

  • Zero certification delays or rejections—both passed validation on the first full round of MSSS QA testing.

  • Clinics onboarded with zero production errors related to DSQ modules thanks to aggressive internal QA and observability.

Why This Work Stands Out

This wasn’t “oversight” or “strategy” from a boardroom. This was sleeves-up, code-in-editor, government-on-the-line, encryption-keys-in-hand kind of work.

Too many founders underestimate how operationally gnarly government integration can be—especially in healthcare. But when you’ve got someone who knows both the tech and the bureaucracy, it becomes a growth advantage, not just a checkbox.

I didn’t just get these platforms certified. I made them DSQ-native at their core. And I built it all to scale.

bottom of page