Skip to content

Merakey Blog

Insights for healthcare
technology leaders

AI compliance, data privacy, and technology strategy for Ontario developmental services agencies and Canadian healthcare organizations.

Recent articles

SustainabilityApril 22, 2026

The carbon math of cloud AI vs local inference: a Canadian perspective

Cloud AI workloads carry a hidden carbon cost from US data centers running on grids that still burn coal and gas. Local inference on Canadian hydro power tells a different story.

5 min read

ComplianceApril 15, 2026

What we learned from 50 mock QAM scans of Ontario DS agencies

Over the past six months we ran 50 mock QAM compliance scans against real agency data. The patterns are striking and the gaps are predictable.

7 min read

PlaybookApril 8, 2026

30 days to QAM-ready: a Meridian playbook for Ontario DS agencies

An audit notice doesn't have to be a fire drill. Here's the four-week playbook we walk agencies through to go from disorganized to defensible in 30 days.

5 min read

ComplianceApril 6, 2026

The QAM audit preparation checklist: what Ontario DS agencies actually need ready

A practical checklist for preparing for your next QAM compliance review under Regulation 299/10. Covers all six compliance areas, common findings, and a 90-day preparation timeline.

10 min read

TechnologyApril 1, 2026

How small DS agencies pass QAM with two staff and a spreadsheet

Compliance vendors love to talk to the big agencies. The small ones, two-home operators with two managers, are passing QAM audits anyway. Here is how.

5 min read

AI SafetyMarch 30, 2026

The yes-machine problem: AI sycophancy and clinical safety in home care

Research across 11 AI systems found chatbots affirm user actions nearly 50% more often than humans. In home care, where staff often have no second opinion available, an agreeable AI isn't neutral — it's a patient safety risk.

7 min read

Supply Chain SecurityMarch 27, 2026

When the scanner becomes the weapon: inside the TeamPCP supply chain attack

This week, TeamPCP compromised Trivy, Checkmarx KICS, and LiteLLM via PyPI. The tools developers use to secure and build AI software became the attack vector. Here's what happened and what it means.

9 min read

ComplianceMarch 25, 2026

Compliance debt: what manual QAM tracking really costs

We modeled the annual cost of manual QAM tracking across staffing, audit overhead, and risk exposure. The number is bigger than most agency directors expect.

6 min read

ComplianceMarch 17, 2026

Why Ontario DS agencies are still doing QAM compliance by hand, and what it costs them

Regulation 299/10 requires Ontario DS agencies to track training, eMAR, incidents, and more. Most still use spreadsheets. Here's what that costs them and how automation changes the equation.

8 min read

PIPEDAMarch 14, 2026

PIPEDA and AI chatbots: what healthcare organizations need to know in 2026

PIPEDA applies the moment a chatbot touches patient data. Cloud-hosted LLMs create cross-border data flows most agencies haven't accounted for. Here's what the law requires.

6 min read

AI SafetyMarch 10, 2026

ECRI's #1 health tech hazard of 2026: AI chatbot misuse

ECRI named AI chatbot misuse as the top health technology hazard for 2026. Why chatbots topped the list, what the risks are in clinical settings, and what healthcare organizations should do.

5 min read

TechnologyMarch 7, 2026

Self-hosted vs. cloud AI: why 43% of healthcare orgs are choosing local

Healthcare organizations are moving AI workloads off the cloud. We compare self-hosted and cloud AI for regulated industries, covering data sovereignty, PIPEDA compliance, and the real cost of a breach.

7 min read

ComplianceMarch 3, 2026

Understanding Regulation 299/10: the 6 areas every DS agency must track

A plain-language guide to Ontario Regulation 299/10 under the Services and Supports to Promote the Social Inclusion of Persons with Developmental Disabilities Act. What auditors look for and where agencies fall short.

9 min read

Data PrivacyFebruary 28, 2026

The $7.4M question: what a healthcare data breach actually costs

Healthcare data breaches cost an average of $7.4 million, the highest of any industry. We break down why DS agencies are at risk and how data residency, PIPEDA, and the CPPA shape your obligations.

6 min read

PIPEDAFebruary 14, 2026

PHIPA at 22: lessons from two decades of Ontario health privacy law

Ontario's Personal Health Information Protection Act turned 22 this year. Looking back at how the law has been interpreted, enforced, and tested in court tells us a lot about where AI in healthcare is going.

8 min read

TechnologyJanuary 22, 2026

Three predictions for Canadian healthcare AI in 2026

Self-hosted will go from niche to default, the breach reporting volume will double, and the first major regulatory action will land. A field-level forecast for the year ahead.

5 min read

Stay informed

Get new articles on AI compliance, healthcare technology, and PIPEDA directly in your inbox. No spam, unsubscribe anytime.

We respect your privacy. Read our privacy policy.