Innovation in the open

Open-source is a way to build public health tooling that is portable, auditable, and easier to collaborate on. A commitment to open-source forces us to take best practices in our programming seriously, such as strong documentation and clear separation between code, sensitive data inputs, and system configurations. In the public sector, it allows us to maximize the value of public dollars and offer greater transparency into our processes.

The argument for open-source in public health #

Before Wellington-Dufferin-Guelph Public Health (WDGPH) made open-source a deliberate practice, we were already sharing code with other public health units on request. This kind of collaboration works, but it tends to be point-to-point and snapshot-based. Code is transferred as-is, without shared issue tracking, clear contribution paths, or documentation that persists across staff turnover. When improvements happen, they often stay local, and similar work ends up being rebuilt elsewhere.

In Ontario, this is the model for sharing code among many of the 28 other local public health units. Ontario’s public health system creates essential local expertise and responsiveness, but also means individual public health organizations are only resourced enough to have small technical teams that must support many public health functions. These teams are also operating under strong privacy and risk-management constraints. Taken as a whole, this environment leaves a large category of technical work as not consistently collaborated upon.

Hosting open-source work #

Innovation is only meaningful if it can be adopted, and adoption is only realistic if work is packaged for reuse. Open-source does not eliminate resourcing challenges public health organizations face, but it creates conditions where components of our work can be shared and reused. Platforms such as GitHub provide a productive framework for this missing collaboration to occur, allowing us to reduce duplicated efforts, and improve consistency across jurisdictions.

Several Canadian public-sector organizations use GitHub as a collaboration platform, including WDGPH¹, the Ontario Government², Statistics Canada³, and PHAC’s National Microbiology Laboratory⁴. Their presence demonstrates that producing digital public goods through open repositories is compatible with managing sensitive information and systems responsibly.

Building for reuse #

Designing for portability means that you must separate data and credentials from code, replace hard-coded assumptions with configuration, and document installation and operation so that it could reasonably be used by someone other than yourself. It pushes you to divide large scripts into smaller components, build tests, and provide documented usage examples. Over time, this produces tools that are easier to maintain, less likely to contain bugs, and that support reuse. As this becomes standard practice, teams shift expending extra resources to restructure existing workflows into reusable and safe-to-share components, to building workflows with reusable components from the start.

At WDGPH, we aim to build in a way that could be open-sourced safely, then publish when it meets basic thresholds for privacy, security, documentation, and portability, which are documented in our public Developer Guide⁵.

Security and governance #

A common concern is that publishing code increases risk. In practice, leveraging the features of a platform like GitHub can significantly reduce risk. Dependency monitoring and vulnerability alerts help keep libraries current. Secret scanning can reduce accidental exposure. Version control and code review create a traceable history of change, including who approved what and when. Using automated workflows and containerization, build processes can be moved out of your infrastructure, and processes can be (reproducibly) executed in isolation. And none of this necessitates publishing sensitive data.

Transparency and public trust #

While we focus on open-source as a benefit to collaboration between public health organizations in this article, this practice is also aligned with building trust in public health. Trust is a key factor in the overall reach and effectiveness of a public health organization, and can be strengthened when methods are explainable, inspectable, and seen as being applied consistently across similar organizations. Publishing code is a practical way of being a more transparent and trustworthy organization overall.

Moving towards open-source #

If you are a public health unit considering open-sourcing your workflows, start with something you already share on request. Convert it into a small, documented, testable package that uses synthetic data and runs in a clean environment. Make it runnable by someone who has never seen your infrastructure. Doing this should reveal any hidden assumptions, unsafe coupling to local systems, and where sensitive details are accidentally embedded. Even if you never publish the result, you end up with a tool that is more resilient, easier to hand off, and better prepared for collaboration when the right opportunity arrives.