Privacy Policy

Privacy Policy

How SJTN Care Inc. collects, uses, protects, and discloses your personal information and personal health information.

Effective Date: June 21, 2026Last Updated: June 21, 2026

1.Introduction & Our Commitment

SJTN Care Inc. ("SJTN Care", "we", "our", or "us") is a licensed home and community care provider serving individuals in Kingston, Ontario and surrounding areas. We are committed to protecting the privacy, confidentiality, and security of the personal information (PI) and personal health information (PHI) entrusted to us by our clients, families, healthcare partners, funding agencies, and website visitors.

This Privacy Policy explains what information we collect and why, how we use, store, and protect it, who we share it with, your rights under applicable privacy laws, and how to contact us with concerns. By engaging with SJTN Care — including by receiving care services, using our website or applications, or otherwise interacting with our team — you acknowledge the practices described in this Policy.

Regulatory Framework

SJTN Care complies with all applicable federal and provincial privacy and health information protection legislation, including:

  • Personal Health Information Protection Act, 2004 (PHIPA) — Ontario's primary legislation governing the collection, use, and disclosure of PHI by health information custodians.
  • Personal Information Protection and Electronic Documents Act (PIPEDA) — federal legislation protecting personal information in the course of commercial activity.
  • Health Care Consent Act, 1996 (HCCA) — respecting informed consent and substitute decision-making for healthcare.
  • Regulated Health Professions Act, 1991 (RHPA) — professional standards for regulated health workers (RNs, RPNs, and other regulated professionals).
  • Freedom of Information and Protection of Privacy Act (FIPPA) — where SJTN Care receives government funding or acts as a service provider to public bodies.
  • Occupational Health and Safety Act (OHSA) — workplace incident reporting where employees or contractors are affected.

Who This Policy Applies To

This Policy applies to all personal information and PHI that SJTN Care handles in the course of providing services, including with respect to:

  • Clients and care recipients (and their substitute decision-makers)
  • Family members, informal caregivers, and authorized representatives
  • Referral partners (physicians, hospitals, social workers, lawyers, case managers)
  • Funding agencies (HCAI/FSRA, Veterans Affairs Canada, Blue Cross, private insurers)
  • Visitors to our websites and digital properties
  • SJTN Care employees, contractors, and third-party service providers who handle information on our behalf

2.Information We Collect

Personal Health Information (PHI)

To deliver safe, effective home care, we collect health information such as:

  • Medical History — diagnoses, past surgeries, allergies, medications, adverse reactions, and chronic conditions.
  • Current Health Status — symptoms, functional limitations, mobility restrictions, cognitive status, and pain levels.
  • Care Plans & Goals — individualized care plans, treatment objectives, goals of care, and advance care preferences.
  • Clinical Assessments — initial and ongoing assessments, functional assessments (ADL/IADL), and risk assessments (falls, pressure injuries, medication safety).
  • Care Notes & Vital Signs — daily care notes, visit summaries, blood pressure, heart rate, blood glucose, weight, temperature, and oxygen saturation where applicable.
  • Healthcare Provider Information — names and contact details of physicians, specialists, nurses, and therapists involved in your care, and documented consent or substitute decision-maker designations.

Photographs, Video, and Audio Recordings

SJTN Care does not photograph, video record, or audio record clients unless you provide written consent (electronic consent is accepted).

If clinical documentation reasonably requires an image (for example, photographing a wound to monitor healing), we will explain why, document your specific written consent, and store the image as part of your clinical record under the same PHIPA protections as other Personal Health Information. You may withdraw consent at any time; doing so may affect our ability to deliver certain aspects of your care, and we will discuss alternatives with you.

Personal Information (PI)

We collect standard identifying and contact information necessary to deliver and coordinate your care:

  • Identification — full legal name, date of birth, sex/gender, Ontario Health Card number, and other government identifiers where required.
  • Contact Details — residential address, phone number(s), email address, and preferred language of communication.
  • Emergency Contacts & Relationships — names and contact information for next of kin, emergency contacts, substitute decision-makers, and authorized representatives.
  • Communication Preferences — preferred contact method and accessibility needs (large print, interpreter services, alternative formats).

Billing & Funding Information

To administer billing and coordinate funding, we collect information specific to the program funding your care:

  • HCAI / FSRA (Auto Accident Benefits) — motor vehicle accident details, claim authorization numbers, insured party information, coverage details, and approved care hours and rates.
  • VAC / VIP (Veterans Affairs Canada — Veterans Independence Program) — veteran status confirmation, VIP authorization, service-connection details, and approved benefit level.
  • Canadian Forces Blue Cross / Medavie Blue Cross — policy number, coverage eligibility, approved benefits, and billing information.
  • Private Insurance or Direct Pay — insurance policy details, billing address, payment information, and proof of coverage.

Website & Digital Service Information

When you visit our website or use our digital platforms, we automatically collect certain technical information:

  • Usage data: pages viewed, links clicked, time spent, and referral source.
  • Device information: IP address, browser type, device type, and operating system.
  • Cookies and similar technologies (described in Section 10): essential cookies are always on; optional analytics or marketing cookies are placed only with your consent.

3.How We Collect Information

Directly From You

You or your authorized representative provide information directly to us through:

  • Initial intake forms, registration, and consent documents
  • Phone calls, emails, and secure messages
  • In-home assessments by our clinical staff
  • Updates to your contact information, care plan, or goals over time

Indirectly (with Your Consent or as Permitted by Law)

We may receive information about you from authorized third parties:

  • Your physician or healthcare provider (referral information, medical summaries, discharge plans)
  • Referring social workers, hospitals, or care coordinators
  • Your lawyer, case manager, or VAC representative (with your written authorization)
  • Funding agencies (HCAI, VAC, Blue Cross) when administering your claim

Automatically

  • Website analytics and aggregated usage patterns (non-identifying)
  • System logs and security monitoring (to detect and prevent unauthorized access)

4.Purposes for Collection & Use

We collect and use information only for legitimate purposes directly related to delivering and supporting your care:

Delivery of Home Care Services

  • Assessing your health needs, functional status, and home environment
  • Developing, updating, and delivering your personalized care plan
  • Coordinating care delivery between PSWs, registered nurses, and your broader care team
  • Monitoring your progress and responding to changes in your health
  • Providing education and support to you and your family caregivers

Clinical & Quality Improvement

  • Evaluating the effectiveness and appropriateness of care delivered
  • Identifying and addressing care gaps or safety risks
  • Continuous quality improvement and accreditation activities
  • Professional development and competency review of clinical staff

Safety & Risk Management

  • Preventing, detecting, and responding to adverse events or safety incidents
  • Managing infection prevention and control protocols
  • Assessing and mitigating risks (falls, medication errors, pressure injuries)
  • Ensuring the safety of both clients and care workers in the home

Funding Administration & Billing

  • Processing claims with HCAI/FSRA, VAC/VIP, Blue Cross, or other funders
  • Documenting authorized care hours and services delivered
  • Billing clients, insurers, or third parties for services rendered
  • Reporting to funders as required by their policies and applicable legislation

Legal & Regulatory Compliance

  • Meeting statutory reporting obligations (e.g., coroner notifications, child or adult protection)
  • Responding to lawful court orders, subpoenas, or regulatory inquiries
  • Meeting occupational health and safety, tax, and employment law obligations
  • Maintaining clinical and billing records as required by PHIPA, the CRA, and funder agreements

Care Coordination & Communication

  • Sharing relevant information with your physician, specialists, or other providers (with consent or as permitted by PHIPA)
  • Communicating with your family, substitute decision-maker, and authorized caregivers
  • Coordinating transitions to or from other care settings

Research & Analytics (De-identified Only)

We may generate aggregated or de-identified insights for:

  • Program effectiveness, outcomes measurement, and system-level planning
  • Academic or quality-improvement research (with appropriate ethics approval)

We do not use your identifiable PHI for research without separate, explicit consent.

Artificial Intelligence and Automated Decision-Making

SJTN Care does not currently use artificial intelligence (AI) or automated decision-making systems to make decisions about your care, eligibility for services, service plans, or benefits. All decisions affecting you are made by qualified human staff.

If we introduce AI or automated decision-making tools in the future — for example, to assist with scheduling, route planning, clinical documentation summarization, or care-pattern analysis — we will update this Privacy Policy, notify you in advance, and where required, obtain your separate consent. We will also conduct a Privacy Impact Assessment before any such tool handles Personal Health Information.

You will continue to have the right to request human review of any automated decision that significantly affects you, in keeping with evolving Canadian privacy guidance and the Ontario Information and Privacy Commissioner's expectations for health information custodians.

What We Do Not Do

  • We do not sell your personal information.
  • We do not use your PHI for marketing or advertising without explicit consent.
  • We do not share your information with unrelated commercial entities.
  • We do not combine your health information with social media or commercial data-broker information.

5.Who We Share Your Information With

Internal SJTN Care Sharing

Information is shared only on a need-to-know basis with authorized SJTN Care staff directly involved in your care:

  • PSWs, registered nurses, and clinical staff assigned to your care
  • Clinical supervisors, care coordinators, and case managers
  • Administrative staff responsible for scheduling or billing — limited to the information they need to perform their role

Healthcare Providers

With your consent (or as permitted by PHIPA), we share information with other members of your care team:

  • Your family physician, attending specialist, or nurse practitioner
  • Hospital discharge planners and transition-of-care teams
  • Physiotherapists, occupational therapists, and other allied health providers

Funding Agencies (Required)

Disclosure of clinical and billing information to your funder is mandatory in order to administer your approved benefits:

  • HCAI / FSRA — motor vehicle accident details, care plans, clinical notes, and billing records, as required for auto-accident benefit claims.
  • Veterans Affairs Canada (VAC) — service details, health status updates, and care hours rendered, as required to administer VIP-funded home care.
  • Canadian Forces Blue Cross / Medavie Blue Cross — service records, clinical summaries, and billing information, as per insurance claim requirements.

Refusing to share information required by your funder may result in the loss of coverage and the inability to deliver funded services.

Legal Representatives & Authorities

  • Your lawyer, case manager, or VAC representative — only with your written authorization or as required by law.
  • Courts, tribunals, or regulators — pursuant to a valid court order, subpoena, or statutory demand.
  • Children's Aid Societies, adult protective services, public health, or law enforcement — only as required by law (see Section 9).

Third-Party Service Providers

We engage vendors who handle information on our behalf under strict contractual obligations, including:

  • Electronic Health Record (EHR) and secure cloud-hosting providers
  • Billing, insurance, and claim-processing providers
  • IT support, cybersecurity, and infrastructure providers
  • Background-check and credentialing services for staff and volunteers

Specific Service Providers We Use

As of the Effective Date, our principal service providers handling personal information or technical infrastructure include:

  • Amazon Web Services (Canada Central region) — cloud infrastructure for hosting, storage, and processing of personal information and Personal Health Information. All data is stored and processed within Canada (ca-central-1).
  • Microsoft 365 (Canadian data residency) — email, calendar, document collaboration, and internal communications, configured to keep customer data within Canadian data centres.
  • Vanta — continuous security and compliance monitoring (SOC 2). Vanta receives operational metadata about our systems, not the contents of client records.

We update this list when we change material service providers. If you would like the current list of subprocessors with PHI access, contact our Privacy Officer.

All third-party agreements include:

  • Data Processing Agreements (DPAs) limiting the vendor to the specific purposes we authorize
  • Requirements to meet or exceed SJTN Care's security and privacy standards, including confidentiality and audit rights
  • Restrictions on sub-contracting without our prior written approval

Data Residency — Information Stays in Canada

SJTN Care restricts the storage and processing of PHI to Canada.

We do not transfer or store personal health information in the United States or other countries. Any third-party service provider handling PHI on our behalf must:

  • Store data exclusively on Canadian servers
  • Comply with Canadian privacy laws (PHIPA and PIPEDA)
  • Restrict access to authorized personnel located in Canada

6.How We Protect Your Information

SJTN Care employs layered administrative, technical, and physical safeguards proportionate to the sensitivity of the information.

Administrative Safeguards

  • Privacy Officer — a designated Privacy Officer is accountable for the privacy program, including policies, training, and breach response.
  • Training — mandatory privacy and security training for all staff and contractors, refreshed annually.
  • Confidentiality Agreements — signed by every employee, contractor, and vendor that handles personal information.
  • Privacy Reviews — Privacy Impact Assessments (PIAs) are conducted for new systems, new third-party services, new data classes, and other significant changes that affect how we collect, use, store, or disclose PHI.
  • Audits & Monitoring — regular access-log audits, third-party security assessments, and documented breach investigations with corrective actions.

Technical Safeguards

  • Encryption in Transit — all data transmitted over the internet is encrypted using industry-standard TLS 1.3 (or higher).
  • Encryption at Rest — sensitive information stored on servers and devices is encrypted using AES-256.
  • Access Controls — role-based access (RBAC), mandatory multi-factor authentication (MFA), strong-password policies, and automatic session timeout.
  • Secure Infrastructure — information stored on Canadian-based infrastructure with recognized security certifications, protected by firewalls, intrusion detection, and endpoint protection.
  • Secure Development — we follow OWASP secure-coding standards, conduct vulnerability assessments and penetration tests, and apply timely security patches.

Physical Safeguards

  • Access-controlled office facilities (badge or key-card entry)
  • Workstation policies that secure documents and devices when unattended
  • Paper records stored in locked filing cabinets in restricted areas
  • Secure disposal of paper records (cross-cut shredding or certified destruction) and electronic media (cryptographic erasure or physical destruction)

Security Certifications & Monitoring

SJTN Care holds a SOC 2 report and continuously monitors its control posture:

  • SOC 2 — independent third-party audit of security, availability, and confidentiality controls.
  • Continuous Controls Monitoring — we use Vanta to continuously monitor our security controls, centralize evidence, and maintain a public Trust Center.
  • Ongoing Audits & Improvement — control posture is reviewed and improved on an ongoing basis through internal reviews and third-party assessments.

7.Information Retention & Destruction

SJTN Care retains information only as long as necessary to serve the purposes identified in this Policy and to comply with applicable legal obligations:

  • Client Clinical Records (PHI) — minimum 10 years from the last entry (PHIPA record-retention requirements).
  • Billing & Funding Records — minimum 7 years (Canada Revenue Agency, funder audit requirements).
  • Incident & Accident Reports — minimum 10 years, or the applicable statute of limitations, whichever is longer.
  • Employment Records — as required by the Ontario Employment Standards Act and applicable employment legislation.
  • Website Analytics — aggregated data retained as needed for analysis; identifiable data minimized in line with PIPEDA principles.

Secure Destruction

When information is no longer required, we securely destroy it:

  • Electronic data: cryptographic erasure or recognized data-wiping standards
  • Paper records: cross-cut shredding or certified destruction
  • Devices: secure wiping of hard drives before decommissioning or disposal

Information may be retained longer than the stated periods if:

  • Required by law, court order, or regulatory directive
  • Subject to an ongoing access request, complaint, or legal proceeding
  • Fully de-identified for aggregate reporting or research

8.Your Privacy Rights

Under PHIPA, PIPEDA, and related legislation, you have the following rights regarding your personal information and PHI:

Right of Access

You may request access to the personal information and PHI that SJTN Care holds about you.

  • Submit a written request to our Privacy Officer (see Section 13)
  • Include your full name, date of birth, and the date range of interest
  • We will respond within the timelines set out in PHIPA — generally 30 days, with a possible extension where the request is complex

We may charge a reasonable fee for photocopying and processing as permitted by PHIPA. We will provide a fee estimate before proceeding.

Right of Correction

If you believe information about you is inaccurate, incomplete, or misleading, you may request a correction.

  • Contact our Privacy Officer in writing, describing the inaccuracy and the requested change
  • Provide supporting documentation where available
  • If we agree, we will correct the record and notify you. If we disagree, we will note your statement of disagreement in your record and inform anyone to whom the disputed information was disclosed.

Right to Withdraw Consent

You may withdraw consent for the use or disclosure of your information at any time, subject to legal and contractual limitations.

  • Withdrawal does not apply to information already used or disclosed
  • Some information cannot be withheld where required for your safe care, regulatory compliance, or legal obligations
  • Withdrawing consent may affect our ability to provide you with funded services

Right to Set Communication Preferences

You may ask us to contact you in specific ways:

  • Specify a preferred contact method (phone, email, secure messaging, mail)
  • Request that calls or visits occur within specific hours
  • Request written communication instead of voice calls, where feasible

How to change your preferences:

  • Email preferences — manage your subscription preferences from your account email settings, or click the unsubscribe link at the bottom of any non-essential email from us.
  • SMS reminders — reply STOP to any SMS reminder from us to opt out of further SMS messages.
  • All other preferences — contact our Privacy Officer to withdraw broader consent, change preferred contact method, or request a paper-only relationship.

Safety-critical communications (appointment confirmations, urgent care updates, regulatory notices) are not subject to opt-out while you are an active client. Withdrawing consent for these may affect our ability to deliver care safely.

Right to Complain

If you believe your privacy rights have been violated, you have the right to file a complaint:

  • Submit a written complaint to our Privacy Officer, including a description of the concern, dates, and the outcome you seek
  • We will investigate and provide a written response, generally within 30 days
  • We document complaints and any corrective actions taken so that we can improve our practices

If you are not satisfied with our response, you may file a complaint with the Information and Privacy Commissioner of Ontario:

Information and Privacy Commissioner of Ontario (IPC)
2 Bloor Street East, Suite 1400, Toronto, Ontario M4W 1A8
Toll-free: 1-800-387-0073
www.ipc.on.ca

9.Special Circumstances

Minors & Substitute Decision-Makers

If a client is a minor or lacks the capacity to make their own healthcare decisions, SJTN Care collects information from — and communicates with — the parent, guardian, or substitute decision-maker as authorized under the Health Care Consent Act, a Power of Attorney for Personal Care, or a court order.

At the age of majority (18 in Ontario), healthcare decision-making rights transfer to the individual, unless a guardianship or Power of Attorney remains in effect.

Emergency Disclosure

In a life-threatening emergency, we may disclose information without prior consent where necessary to protect a person's safety — for example, sharing allergy or medication information with paramedics responding to a 911 call.

We will inform you of any emergency disclosure as soon as reasonably possible.

Mandatory Reporting

We are required by law to disclose information without consent in certain situations:

  • Child Protection — reasonable suspicion of child abuse or neglect must be reported to the Children's Aid Society.
  • Adult Protection — suspected abuse, neglect, or financial exploitation of a vulnerable adult, where required by law.
  • Public Health — reportable communicable diseases under Ontario public-health legislation.
  • Coroner / Medical Examiner — death investigations and required disclosures.
  • Law Enforcement — where compelled by a valid court order, subpoena, or statutory demand.

Particularly Sensitive Health Information

Health information relating to mental health, HIV status, substance use, or genetic testing is handled with heightened sensitivity. Disclosure of this information is restricted under PHIPA and other applicable legislation, and is only made with your explicit consent or where required by law.

10.Cookies & Website Tracking

SJTN Care, and third parties acting on our behalf, use cookies and similar technologies (such as web beacons, tags, scripts, and local storage — collectively, "Cookies") on our websites and digital services.

Types of Cookies We Use

  • Essential Cookies (always on) — required for the website to function, support security and fraud prevention, and remember your cookie preferences.
  • Optional Cookies (only with your consent) — used to understand how our website is used (analytics) and, where applicable, to support limited marketing features.

Managing Cookies

You may review and change your cookie choices at any time using your browser settings. Disabling essential cookies may affect the functionality of the website.

12.Amendments to This Policy

SJTN Care may update this Privacy Policy from time to time to reflect:

  • Changes to our practices, services, or technology
  • Advances in security or privacy-protection measures
  • Changes to applicable privacy legislation
  • Lessons learned from privacy reviews, audits, or incidents

Notice of Changes

We will provide reasonable advance notice of material changes. The "Last Updated" date at the top of this Policy reflects when it was last revised. Continued use of SJTN Care's services after notice of a material change indicates your acceptance of the revised Policy. Previous versions are available upon request.

13.Contact Our Privacy Officer

For questions, concerns, or requests regarding privacy — including access, correction, withdrawal of consent, or complaints — please contact:

SJTN Care Privacy Officer

  • Email: support@sjtn.ca
  • Phone: +1 (613) 870-0843
  • Mailing address: PO Box 20072, Kingston RPO Taylor Kidd, Kingston, ON K7P 2T6, Canada
  • Hours: Monday – Friday, 9:00 AM – 5:00 PM EST

We will acknowledge your inquiry within 2 business days and respond within 30 days for access requests, or within 10 business days for general inquiries.

You may also reach our team through our Contact Us page

If You Are Not Satisfied With Our Response

You may contact the Information and Privacy Commissioner of Ontario:

Information and Privacy Commissioner of Ontario (IPC)
Toll-free: 1-800-387-0073
www.ipc.on.ca

Logo

We value your privacy

We use cookies to enhance your experience, analyze site traffic, and personalize content. You can choose which cookies to allow below.