1.Introduction & Our Commitment
SJTN Care Inc. ("SJTN Care", "we", "our", or "us") is a licensed home and community care provider serving individuals in Kingston, Ontario and surrounding areas. We are committed to protecting the privacy, confidentiality, and security of the personal information (PI) and personal health information (PHI) entrusted to us by our clients, families, healthcare partners, funding agencies, and website visitors.
This Privacy Policy explains what information we collect and why, how we use, store, and protect it, who we share it with, your rights under applicable privacy laws, and how to contact us with concerns. By engaging with SJTN Care — including by receiving care services, using our website or applications, or otherwise interacting with our team — you acknowledge the practices described in this Policy.
Regulatory Framework
SJTN Care complies with all applicable federal and provincial privacy and health information protection legislation, including:
- Personal Health Information Protection Act, 2004 (PHIPA) — Ontario's primary legislation governing the collection, use, and disclosure of PHI by health information custodians.
- Personal Information Protection and Electronic Documents Act (PIPEDA) — federal legislation protecting personal information in the course of commercial activity.
- Health Care Consent Act, 1996 (HCCA) — respecting informed consent and substitute decision-making for healthcare.
- Regulated Health Professions Act, 1991 (RHPA) — professional standards for regulated health workers (RNs, RPNs, and other regulated professionals).
- Freedom of Information and Protection of Privacy Act (FIPPA) — where SJTN Care receives government funding or acts as a service provider to public bodies.
- Occupational Health and Safety Act (OHSA) — workplace incident reporting where employees or contractors are affected.
Who This Policy Applies To
This Policy applies to all personal information and PHI that SJTN Care handles in the course of providing services, including with respect to:
- Clients and care recipients (and their substitute decision-makers)
- Family members, informal caregivers, and authorized representatives
- Referral partners (physicians, hospitals, social workers, lawyers, case managers)
- Funding agencies (HCAI/FSRA, Veterans Affairs Canada, Blue Cross, private insurers)
- Visitors to our websites and digital properties
- SJTN Care employees, contractors, and third-party service providers who handle information on our behalf
2.Information We Collect
Personal Health Information (PHI)
To deliver safe, effective home care, we collect health information such as:
- Medical History — diagnoses, past surgeries, allergies, medications, adverse reactions, and chronic conditions.
- Current Health Status — symptoms, functional limitations, mobility restrictions, cognitive status, and pain levels.
- Care Plans & Goals — individualized care plans, treatment objectives, goals of care, and advance care preferences.
- Clinical Assessments — initial and ongoing assessments, functional assessments (ADL/IADL), and risk assessments (falls, pressure injuries, medication safety).
- Care Notes & Vital Signs — daily care notes, visit summaries, blood pressure, heart rate, blood glucose, weight, temperature, and oxygen saturation where applicable.
- Healthcare Provider Information — names and contact details of physicians, specialists, nurses, and therapists involved in your care, and documented consent or substitute decision-maker designations.
Photographs, Video, and Audio Recordings
SJTN Care does not photograph, video record, or audio record clients unless you provide written consent (electronic consent is accepted).
If clinical documentation reasonably requires an image (for example, photographing a wound to monitor healing), we will explain why, document your specific written consent, and store the image as part of your clinical record under the same PHIPA protections as other Personal Health Information. You may withdraw consent at any time; doing so may affect our ability to deliver certain aspects of your care, and we will discuss alternatives with you.
Personal Information (PI)
We collect standard identifying and contact information necessary to deliver and coordinate your care:
- Identification — full legal name, date of birth, sex/gender, Ontario Health Card number, and other government identifiers where required.
- Contact Details — residential address, phone number(s), email address, and preferred language of communication.
- Emergency Contacts & Relationships — names and contact information for next of kin, emergency contacts, substitute decision-makers, and authorized representatives.
- Communication Preferences — preferred contact method and accessibility needs (large print, interpreter services, alternative formats).
Billing & Funding Information
To administer billing and coordinate funding, we collect information specific to the program funding your care:
- HCAI / FSRA (Auto Accident Benefits) — motor vehicle accident details, claim authorization numbers, insured party information, coverage details, and approved care hours and rates.
- VAC / VIP (Veterans Affairs Canada — Veterans Independence Program) — veteran status confirmation, VIP authorization, service-connection details, and approved benefit level.
- Canadian Forces Blue Cross / Medavie Blue Cross — policy number, coverage eligibility, approved benefits, and billing information.
- Private Insurance or Direct Pay — insurance policy details, billing address, payment information, and proof of coverage.
Website & Digital Service Information
When you visit our website or use our digital platforms, we automatically collect certain technical information:
- Usage data: pages viewed, links clicked, time spent, and referral source.
- Device information: IP address, browser type, device type, and operating system.
- Cookies and similar technologies (described in Section 10): essential cookies are always on; optional analytics or marketing cookies are placed only with your consent.
3.How We Collect Information
Directly From You
You or your authorized representative provide information directly to us through:
- Initial intake forms, registration, and consent documents
- Phone calls, emails, and secure messages
- In-home assessments by our clinical staff
- Updates to your contact information, care plan, or goals over time
Indirectly (with Your Consent or as Permitted by Law)
We may receive information about you from authorized third parties:
- Your physician or healthcare provider (referral information, medical summaries, discharge plans)
- Referring social workers, hospitals, or care coordinators
- Your lawyer, case manager, or VAC representative (with your written authorization)
- Funding agencies (HCAI, VAC, Blue Cross) when administering your claim
Automatically
- Website analytics and aggregated usage patterns (non-identifying)
- System logs and security monitoring (to detect and prevent unauthorized access)
4.Purposes for Collection & Use
We collect and use information only for legitimate purposes directly related to delivering and supporting your care:
Delivery of Home Care Services
- Assessing your health needs, functional status, and home environment
- Developing, updating, and delivering your personalized care plan
- Coordinating care delivery between PSWs, registered nurses, and your broader care team
- Monitoring your progress and responding to changes in your health
- Providing education and support to you and your family caregivers
Clinical & Quality Improvement
- Evaluating the effectiveness and appropriateness of care delivered
- Identifying and addressing care gaps or safety risks
- Continuous quality improvement and accreditation activities
- Professional development and competency review of clinical staff
Safety & Risk Management
- Preventing, detecting, and responding to adverse events or safety incidents
- Managing infection prevention and control protocols
- Assessing and mitigating risks (falls, medication errors, pressure injuries)
- Ensuring the safety of both clients and care workers in the home
Funding Administration & Billing
- Processing claims with HCAI/FSRA, VAC/VIP, Blue Cross, or other funders
- Documenting authorized care hours and services delivered
- Billing clients, insurers, or third parties for services rendered
- Reporting to funders as required by their policies and applicable legislation
Legal & Regulatory Compliance
- Meeting statutory reporting obligations (e.g., coroner notifications, child or adult protection)
- Responding to lawful court orders, subpoenas, or regulatory inquiries
- Meeting occupational health and safety, tax, and employment law obligations
- Maintaining clinical and billing records as required by PHIPA, the CRA, and funder agreements
Care Coordination & Communication
- Sharing relevant information with your physician, specialists, or other providers (with consent or as permitted by PHIPA)
- Communicating with your family, substitute decision-maker, and authorized caregivers
- Coordinating transitions to or from other care settings
Research & Analytics (De-identified Only)
We may generate aggregated or de-identified insights for:
- Program effectiveness, outcomes measurement, and system-level planning
- Academic or quality-improvement research (with appropriate ethics approval)
We do not use your identifiable PHI for research without separate, explicit consent.
Artificial Intelligence and Automated Decision-Making
SJTN Care does not currently use artificial intelligence (AI) or automated decision-making systems to make decisions about your care, eligibility for services, service plans, or benefits. All decisions affecting you are made by qualified human staff.
If we introduce AI or automated decision-making tools in the future — for example, to assist with scheduling, route planning, clinical documentation summarization, or care-pattern analysis — we will update this Privacy Policy, notify you in advance, and where required, obtain your separate consent. We will also conduct a Privacy Impact Assessment before any such tool handles Personal Health Information.
You will continue to have the right to request human review of any automated decision that significantly affects you, in keeping with evolving Canadian privacy guidance and the Ontario Information and Privacy Commissioner's expectations for health information custodians.
What We Do Not Do
- We do not sell your personal information.
- We do not use your PHI for marketing or advertising without explicit consent.
- We do not share your information with unrelated commercial entities.
- We do not combine your health information with social media or commercial data-broker information.
6.How We Protect Your Information
SJTN Care employs layered administrative, technical, and physical safeguards proportionate to the sensitivity of the information.
Administrative Safeguards
- Privacy Officer — a designated Privacy Officer is accountable for the privacy program, including policies, training, and breach response.
- Training — mandatory privacy and security training for all staff and contractors, refreshed annually.
- Confidentiality Agreements — signed by every employee, contractor, and vendor that handles personal information.
- Privacy Reviews — Privacy Impact Assessments (PIAs) are conducted for new systems, new third-party services, new data classes, and other significant changes that affect how we collect, use, store, or disclose PHI.
- Audits & Monitoring — regular access-log audits, third-party security assessments, and documented breach investigations with corrective actions.
Technical Safeguards
- Encryption in Transit — all data transmitted over the internet is encrypted using industry-standard TLS 1.3 (or higher).
- Encryption at Rest — sensitive information stored on servers and devices is encrypted using AES-256.
- Access Controls — role-based access (RBAC), mandatory multi-factor authentication (MFA), strong-password policies, and automatic session timeout.
- Secure Infrastructure — information stored on Canadian-based infrastructure with recognized security certifications, protected by firewalls, intrusion detection, and endpoint protection.
- Secure Development — we follow OWASP secure-coding standards, conduct vulnerability assessments and penetration tests, and apply timely security patches.
Physical Safeguards
- Access-controlled office facilities (badge or key-card entry)
- Workstation policies that secure documents and devices when unattended
- Paper records stored in locked filing cabinets in restricted areas
- Secure disposal of paper records (cross-cut shredding or certified destruction) and electronic media (cryptographic erasure or physical destruction)
Security Certifications & Monitoring
SJTN Care holds a SOC 2 report and continuously monitors its control posture:
- SOC 2 — independent third-party audit of security, availability, and confidentiality controls.
- Continuous Controls Monitoring — we use Vanta to continuously monitor our security controls, centralize evidence, and maintain a public Trust Center.
- Ongoing Audits & Improvement — control posture is reviewed and improved on an ongoing basis through internal reviews and third-party assessments.
7.Information Retention & Destruction
SJTN Care retains information only as long as necessary to serve the purposes identified in this Policy and to comply with applicable legal obligations:
- Client Clinical Records (PHI) — minimum 10 years from the last entry (PHIPA record-retention requirements).
- Billing & Funding Records — minimum 7 years (Canada Revenue Agency, funder audit requirements).
- Incident & Accident Reports — minimum 10 years, or the applicable statute of limitations, whichever is longer.
- Employment Records — as required by the Ontario Employment Standards Act and applicable employment legislation.
- Website Analytics — aggregated data retained as needed for analysis; identifiable data minimized in line with PIPEDA principles.
Secure Destruction
When information is no longer required, we securely destroy it:
- Electronic data: cryptographic erasure or recognized data-wiping standards
- Paper records: cross-cut shredding or certified destruction
- Devices: secure wiping of hard drives before decommissioning or disposal
Information may be retained longer than the stated periods if:
- Required by law, court order, or regulatory directive
- Subject to an ongoing access request, complaint, or legal proceeding
- Fully de-identified for aggregate reporting or research
8.Your Privacy Rights
Under PHIPA, PIPEDA, and related legislation, you have the following rights regarding your personal information and PHI:
Right of Access
You may request access to the personal information and PHI that SJTN Care holds about you.
- Submit a written request to our Privacy Officer (see Section 13)
- Include your full name, date of birth, and the date range of interest
- We will respond within the timelines set out in PHIPA — generally 30 days, with a possible extension where the request is complex
We may charge a reasonable fee for photocopying and processing as permitted by PHIPA. We will provide a fee estimate before proceeding.
Right of Correction
If you believe information about you is inaccurate, incomplete, or misleading, you may request a correction.
- Contact our Privacy Officer in writing, describing the inaccuracy and the requested change
- Provide supporting documentation where available
- If we agree, we will correct the record and notify you. If we disagree, we will note your statement of disagreement in your record and inform anyone to whom the disputed information was disclosed.
Right to Withdraw Consent
You may withdraw consent for the use or disclosure of your information at any time, subject to legal and contractual limitations.
- Withdrawal does not apply to information already used or disclosed
- Some information cannot be withheld where required for your safe care, regulatory compliance, or legal obligations
- Withdrawing consent may affect our ability to provide you with funded services
Right to Set Communication Preferences
You may ask us to contact you in specific ways:
- Specify a preferred contact method (phone, email, secure messaging, mail)
- Request that calls or visits occur within specific hours
- Request written communication instead of voice calls, where feasible
How to change your preferences:
- Email preferences — manage your subscription preferences from your account email settings, or click the unsubscribe link at the bottom of any non-essential email from us.
- SMS reminders — reply STOP to any SMS reminder from us to opt out of further SMS messages.
- All other preferences — contact our Privacy Officer to withdraw broader consent, change preferred contact method, or request a paper-only relationship.
Safety-critical communications (appointment confirmations, urgent care updates, regulatory notices) are not subject to opt-out while you are an active client. Withdrawing consent for these may affect our ability to deliver care safely.
Right to Complain
If you believe your privacy rights have been violated, you have the right to file a complaint:
- Submit a written complaint to our Privacy Officer, including a description of the concern, dates, and the outcome you seek
- We will investigate and provide a written response, generally within 30 days
- We document complaints and any corrective actions taken so that we can improve our practices
If you are not satisfied with our response, you may file a complaint with the Information and Privacy Commissioner of Ontario:
Information and Privacy Commissioner of Ontario (IPC)
2 Bloor Street East, Suite 1400, Toronto, Ontario M4W 1A8
Toll-free: 1-800-387-0073
www.ipc.on.ca
9.Special Circumstances
Minors & Substitute Decision-Makers
If a client is a minor or lacks the capacity to make their own healthcare decisions, SJTN Care collects information from — and communicates with — the parent, guardian, or substitute decision-maker as authorized under the Health Care Consent Act, a Power of Attorney for Personal Care, or a court order.
At the age of majority (18 in Ontario), healthcare decision-making rights transfer to the individual, unless a guardianship or Power of Attorney remains in effect.
Emergency Disclosure
In a life-threatening emergency, we may disclose information without prior consent where necessary to protect a person's safety — for example, sharing allergy or medication information with paramedics responding to a 911 call.
We will inform you of any emergency disclosure as soon as reasonably possible.
Mandatory Reporting
We are required by law to disclose information without consent in certain situations:
- Child Protection — reasonable suspicion of child abuse or neglect must be reported to the Children's Aid Society.
- Adult Protection — suspected abuse, neglect, or financial exploitation of a vulnerable adult, where required by law.
- Public Health — reportable communicable diseases under Ontario public-health legislation.
- Coroner / Medical Examiner — death investigations and required disclosures.
- Law Enforcement — where compelled by a valid court order, subpoena, or statutory demand.
Particularly Sensitive Health Information
Health information relating to mental health, HIV status, substance use, or genetic testing is handled with heightened sensitivity. Disclosure of this information is restricted under PHIPA and other applicable legislation, and is only made with your explicit consent or where required by law.
11.Third-Party & External Links
Our website may contain links to external websites (e.g., healthcare providers, government agencies, professional resources). SJTN Care is not responsible for the privacy practices or content of external websites.
- Review the privacy policy of any external site before providing information
- We do not endorse or control external content, advertisements, or services
- Be cautious with personal information shared on linked sites
12.Amendments to This Policy
SJTN Care may update this Privacy Policy from time to time to reflect:
- Changes to our practices, services, or technology
- Advances in security or privacy-protection measures
- Changes to applicable privacy legislation
- Lessons learned from privacy reviews, audits, or incidents
Notice of Changes
We will provide reasonable advance notice of material changes. The "Last Updated" date at the top of this Policy reflects when it was last revised. Continued use of SJTN Care's services after notice of a material change indicates your acceptance of the revised Policy. Previous versions are available upon request.
13.Contact Our Privacy Officer
For questions, concerns, or requests regarding privacy — including access, correction, withdrawal of consent, or complaints — please contact:
SJTN Care Privacy Officer
- Email: support@sjtn.ca
- Phone: +1 (613) 870-0843
- Mailing address: PO Box 20072, Kingston RPO Taylor Kidd, Kingston, ON K7P 2T6, Canada
- Hours: Monday – Friday, 9:00 AM – 5:00 PM EST
We will acknowledge your inquiry within 2 business days and respond within 30 days for access requests, or within 10 business days for general inquiries.
You may also reach our team through our Contact Us page
If You Are Not Satisfied With Our Response
You may contact the Information and Privacy Commissioner of Ontario:
Information and Privacy Commissioner of Ontario (IPC)
Toll-free: 1-800-387-0073
www.ipc.on.ca
