Privacy Policy

Heartwell Home Care Services Inc. is committed to protecting your privacy and security. Review our comprehensive policy regarding personal data and health information.

Heartwell Home Care Services Inc.

Policy Number: PR-1

Effective Date: November 2025

Review Date: November 2025

1. Purpose

Heartwell Home Care Services Inc. ("Heartwell") is committed to protecting the privacy, confidentiality, and security of all personal information and personal health information ("PHI") in accordance with the Personal Health Information Protection Act, 2004 (PHIPA) and all other applicable privacy laws in Ontario.

This policy outlines how Heartwell collects, uses, discloses, safeguards, and manages personal information and PHI in the course of providing home care and personal support services.

2. Scope

This policy applies to:

All Heartwell employees, personal support workers (PSWs), contractors, administrators, and volunteers.
All personal information and PHI collected through client assessments, service delivery, forms, electronic systems, phone communications, websites, and any other business operations.

3. Definitions

• Personal Information (PI): Information about an identifiable individual (e.g., name, address, phone number).
• Personal Health Information (PHI): Identifying information about an individual relating to physical or mental health, health history, care provided, plans of service, health card number, or payments for care.
• Health Information Custodian (HIC): Under PHIPA, Heartwell acts as a HIC when providing care services.
• Agent: Any employee, contractor, or PSW who handles PHI on behalf of Heartwell.

4. Collection of Personal Information and PHI

Heartwell collects only the information necessary to:

Assess client care needs.
Develop and provide personal support and home care services.
Coordinate care with other healthcare providers (with consent).
Meet legal, regulatory, and funding requirements.

Types of information collected may include:

For Clients:

Name, address, date of birth, contact information.
Health conditions, care needs, medical history, medications.
Emergency contacts and substitute decision-maker information.
Care plans and assessment documentation.

For Workers:

Name, address, contact information.
Résumés, background checks, qualifications, certifications.
Immunization records and health information when required for safe care delivery.

5. Use of Personal Information and PHI

Heartwell uses PI and PHI only for purposes including:

Providing safe and appropriate home care services.
Communicating with clients, families, and healthcare teams.
Verifying identity and coordinating schedules.
Internal quality improvement and risk management.
Complying with regulatory or legal reporting obligations.

6. Disclosure of PHI

Heartwell will only disclose PHI:

With the client's express or implied consent.
To other healthcare providers involved in the client's care.
When required by law (e.g., public health, court orders).
To prevent serious harm (as permitted under PHIPA).
To authorized third-party service providers under confidentiality agreements.

Heartwell does not sell or rent personal information.

7. Consent

Heartwell obtains knowledgeable consent before collecting, using, or disclosing PHI. Consent may be:

Implied: When information is shared among providers involved in care.
Express: Written or verbal consent for specific disclosures.

Clients may withdraw consent at any time, subject to legal or safety limitations.

8. Safeguards and Security

Heartwell protects PHI using administrative, technical, and physical safeguards, including:

Secure electronic record systems and password protection.
Encryption of digital data and secure communication channels.
Locked storage for physical records.
Role-based access, ensuring only authorized staff view PHI.
Confidentiality agreements for all staff and contractors.
Regular audits and compliance monitoring.

9. Accuracy, Retention, and Destruction

Heartwell ensures that all collected information is accurate, complete, and up to date. Clients and workers may request corrections to their records.

PHI is retained only for the period required by law and Heartwell's retention schedule. Records are securely destroyed when no longer needed.

10. Client Rights

Clients have the right to:

Access their own personal health information.
Request corrections to inaccurate records.
Withdraw or limit consent for certain uses or disclosures.
Receive information on how their data has been used or disclosed.
Request a copy of Heartwell's privacy practices.

Requests must be submitted in writing to the Privacy Officer.

11. Privacy Breach

In the event of a privacy breach:

Heartwell will immediately investigate the incident.
Notify affected individuals as required by PHIPA.
Implement corrective actions to prevent future breaches.
Report to the Information and Privacy Commissioner of Ontario (IPC) when legally required.

12. Website and Online Form Privacy

When clients or workers submit information via Heartwell's website or online forms:

Data is encrypted and stored securely.
Information is used only for service coordination and administrative purposes.
Cookies or tracking tools, if used, are disclosed in the website's Cookie Policy.

13. Privacy Officer Contact Information

Heartwell has designated a Privacy Officer responsible for compliance with PHIPA.

Privacy Officer
Heartwell Home Care Services Inc.

Email: taseenrahim@hotmail.com

Phone: (289) 499-6787

Address: 2 Robert Speck Parkway, Suite 750, Mississauga, Ontario L4Z 1H8

14. Policy Review

This Privacy Policy will be reviewed annually or when there are changes to legislation, organizational practices, or privacy risks.

15. Compliance

All Heartwell employees, contractors, and PSWs must read, understand, and comply with this Privacy Policy as a condition of employment.

Approved By:

Name: Taseen Rahim

Title: President / CEO

Signature & Date:

Date: November 2025