Privacy Policy & Statement of Information Practices

Just Like Family Home Care – Halton, Hamilton & Niagara
Effective Date: May 25, 2026
Last Updated: May 25, 2026
Review Cycle: Annual or upon legislative, operational, or technology change

1. Accountability & Privacy Commitment

Just Like Family Home Care (“we,” “our,” or “us”) is committed to protecting the confidentiality, integrity, and security of all personal information and personal health information entrusted to us. We provide in-home healthcare and support services across Halton, Hamilton, and Niagara, including:

  • Personal support and companionship care
  • Registered nursing and clinical oversight
  • Complex and chronic care support
  • Dementia and cognitive care
  • Hospice and palliative care
  • Overnight and 24/7 care services
  • Respite care and family support services

We strictly comply with the Ontario Personal Health Information Protection Act (PHIPA, 2004) and Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA). We maintain administrative, technical, and physical safeguards consistent with healthcare industry standards and carry enhanced cybersecurity and professional liability insurance coverage.

2. Privacy Governance & Accountability Structure

Just Like Family Home Care maintains tight internal accountability for privacy compliance:

  • Privacy Officer: Responsible for systemic privacy oversight, risk management, complaint handling, and regulatory communication.
  • Management Team: Responsible for day-to-day operational compliance and enforcement.
  • Staff, Nurses & Caregivers: Required to comply with all privacy and strict confidentiality obligations.
  • Annual Review Process: Privacy policies and internal practices are audited and reviewed at least annually.

All personnel receive comprehensive privacy and data confidentiality training as a mandatory condition of employment or clinical engagement.

3. Legal Status Under PHIPA (Custodian vs Agent)

Just Like Family Home Care operates primarily as a Health Information Custodian (HIC) for all personal health information (PHI) collected, created, or maintained through the delivery of home care services. We may act as an agent of another Health Information Custodian only in limited circumstances where services are provided under the explicit direction of hospitals, regional healthcare institutions, or other regulated public healthcare providers. In all cases, information is protected under PHIPA-equivalent safeguards and is subject to strict role-based access controls.

4. Website Privacy Notice

Data Protection Notice: To protect personal privacy, individuals are strongly advised not to submit detailed medical charts or highly sensitive physical/mental health histories through public website forms. All formal clinical intake discussions occur directly with a Care Coordinator or Registered Nurse in a secure, encrypted communications environment.

5. Information We Collect

We collect only the information strictly necessary to safely coordinate/provide care and meet our legal and regulatory obligations.

A. Personal Information (PIPEDA Compliance)

  • Name, phone number, and email address
  • Physical home address or intended care service location
  • Relationship of the inquirer to the care recipient
  • General care preferences and requirements
  • Referral source tracking data
  • Communication and opt-in marketing preferences
  • Billing account updates and payment configuration details

B. Personal Health Information (PHIPA Compliance)

  • Relevant medical history and primary clinical diagnoses
  • Cognitive status, physical physical limits, and mental health observations
  • Mobility profiles, transfer requirements, and home environmental safety risks
  • Medication lists, schedules, and clinical care instructions
  • Clinical nursing assessments and professional daily documentation
  • Daily shift care logs and objective caregiver observations
  • Emergency contact coordinates
  • Substitute Decision-Maker (SDM), Power of Attorney (POA), or designated legal representative documentation

6. Purpose Limitation (PIPEDA Compliance Standard)

We collect, use, and disclose personal information and personal health information only for purposes that are necessary, reasonable, and directly related to the delivery of home care, coordination of clinical services, meeting legal obligations, or vital operational evaluation. We do not sell personal or health information under any circumstances.

7. Consent, Authority & Circle of Care

We rely on informed consent in strict accordance with PHIPA and PIPEDA protocols.

  • Care Consent: Express consent is obtained directly when clients or authorized legal representatives officially engage our home care services.
  • Circle of Care (PHIPA): Information may be shared within the immediate care team strictly on a clinical need-to-know basis to ensure continuity of care. This circle includes Registered Nurses, Personal Support Workers (PSWs), Care Coordinators, and Clinical Supervisors.
  • Substitute Decision-Makers (SDM / POA): Where applicable, legally authorized representatives provide consent on behalf of clients who lack legal capacity.
  • Legal Disclosure: Disclosure without consent may occur only where strictly required or permitted by law (e.g., medical emergencies, valid court orders, mandatory reporting obligations).
  • Withdrawal of Consent: Clients or legal representatives may withdraw consent at any time; however, this may fundamentally impact our ability to safely provide care services.

8. Third-Party Service Providers & Data Flow Architecture

We use secure, enterprise-level third-party systems to support clinical care delivery, intake referrals, documentation, communication, and backend operations. All providers are strictly bound by contractual privacy, confidentiality, and security data processing agreements.

8.1 System of Record – AxisCare (PRIMARY HEALTH RECORD SYSTEM)

AxisCare serves as our primary system of record for all comprehensive client and caregiver clinical documentation.

Client Information Stored in AxisCare:

  • Care assessments and health intake forms
  • Nursing documentation, assessments, and clinical notes
  • Care plans and ongoing service schedules
  • Medication administration instructions
  • Care visit logs and daily progress records
  • Emergency contact networks and SDM / POA documentation
  • Billing records and detailed service history

Caregiver Information Stored in AxisCare:

  • Employment files and background contact records
  • Scheduling availability and shift assignments
  • Training, compliance checks, and professional certification records
  • Care documentation metrics and field reporting logs
  • Timekeeping and secure service electronic verification

Security & Compliance Controls: Features robust role-based access control, fully encrypted data transmission (HTTPS) and storage, mandatory multi-factor authentication controls, comprehensive audit logging of all system access, and routine internal security monitoring review.

8.2 National Website Referral Flow – HubSpot

The Just Like Family Home Care National Website uses HubSpot CRM for secure inquiry intake, lead routing, regional referral tracking, communication follow-up, and automated distribution to regional offices. HubSpot operates as an authorized data processor acting solely on behalf of Just Like Family Home Care and does not independently use personal information for its own purposes.

8.3 Regional Website Referral Flow – Echo Marketing (DISCLOSURE CONTROLLED)

Our regional website (justlikefamilyhomecare.net) utilizes Echo Marketing and its associated CRM systems to securely support website inquiry intake, referral tracking, marketing/communications coordination, and basic operational follow-up. Echo Marketing operates as an authorized third-party data processor acting on behalf of Just Like Family Home Care for digital marketing and referral flow purposes. All personal information processed through Echo Marketing systems is strictly limited to basic contact data necessary for inquiry handling and referral coordination.

8.4 Additional Service Providers

We may also use secure third-party providers for email and office communication systems, scheduling/workforce management, cloud storage infrastructure, billing systems, and web analytics. Some administrative data may be processed or stored outside Canada and may be subject to foreign legal jurisdictions, including lawful access by foreign authorities.

9. Cookies, Analytics & Tracking Technologies

We may use cookies and digital analytics tools to improve website performance, monitor safety, and enhance user experience. This metadata may include IP addresses, device/browser identifiers, pages visited, time spent on the website, and inbound referral sources. Non-essential cookies and tracking technologies are subject to user browser settings and consent tracking mechanisms.

10. Privacy Breach Response & Notification

We maintain a formal, structured breach response protocol. In the event of a suspected or confirmed privacy breach, we will immediately contain the incident, conduct a thorough risk assessment, determine if there is a real risk of significant harm (PHIPA/PIPEDA compliance standard), notify affected individuals as mandated by law, and report directly to the Information and Privacy Commissioner of Ontario (IPC) where required.

11. Safeguards & Cybersecurity Controls

We protect personal information using an industry-approved, layered defense model:

  • Administrative Safeguards: Formal privacy governance policies, mandatory staff training, custom legal confidentiality agreements, and strict role-based access restrictions.
  • Technical Safeguards: End-to-end encrypted databases, secure HTTPS web protocols, multi-factor user authentication, and system audit logging.
  • Physical Safeguards: Monitored, locked storage systems, strict physical office access controls, and secure physical document shredding/destruction procedures.

Furthermore, we maintain active commercial cybersecurity insurance coverage to support professional risk mitigation and incident response readiness.

12. Electronic Communication Notice

Standard email and SMS communications are not always fully encrypted over transit networks. Clients acknowledge this inherent risk when communicating via these channels and may request alternative, specialized secure communication workflows at any time.

13. Records Retention

Client clinical files and administrative records are retained strictly in accordance with Ontario healthcare legislation, professional nursing regulatory standards, insurance parameters, and essential corporate operational tracking requirements. Records are securely destroyed or permanently deleted once statutory retention timelines lapse.

14. Individual Rights

Under Canadian privacy laws, individuals maintain explicit rights to:

  • Access their personal profile or health information files
  • Request formal corrections to inaccurate or dated records
  • Withdraw consent (subject to lawful service or statutory limitations)
  • File official privacy complaints or compliance concerns with our management team

15. Privacy Officer Contact

Attn: Privacy Officer
Company: Just Like Family Home Care
Mailing Address: 3 – 365 Vine Street, St. Catharines, ON L2M 4T9
Email: southeastontario@justlikefamily.ca
Website: justlikefamilyhomecare.net

16. Escalation to the IPC

If privacy or data access concerns are not satisfactorily resolved by our internal team, individuals maintain the legal right to file a formal complaint to the provincial regulator:

Information and Privacy Commissioner of Ontario (IPC)
2 Bloor Street East, Suite 1400, Toronto, ON M4W 1A8
Phone: 416-326-3333 | Toll-Free: 1-800-387-0073
Website: https://www.ipc.on.ca

17. Policy Review & Updates

This policy is updated dynamically to reflect evolving modifications in regional healthcare legislation, corporate operations, or database infrastructure technology. The active, current version is always accessible on our public website.

Call Now Button