Privacy Policy

Last Updated: June 3, 2026

This Privacy Policy describes the policies and procedures of Med Home Services ("the Company," "We," "Us," or "Our") regarding the collection, use, protection, and disclosure of personal information and personal health information obtained through our website and in the course of providing in-home healthcare services.

We are committed to protecting the privacy and confidentiality of all individuals who interact with our services. This policy is designed to comply with the Personal Health Information Protection Act, 2004 (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and the professional privacy obligations imposed by the College of Physiotherapists of Ontario and the Ontario College of Social Workers and Social Service Workers.

By using our website or receiving services from us, you agree to the terms of this Privacy Policy.

Interpretation and Definitions

Interpretation

Words with initial capital letters have meanings defined under the conditions below. These definitions apply equally in singular and plural form.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Authorized Representative means a Substitute Decision-Maker (SDM) or holder of a valid Power of Attorney (POA) for personal care, legally authorized to make decisions on behalf of a Client who lacks the capacity to consent.

Client means an individual who receives or has requested in-home healthcare services from the Company.

College Regulations means the professional and ethical standards established by the College of Physiotherapists of Ontario (CPO) and the Ontario College of Social Workers and Social Service Workers (OCSWSSW), which govern the privacy practices of regulated practitioners employed or contracted by the Company.

Company refers to Med Home Services, a provider of in-home healthcare services operating in Ontario, Canada.

Country refers to: Ontario, Canada.

Device means any device used to access the Service, such as a computer, cellphone, or digital tablet.

Electronic Medical Record (EMR) means the secure, PHIPA-compliant electronic system used to store and manage patient health records, hosted on encrypted servers located within the Province of Ontario.

Personal Health Information (PHI) has the meaning assigned to it under PHIPA and includes identifying information about a Client that relates to their physical or mental health, the provision of healthcare to them, their health history, care plans, assessments, treatment notes, and related clinical documentation.

Personal Information means any information — other than PHI — that identifies or could identify an individual, such as name, contact details, or correspondence submitted through our website.

Service refers to the website and in-home healthcare services provided by the Company.

Service Provider means any third party that processes information on behalf of the Company, subject to contractual privacy obligations.

Website refers to the Med Home Services website, accessible at medhomeservices.ca.

You means the individual accessing our Website or receiving our services, or an Authorized Representative acting on their behalf.

Scope of This Policy

This policy applies to two distinct categories of data interactions:

1. Website Interactions — Personal Information submitted via contact or inquiry forms on our Website, such as name, email address, and phone number. No Personal Health Information is collected through the Website.

2. Clinical Care — Personal Health Information collected in the course of providing in-home healthcare services, which is governed by PHIPA and applicable College Regulations. This data is maintained exclusively in our secure EMR system and is not collected, processed, or stored through the Website.

Collecting and Using Your Information

A. Information Collected Through the Website

When you use our Website to submit an inquiry, we may collect the following Personal Information:

First name and last name

Email address

Phone number

The content of your inquiry or message

Usage Data (see below)

This information is used solely to respond to your inquiry and to provide information about our services. It is not used for unsolicited marketing communications. We will only send you appointment reminders or follow-up communications electronically if you have expressly requested or consented to receive them, in accordance with Canada's Anti-Spam Legislation (CASL).

Usage Data

Usage Data is collected automatically when using the Website. This may include information such as your device's IP address, browser type and version, the pages you visit, the date and time of your visit, the time spent on pages, and other diagnostic data. This data is used for the maintenance, security, and improvement of our Website.

B. Personal Health Information Collected During In-Home Care

In the course of providing healthcare services, our practitioners collect Personal Health Information necessary to deliver safe, effective, and individualized care. This may include, but is not limited to:

Full legal name, date of birth, and contact information

Medical history, diagnoses, and presenting conditions

Current medications and allergies

Vital signs and physical assessment findings

Clinical visit notes, progress notes, and treatment records

Functional assessments and care plans

Referral and consultation records

Information relevant to fall risk, mobility, and home safety assessments

All PHI is recorded and maintained exclusively within our secure, PHIPA-compliant EMR system hosted on encrypted servers located within the Province of Ontario, Canada. PHI is not collected, transmitted, or stored through our Website.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to monitor activity on our Website and to improve user experience. Technologies used may include beacons, tags, and scripts.

Types of Cookies We Use:

Necessary / Essential Cookies

Type: Session Cookies

Purpose: Essential to provide you with core website functionality and to authenticate users. These cannot be disabled without affecting the usability of the Website.

Cookie Acceptance Cookies

Type: Persistent Cookies

Purpose: To record whether you have acknowledged our use of cookies.

Functionality Cookies

Type: Persistent Cookies

Purpose: To remember your preferences and improve your experience when returning to the Website.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. Disabling cookies may limit access to certain features of the Website.

Consent

A. Website Inquiries

By submitting an inquiry through our Website, you consent to the collection and use of your Personal Information for the purpose of responding to your request.

B. Healthcare Services — Informed Consent

Prior to the commencement of any healthcare services, informed consent is obtained from the Client or their Authorized Representative. This consent process includes:

A clear explanation of the services to be provided

The nature of the information to be collected and how it will be used

The right to withdraw consent at any time, subject to legal or clinical obligations

C. Substitute Decision-Makers and Powers of Attorney

Where a Client does not have the capacity to provide informed consent, we obtain consent from a legally recognized Authorized Representative, which may include:

A Substitute Decision-Maker (SDM) as defined under Ontario's Health Care Consent Act, 1996

A holder of a valid Power of Attorney (POA) for personal care

Both verbal and written consent are obtained and documented. Where a Power of Attorney is cited, supporting documentation is reviewed and verified before services commence. All consent records are retained in the Client's file in accordance with applicable legislation.

Use of Your Personal Health Information

PHI is used solely for the purposes for which it was collected, including:

Providing, coordinating, and managing safe, individualized in-home healthcare

Clinical assessment, care planning, and treatment documentation

Communication among authorized members of the care team

Compliance with professional obligations under College Regulations

Responding to legal, regulatory, or clinical audit requirements

We do not use PHI for commercial, marketing, or research purposes without separate, explicit consent.

Access to Personal Health Information

Access to PHI is strictly limited to authorized personnel based on their clinical role and professional need to know. We maintain a formal access control system with defined roles and permissions to ensure that PHI is accessible only to those with a legitimate clinical or administrative function.

Our practitioners are regulated professionals governed by the College of Physiotherapists of Ontario and the Ontario College of Social Workers and Social Service Workers, and are individually bound by the privacy and confidentiality obligations established by their respective Colleges.

Where personal or company-issued mobile devices are used during home visits, all practitioners are required to adhere to strict privacy protocols consistent with their College requirements and this policy, including the secure handling and transmission of any client-related information.

Client Access to Records

Clients or their Authorized Representatives have the right to request access to their Personal Health Information. Upon a valid request, records may be provided during a scheduled care session in paper form, or through another secure method as arranged. Requests for access should be directed to our Privacy Officer using the contact details at the end of this policy.

Sharing and Disclosure of Your Personal Information

We do not sell, rent, or trade your Personal Information or Personal Health Information to any third party.

We may disclose your information only in the following limited circumstances:

With Members of the Care Team: PHI may be shared among authorized practitioners directly involved in your care.

With Service Providers: We may share limited Personal Information (not PHI) with trusted service providers who support our Website or administrative operations, subject to contractual confidentiality obligations.

As Required by Law: We may disclose information if required to do so by law, court order, or in response to a valid request by a regulatory or government authority (e.g., the Information and Privacy Commissioner of Ontario).

To Protect Safety: We may disclose information where we have reasonable grounds to believe there is a serious risk of harm to the Client or another person, as permitted or required under PHIPA.

With Your Consent: We may disclose your information for any other purpose with your express consent.

We do not share PHI with any government-funded programs, home care agencies, or third-party scheduling platforms without your explicit consent.

Data Storage and Security

All Personal Health Information is stored on encrypted servers physically located within the Province of Ontario, Canada. Our EMR system is PHIPA-compliant and subject to ongoing security controls to protect the confidentiality, integrity, and availability of health records.

Security measures in place include:

Encryption of data at rest and in transit

Role-based access controls with authentication requirements

Secure remote access protocols for authorized practitioners

Regular system audits and security reviews

Staff training on privacy obligations and data handling procedures

While we apply industry-standard security measures and are committed to the protection of your information, no electronic system can be guaranteed to be completely immune from breach. We maintain breach response procedures as described below.

Privacy Breach Notification

In the event of a privacy breach involving your Personal Health Information, Med Home Services will:

Promptly investigate the nature and scope of the breach

Take immediate steps to contain and mitigate the breach

Notify affected individuals as required under PHIPA

Notify the Information and Privacy Commissioner of Ontario (IPC) where required by law

Document the breach and corrective actions taken

We are committed to transparency and to fulfilling all statutory notification obligations in the event of a breach.

Retention of Your Personal Information

We retain Personal Health Information in accordance with applicable Ontario legislation, including the minimum retention periods prescribed under PHIPA and the regulations of the College of Physiotherapists of Ontario and Ontario College of Social Workers. Specifically:

Health records for adult clients are retained for a minimum of ten (10) years from the date of the last professional service.

Health records for minor clients are retained until the individual reaches the age of 28, or for ten (10) years from the date of the last service, whichever is longer.

Website inquiry data (Personal Information) is retained only as long as necessary to fulfill the purpose for which it was collected.

Upon the expiry of the applicable retention period, records are destroyed using secure and appropriate methods to prevent unauthorized access or disclosure. Both paper and digital records are subject to documented destruction procedures.

Children's Privacy

Our services may be provided to minors where clinically appropriate. In such cases, consent is obtained from a parent, legal guardian, or other Authorized Representative in accordance with Ontario's Health Care Consent Act, 1996, and College Regulations. The privacy of minor clients is given the highest priority, and their records are subject to enhanced retention and access safeguards as described in this policy.

Our Website is not directed at individuals under the age of 18, and we do not knowingly collect Personal Information through the Website from minors. If you believe a minor has submitted information through our Website without appropriate consent, please contact us immediately.

Links to Third-Party Websites

Our Website may contain links to external websites not operated by Us. We strongly encourage you to review the privacy policies of any third-party websites you visit. We have no control over and accept no responsibility for the privacy practices or content of third-party sites.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. We will notify you of significant changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

Continued use of our Website or services after changes are posted constitutes your acceptance of the updated policy.

Your Privacy Rights

Under PHIPA and applicable Canadian privacy legislation, you have the right to:

Access your Personal Health Information held by us

Request corrections to inaccurate or incomplete information

Withdraw your consent to collection, use, or disclosure (subject to legal and clinical limitations)

File a complaint with the Information and Privacy Commissioner of Ontario (IPC) if you believe your privacy rights have been violated

To exercise any of these rights, please contact our Privacy Officer using the information below.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

By email: support@medhomeservices.ca

Website: medhomeservices.ca

For formal privacy complaints or concerns about the handling of your Personal Health Information, you may also contact:

Information and Privacy Commissioner of Ontario (IPC)

Website: www.ipc.on.ca

Phone: 1-800-387-0073