Find jobs
Hire Staff
Find jobs
Hire Staff
Privacy Policy

Last Updated: 23/07/2025

Purpose

Gifted Hands Health Services (“Gifted Hands”) is committed to safeguarding the privacy of individuals by responsibly managing personal information, especially personal health information (PHI). We prioritize the confidentiality, integrity, and security of the personal data we collect and use. This policy outlines how Gifted Hands protects the rights of individuals, ensures compliance with Ontario’s health privacy laws, and maintains high standards for transparency and data protection.

Scope

This policy applies to all employees, independent healthcare providers, directors, contractors, researchers, students, volunteers, and agents (“Gifted Hands Personnel”) who access, manage, or process personal or health information in any form—oral, paper, or digital.

Definitions

  • Capacity: The ability of an individual to understand information relevant to making an informed decision about the collection, use, or disclosure of their PI/PHI and to appreciate the potential consequences of those decisions.
  • Identifying Information: Any information that could directly or indirectly identify an individual.
  • Personal Information (PI): Information that can be used to identify a person and includes any details about their personal or health status.
  • Personal Health Information (PHI): Identifiable health-related data in any format that includes:
    • Family or individual health history
    • Details about care provided or planned
    • Payment and eligibility information
    • Health card numbers
    • Organ donation data
    • Substitute decision-maker identification
  • PHIPA: Ontario’s Personal Health Information Protection Act, 2004.
  • Privacy Breach: Unauthorized access, use, loss, or disclosure of PI/PHI, whether accidental or intentional.

Responsibilities

All Gifted Hands Personnel must protect the PI/PHI they handle and comply with this policy. This includes keeping information confidential and secure, informing clients about data practices, and only accessing data necessary for job-related purposes. PHI/PI must be:

  • Stored in secure, access-controlled locations
  • Transported and transmitted securely
  • Accessed only by authorized personnel
  • Returned to secure locations when not in use

All suspected or confirmed privacy breaches must be reported promptly to the Gifted Hands Privacy Officer at [email protected]

Compliance with this policy is mandatory. Failure to comply may result in disciplinary action, up to and including termination of employment or contracts.

Procedures

Collection
Gifted Hands collects PI/PHI to provide care services such as nursing, personal support, homemaking, rehabilitation, and home care assessments. Data is also used for internal audits, quality reviews, risk management, and reporting to funders.
Staff collecting PI/PHI must:

  • Clearly identify the purpose at the time of collection
  • Limit collection to only what is necessary
  • Follow applicable data protection procedures

Consent for collecting and using PI/PHI must be obtained in a manner that is informed, voluntary, and documented. Consent may be verbal or written, explicit or implied, depending on context and applicable laws. Substitute decision-makers may provide consent when a client lacks capacity.

Withdrawal of Consent
Individuals may revoke consent at any time, provided legal and contractual conditions allow it. Gifted Hands will explain the implications of withdrawal, including how it may affect services.

Confidentiality
All staff must sign confidentiality agreements and renew them annually. Contractors with access to PI/PHI must also sign confidentiality clauses in their contracts. Gifted Hands may audit contractors and vendors for compliance.

Access & Disclosure

PI/PHI access is granted on a strict need-to-know basis. Clients and employees may request access to their records in writing. Copies for third parties require written authorization and must be sent securely. Original records will only be released under legal requirements such as subpoenas.

PI/PHI may not be:

  • Released on social media
  • Disclosed without written consent, unless required by law or in an emergency

Transmission

PHI/PI must be transmitted securely:

  • Fax: Use encrypted platforms or secure, monitored machines. Confirm receipt.
  • Email: Use encrypted, approved systems. Clients must be informed of risks before using email for PHI.
  • Portals: Only approved, secure portals may be used to share sensitive data.

AI Tools

Gifted Hands will only use AI platforms that fully comply with PHIPA and internal privacy policies. PHI will never be input into public or external AI tools.

Privacy Officer

Gifted Hands has appointed a Privacy Officer to oversee policy implementation, staff training, complaint resolution, and breach response. The Officer also ensures compliance with privacy laws and agreements with partners.

Reporting

All staff must promptly report any actual or suspected policy violations or privacy breaches. Investigations will be thorough, and findings will be used to improve practices.

Privacy Impact Assessments

Gifted Hands will perform Privacy Impact Assessments (PIAs) for any new or changing programs that involve PI/PHI. The goal is to assess privacy risks and implement mitigations.

Complaints & Corrections

Clients and employees may:

  • File complaints about privacy practices
  • Challenge the accuracy of their information

Complaints will be handled by the Privacy Officer. If a complaint is found valid, changes will be made. Corrections to records will be documented properly.

Destruction

PI/PHI will be retained and destroyed according to funder requirements or after 10 years post-discharge (or 10 years after turning 18 for minors). Destruction will be secure and documented.

Related Policies

  • Records Management
  • Confidentiality and Conflict of Interest
  • Data Security
  • Privacy Breach Response
  • Retention & Disposal
  • Social Media

Resources

  • Personal Health Information Protection Act, 2004
  • Information and Privacy Commissioner of Ontario
  • Gifted Hands Privacy Officer
  • Contact: Gifted Hands Health Services Privacy Officer [email protected]

 

×

Loading...

Choose a language

Gifted Hands Health Services – Full-cycle Healthcare Staffing agency
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.