Privacy Policies

Website Privacy Policy

PAARC maintains a public website for the benefit of the community, to provide information about our agency, our programs and services, and to offer the public a way to contact us for help, to provide us with feedback, and to donate to PAARC.

The purpose of this Privacy Policy is to inform users of our Site of the following:

  1. The types of anonymous and identifying information collected from casual visitors and general users of PAARC’s website.
  2. Cookies, log files and use of other mechanisms to automatically collect user device information.
  3. Purposes for which user information is collected and how it will be used.
  4. Sharing of user data with any third parties.
  5. Requirements and procedures for obtaining consents where required, including express consent for installation of executable programs on a user’s system.
  6. Handling, retention and destruction of users’ information.


By using our Site, users agree that they consent to the conditions set out in this Policy.


When you provide us with information through our ‘Contact Us’ option, your information is received by the Executive Director and the Manager of Programs, Partnerships and Operations. We may disclose the contents of your message to any member of our agency who has been assigned to answer your inquiry.

When you click on the ‘Donate’ button, you are directed to the CanadaHelps portal (home page is

On their portal, you are asked to provide information that helps them complete your donation and provide a donation receipt. CanadaHelps maintains their own online privacy policies and procedures, specific to their activities handling payment information.


We will not share your information with other third parties, except in the following cases:

  1. If the law requires it.
  2. If it is required for any legal proceeding in which we are required to submit evidence.
  3. To prove or protect our legal rights.

If you follow hyperlinks from our Site to another Site, from our Resources page for example, please note that we are not responsible for and have no control over their privacy policies and practices.


PAARC’s website is encrypted with secure certification so any information sent to or received from the site is encrypted.

You have control over the cookies settings on the device you are using to access our Site. Cookies are intended to make it easier for users to access Sites repeatedly, and you can adjust your settings to avoid cookies, or you can erase your cookies history when you are done.

PAARC does not use automatic log files or any other mechanisms to collect information from users of our website. We do not share any user data with any third parties.

If you have any questions or concerns about this Website Privacy Policy, please contact PAARC’s Privacy Officer, Karen Parsons, at, or by calling 905-629-1007, pressing ‘0’ and asking our Receptionist to connect you.

You can read about PAARC’s Privacy Policy for users of our agency’s programs and services below.

General Policies Related to Sharing/Accessing Information and Client Confidentiality:

  1. All PAARC staff, including contracted employees, sub-contracted employees and students will fully understand and adhere to PAARC’s policy, which will be demonstrated in the signing of PAARC’s Confidentiality Agreement.
  2. PAARC will request clients to provide information regarding their health and PAARC will explain to clients the rationale for collecting their information.
  3. PAARC will limit the collection, use and disclosure of information, to that which is necessary for the identified purposes or for the purposes the Act permits or requires.
  4. Client information is disclosed, with client consent, to PAARC personnel and formal partners for the purpose of the provision of voluntary and mandated services.
  5. Consent of the client is required to share information with or to be accessed by others outside of PAARC. However, consent to disclose information is NOT required under the following circumstances:
    • Comply with legal requirements (court orders, subpoena, and warrants.)
    • Duty to Report: harm to one’s self or others, at-risk vulnerable persons, impaired persons with intent to drive a motor vehicle.
    • Plan, deliver or monitor health-related programs that we provide
    • Manage risk and errors, improve the quality of service or maintain programs and for undergoing agency accreditation.
    • Educate agents to provide health care/services (e.g., staff, volunteers, students.)
    • Participate in legal or administrative proceeding in which a client is involved.
    • Collect payment for health care services provided, if required.
    • Contact an identified emergency contact or substitute decision maker of an individual who is incapacitated, injured, or ill and is unable to consent.
  1. Clients must sign a Consent Form for each individual or organization with whom information is to be shared or from whom information is to be disclosed. This Consent Form will include:
    • Their name(s),
    • Organization and name of staff person releasing the information,
    • Organization and name of person receiving the information being released,
    • Purpose of the release, date of consent, and
    • Any limits on the consent (example: time period, limits of use).
  1. In crises or urgent situations, PAARC may disclose client information to other health care providers in the “Circle of Care” to ensure the safety and welfare of the client. The “Circle of Care” may include health care professionals, pharmacies, laboratories, emergency response teams, nursing homes, home and community service providers such as home service providers who provide health care services (see definition section for additional information).


  1. In the event that a client dies, PAARC may disclose personal health information about a deceased individual without consent in the following circumstances:
    • For the purpose of identifying the individual
    • For the purpose of informing any person whom it is reasonable to inform in the circumstances of,
      • The fact that the individual is deceased or reasonably suspected to be deceased, and
      • The circumstances of death, where appropriate; or
      • To the spouse, partner, sibling or child of the individual if the recipients of the information reasonably require the information to make decisions about their own health care or their children’s health care.

In addition, when a person dies, the estate trustee or the person who has assumed responsibility for the administration of the deceased’s estate becomes the substitute decision-maker for the deceased individual. Under these circumstances, PAARC has the right to ask the substitute decision maker to provide documentation verifying his or her authority as such or attesting to such authority, and request identification to be satisfied as to the individual’s identity.

  1. Clients’ expressed, written consent will be obtained when information about them is shared with any other party outside of PAARC’s legal duty to report. In response to the COVID-19 directed shift to virtual care, PAARC has adopted the PHIPA-compliant practice of accepting verbal consent when written consent can not otherwise be obtained. Where possible, clients are asked to print and sign a consent form which they can mail or scan to be included in the electronic file. Clinical staff will clearly document verbal consent obtained in circumstances in which written consent is not possible.

Court-Ordered Release of Information

If a request is received from the courts to release personal health information about a PAARC client, the authorized personnel will follow procedures in notifying the Privacy Officer. The required information will be released in accordance with this policy. A copy of the court order will be placed in the client file.


Discharged clients are required to sign a new Consent Form for release of personal health information to any individual or organization outside of PAARC.

Retaining Client Information

PAARC retains client information on their premises and may transport client information in a secure manner while working with the client. PAARC maintains client information for as long as necessary to fulfil the purposes of which it was collected, or as required by law (usually 10 years).

Where the client requests access to their record, PAARC will require a written request be submitted to the Privacy Officer. In accordance with PHIPA 2004 amended, clients may request access to their record in an electronic fashion.

Accuracy of Client Information

PAARC ensures that information about clients is as current, accurate and complete as possible on collection. Information is recorded and updated when required as routine maintenance of files under the Client Record Management System. PAARC takes reasonable steps to ensure that any information used by PAARC on an ongoing basis, including any information that is disclosed to others under this Policy, is current, accurate and complete. Where PAARC knows that information is not accurate, complete or current, this fact will be indicated at the time of use or disclosure.

A client is also entitled to challenge the accuracy or completeness of information in PAARC’s custody or control. Requests to challenge and/or change information should be directed to the clinical supervisor who will escalate the request to the Privacy Officer. A client will receive at least a preliminary response from the Privacy Officer within 30 days, and a full response within 60 days.

PAARC must correct the record where the individual demonstrates that the record is incomplete or inaccurate for the purposes for which PAARC uses the record, unless an exception applies in the circumstances.

PAARC is not required to correct a professional opinion or observation made in good faith, or a record that was not originally created by PAARC and where PAARC has insufficient knowledge or authority to make the correction.

In circumstances where PAARC does not make a requested correction, PAARC will inform the client of the refusal, provide reasons and inform the client of their right to appeal the refusal or the right to attach a statement of disagreement.

Accessing Information from or Disclosing Information to Other Service Providers When exchanging two-way client information (accessing and disclosing) with another service provider, authorized personnel must ensure all parties have a signed Consent Form from the client. When staff receive requests for the release of client personal information from external agencies or community partners, they must ensure that they have received a completed consent form signed by the client prior to the release of information.


Clients may not feel comfortable sharing all of their details to those with whom they have given consent for their worker to communicate. Clients may choose to ‘lock’ certain parts of their personal health information as long as it pertains to the PHIPA. The term “lock box” applies to situations where a client has expressly restricted his or her worker from disclosing specific personal health information to others — even to others involved in their “Circle of Care.”

Withdrawal of consent

Should the client choose to withdraw or restrict consent, the authorized personnel will discuss the implications of the consent withdrawal with the client. Specifically, the authorized personnel should inform the client that withdrawal or restriction of consent might jeopardize or halt the delivery of PAARC services and impact the ability to make referrals on behalf of the client.

If the client maintains their interest in withdrawing consent, the staff will make an appropriate notation in the client’s file that consent has been withdrawn (progress note and consent form.)

When Client is Incapable of Giving Consent

If a client is deemed incapable of providing consent, the named Power of Attorney or the designated substitute decision maker for the client may give consent to share information by signing a Consent Form on behalf of the client. Otherwise, refer to the Ontario privacy legislation, which outlines who can make decisions on behalf of incapable clients relating to the collection, use, disclosure and access to their personal health information. In the event that client information is requested for disclosure under a warrant, subpoena or other legal/court order, the requested information will be disclosed as required by law. A copy of the warrant, subpoena or court order will be placed in the file.

In the event that a request is made by court, police or any other officer of the law without a warrant or subpoena, PAARC will not disclose or release client personal health information or acknowledge that the client is being served by the agency.

In the event a client is unable to physically sign a Consent Form, verbal consent may be considered to share information, at the discretion of staff in consultation with the Privacy Officer and/or delegate. Please note that every effort will be made to obtain written consent. When verbal consent is provided, the clinical notes will reflect that verbal consent was obtained and an explanation as to why verbal consent versus written consent was provided.


Authorized personnel must ensure that a Consent Form has been signed by the client before any information is shared with or accessed from anyone outside of the PAARC organization; and will work with the client to explain the rationale for sharing information.

Access to client information and record is available on a “need to know” basis. Staff with access to confidential client information must only be accessing that client information which is directly pertinent to their caseloads or service/support/assessment activities.

Security of Client Information

Information about clients in PAARC’S custody is protected by security safeguards including physical, technological and administrative. These security safeguards are in keeping with industry standards and are designed to protect client information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. The steps taken to protect client information include but are not limited to the following:

    • Physical safeguards for records include:
      • Controlling physical access by locking doors, controlling access by authorized staff through such means as keys.
      • Escorting visitors while on PAARC premises or specific areas of PAARC’s premises.
      • Storing paper records of personal information/personal health information in locked filing cabinets.
    • Technical safeguards for records include:
      • Using passwords in conjunction with screen savers that are activated when PAARC personnel leave their desk and/or after a short period of time of inactivity.
      • Encrypting information and removing identifiers, where appropriate.
      • Storing electronic records on a secure server.
      • Restricting use to only PAARC devices where security measures meet minimum standards.
    • Administrative safeguards for records include:
      • Termination procedures (e.g. removal from access lists, turning in of keys or cards that permit access.)
      • Agreements with agents to address the protection of personal health information.
      • Reviewing access privileges periodically to ensure that they remain appropriate (e.g., subsequent to an employee’s transfer to a new position.)
      • Suspending access during periods of leave that are not related to vacation, for example extended sick leave.


In unusual circumstances, such as in response to a pandemic, staff may be permitted to work remotely. In these unique circumstances, staff must seek explicit permission from the Manager of Programs, Partnerships and Operations, or a delegate by completing and submitting a request form to work remotely. Staff will be required to sign an attestation that outlines the terms in which an employee may work remotely. These terms clearly address the safekeeping of client records in accordance with PHIPA legislation and PAARC’s standards. In the rare circumstances where client information is captured outside of the electronic record, staff will uphold policy as it relates to securing client health information. This includes double locking the information until it can be electronically added to the clinical record or transported to the office where the original clinical record is stored.

Requests to Access Their Records

A client can request to see their client file by submitting a request to PAARC’s privacy officer. The privacy contact person is Karen Parsons, Executive Director of PAARC. Her contact number is 905-629-1007, ext. 226. For the client’s convenience, they can choose to submit their request to their primary worker who will then forward the request to the Privacy Officer. Upon approval, the client will be invited to view their file within 30 days (or 60 days in the case of complex searches). Should the client have concerns about the contents of their file, they can request a correction of information. Due to the legal limitations by which PAARC is bound, correction of information requests must be in writing. Clients can request one copy of the applicable parts of the file. Additional copies can be obtained for a nominal fee. The client will be required to sign a document acknowledging that they have been provided information from their PAARC file for the purpose of removal from the premises. Please be aware that PAARC is unable to release any third-party information held in the file. Clients can request assistance in interpreting their file.

A client’s right to access their information is not absolute. PAARC may deny access to personal health information if it is determined that the release of this information could:

    • Result in a risk of serious harm to the treatment or recovery of the individual or a risk of serious bodily harm to the individual or another person.
    • Lead to the identification of a person who was required by law to provide information in the record to the custodian, or
    • Lead to the identification of a person who has provided information recorded in the file that was to be held in confidence and would therefore breach the confidentiality of that third party.
    • Denial of access is required or authorized by law (e.g. there is a court order prohibiting access.)
    • Where the request is frivolous, vexatious, or in bad faith.

If the Privacy Officer refuses a client access to their records, a written response will be provided, and the client will also be notified of their right to appeal to the Information and Privacy Commissioner of Ontario.

Unauthorized Access, Theft or Loss

PAARC takes seriously the deliberate unauthorized access of client personal health information such as ‘snooping’ client data/files. “Unauthorized Access/Snooping” is defined as: Obtaining access to the files of others for the purpose of satisfying idle curiosity, with no justifiable clinical or business purpose.

Unauthorized access/snooping occurs when personal information/personal health information is viewed by a staff who is not directly providing, or assisting in the provision, of care/services/supports to the individual involved (usually a client).

Unauthorized access/snooping may involve access to the electronic or hard copy records of personal information/personal health information of family members, friends, co-workers, and neighbours, as well as celebrities, politicians and other well-known individuals. It may also involve access to the electronic records of individuals who do not have any relation to PAARC with the staff member.

Unauthorized access, including the viewing of personal information/personal health information in electronic information systems, may be motivated by a number of factors including but not limited to interpersonal conflicts, curiosity, personal gain or concern about the health and well-being of individuals. At PAARC, access to client information and records is available on a “need to know” basis. Simply put, employees with access to confidential client information must only be accessing that client information which is directly pertinent to their own caseloads or services/supports/assessment activities.

Staff found snooping will be held accountable via appropriate disciplinary action.

In the event that personal health information of a client is lost or stolen, PAARC will notify the client as soon as it is known to PAARC that loss or theft of client information has occurred, at minimum within 24 hours of discovery. PAARC will follow the protocols for handling privacy breaches, as outlined below.

Compliance with this Policy

All PAARC staff (employees, directors, volunteers, students and sub-contractors, etc.,) are required to be familiar with and comply with this Policy. Any breach of this Policy may result in significant disciplinary action as determined by the Executive Director.

All staff must notify their primary clinical supervisor or the Executive Director immediately if client information is lost, stolen or accessed without authorization. Staff will notify clients either by mail, telephone or face to face at the next appointment in the cases of unauthorized theft, loss, access, use or disclosure of personal information.

Examples of breaches include:

  • Accessing a client record for any purpose outside of direct services and supports.
  • Discussing a client’s personal information/personal health information in a public area or outside of PAARC without a legitimate business reason.
  • Failing to follow established Privacy/Information Security policies and procedures when collecting, using, accessing, or disclosing protected information including failing to logoff from an application or failing to properly secure electronic media that contains personal information/personal health information or sharing their password.
  • Using a client’s personal information/personal health information for personal reasons (such as developing a personal relationship with a client) rather than for legitimate and authorized business reasons.
  • Copying or compiling personal information/personal health information with the intent to sell or use the information for personal or financial gain.
  • Mailing/faxing/emailing a record of the client containing personal information or personal health information to an unintended recipient.

Corrective Action–No retaliation for good faith reporting

PAARC will not retaliate against a member of its staff who acts in good faith believing the practice he/she reports is unlawful. If a staff member has reason to believe that another person has violated this policy, it must be reported to their immediate supervisor for further review and action. There will be no retaliation against a staff member who believes in good faith that there was a policy violation; however, due to the significant importance of protecting client privacy and confidentiality, disciplinary or corrective action will be taken towards any staff member in violation of this policy, up to and including termination of employment.

Determined on a case by case basis, considering the specific circumstances, severity of the violation, and personnel work history, disciplinary or corrective action:

  • May be up to and including termination of employment or the business relationship as appropriate.
  • Sanctions that may be imposed include, but are not limited to:
    • A verbal warning
    • A letter of written warning placed in the employee’s personnel file
    • Administrative leave without pay
    • Attendance and successful completion of additional training
    • Termination of employment

Duty to Report

A staff member who fails to report either a suspected or actual breach will have violated this policy, and may be subject to corrective action. Any staff member who observes, becomes aware of, or suspects a wrongful use or disclosure of personal information/personal health information maintained by PAARC is required to report their suspicion of the wrongful use or disclosure as soon as possible to their supervisor or the Privacy Officer.

Identifying Privacy Officer

At PAARC, the Executive Director is the designated Privacy Officer.

Challenging PAARC’S Privacy Practices

Clients are entitled to challenge PAARC’s compliance with the principles set out in this Policy if they have reason for concern regarding PAARC’s ability to uphold the policy in its entirety. Any challenge should be directed in writing to the Privacy Officer following the Compliments, Concerns and Complaints process outlined on PAARC’s website and enclosed in the Client Welcome Package. Alternatively, clients can make a verbal complaint to any employee of PAARC who will in turn, escalate the complaint in accordance with the complaints process. The complaint will be documented in the clients file as well as reported to the privacy officer. Anyone who submits a written or verbal complaint, challenge or inquiry will be given a written copy of our procedures governing such complaints, challenges and inquiries, or will be invited to speak directly to the Privacy Officer or delegate.

PAARC will investigate all complaints received. If a complaint is found to have merit, PAARC will take appropriate measures to address the complaint.



Capacity involves two criteria:

First, a person must be able to understand the information that is relevant to making a treatment decision (including providing consent to disclose personal health information). This requires the cognitive ability to process, retain and understand the relevant information.

Second, a person must be able to appreciate the reasonably foreseeable consequences of the decision or lack of one. This requires the client to be able to apply the relevant information to his or her circumstances, and to be able to weigh the foreseeable risks and benefits of a decision or lack thereof; for example, the consequences of giving, not giving, withholding, or withdrawing consent.

Circle of care (taken from the IPC Ontario document Circle of Care: sharing personal health information for health care purposes 2009)

The term “circle of care” is not a defined term in the Personal Health Information Protection Act, 2004 (PHIPA). It is a term commonly used to describe the ability of certain health information custodians to assume an individual’s implied consent to collect, use or disclose personal health information for the purpose of providing health care, in circumstances defined in the PHIPA.

The personal health information to be collected, used or disclosed must have been received for the purpose of providing health care or assisting in the provision of health care to the individual to whom it relates. A health information custodian may not rely on assumed implied consent if the personal health information was received for other purposes, such as research, fundraising, marketing or providing health care or assisting in providing health care to another individual or group of individuals

A health information custodian may not assume an individual’s implied consent in disclosing personal health information to a person or organization that is not a health information custodian, regardless of the purpose of the disclosure.

At PAARC, we strive to obtain client consent at all times; however, under certain health care-related circumstances, client personal health information will be shared with members of the circle of care based on implied consent. In all other cases, client consent is required to release/disclose client personal health information (e.g. partner organizations, lawyers etc.). The release of client information process will be initiated.

In addition, the term “circle of care” can also include (but is not limited to) family members, significant others, and other informal support persons, such as friends or family-of-choice, whom the client has chosen to help support them. PAARC is committed to supporting clients to identify support networks (formal and informal) for the inclusion in their circle of care. Clients determine the extent to which they want their identified support persons to be involved based on their comfort. PAARC staff will ensure that clients and members within their circle of care understand what circle of care means. At the outset of service provision, PAARC will engage the client in a conversation about circle of care and what that means for each client, as well as discuss the different roles their supports can play in helping clients to achieve their goal.


Collect means to gather, acquire, receive or obtain personal health information by any means from any source. Receiving personal health information is not always a choice. Sometimes receiving unauthorized person health information can occur when family members leave details in a voice message for which consent was not provided. When staff receive information without consent, clients will be notified during the next appointment.

The individual must have the capacity to consent to the collection, use and disclosure of personal health information.


To be valid, consent must:

  • Be obtained directly from the individual or someone with legal authority to consent for the individual (i.e. substitute decision-maker)
  • Be related to the information in question
  • Be obtained voluntarily (without deception or coercion)
  • Be knowledgeable, meaning it must be reasonable to believe that the individual understands:


  • Why their are collecting, using or disclosing the information
  • That they have the right to withhold or withdraw consent

Disclosure, in relation to personal health information in the custody or under the control of a Custodian or a person, means to make the information available or to release it to another Custodian or to another person, but does not include to use the information.


Health Care

Health Care means any observation, examination, assessment, care, service or procedure that is done for a health-related purpose and that is carried out or provided to treat or maintain an individual’s physical or mental condition, prevent disease or injury, promote health, or as part of palliative care, and includes the compounding, dispensing or selling of a drug, a device or equipment, or a community service that is described in the Long-Term Care Act, 1994.

Health Information Custodian

A Health Information Custodian is defined as an individual or organization under the Personal Health Information Act, 2004 that, as a result of their power or duties, has custody or control of personal health information.

Lock Box

The term “lock box” applies to situations where the applicant/client has expressly restricted PAARC from disclosing specific personal health information to others – even to others involved in the individual’s circle of care.

Personal Health Information

Personal health information is ‘identifying information’ collected about an individual. It can be oral (spoken) or recorded (paper/electronic)

It includes information about an individual’s health or health care history in relation to:

    • The individual’s physical or mental condition, including family medical history
    • The provision of health care to the individual
    • Long-term health care services
    • The individual’s health card number
    • Blood or body-part donations
    • Payment or eligibility for health care
    • The identity of a health care provider or a substitute decision maker for the individual (FAQ/IPC)

Unauthorized Access

Unauthorized Access/Snooping is defined as: Obtaining access to the files of others for the purpose of satisfying idle curiosity, with no justifiable clinical or business purpose.


In relation to personal health information in the custody of or under the control of a Custodian or a person, “use” means to handle or deal with the information, but does not include the disclosure of information. Transferring personal health information between an agent of the Custodian and the Custodian is a “use” and not a “disclosure”.

Incapable individual: persons who may consent

26. (1) If an individual is determined to be incapable of consenting to the collection, use or disclosure of personal health information by a health information custodian, a person described in one of the following paragraphs may, on the individual’s behalf and in the place of the individual, give, withhold or withdraw the consent:

  1. The individual’s guardian of the person or guardian of property, if the consent relates to the guardian’s authority to make a decision on behalf of the individual.
  2. The individual’s attorney for personal care or attorney for property, if the consent relates to the attorney’s authority to make a decision on behalf of the individual.
  3. The individual’s representative appointed by the Board under section 27, if the representative has authority to give the consent.
  4. The individual’s spouse or partner.
  5. A child or parent of the individual, or a children’s aid society or other person who is lawfully entitled to give or refuse consent in the place of the parent. This paragraph does not include a parent who has only a right of access to the individual. If a children’s aid society or other person is lawfully entitled to consent in the place of the parent, this paragraph does not include the


  1. A parent of the individual with only a right of access to the individual.
  2. A brother or sister of the individual.
  3. Any other relative of the individual. 2004, c. 3, Sched. A, s. 26 (1).


  1. A person described in subsection (1) may consent only if the person,
  2. is capable of consenting to the collection, use or disclosure of personal health information by a health information custodian;
  3. in the case of an individual, is at least 16 years old or is the parent of the individual to whom the personal health information relates;
  4. is not prohibited by court order or separation agreement from having access to the individual to whom the personal health information relates or from giving or refusing consent on the individual’s behalf;
  5. is available; and
  6. is willing to assume the responsibility of making a decision on whether or not to consent. 2004, c. 3, Sched. A, s. 26 (2).

Meaning of “available”

  1. For the purpose of clause (2) (d), a person is available if it is possible, within a time that is reasonable in the circumstances, to communicate with the person and obtain a consent. 2004, c. 3, Sched. A, s. 26 (3).


  1. A person described in a paragraph of subsection (1) may consent only if no person described in an earlier paragraph meets the requirements of subsection (2). 2004, c. 3, Sched. A, s. 26 (4).


  1. Despite subsection (4), a person described in a paragraph of subsection (1)

who is present or has otherwise been contacted may consent if the person believes that,

  1. no other person described in an earlier paragraph or the same paragraph exists; or
  2. although such other person exists, the other person is not a person described in paragraph 1 or 2 of subsection (1) and would not object to the person who

is present or has otherwise been contacted making the decision. 2004, c. 3, Sched. A, s. 26 (5).

Public Guardian and Trustee

  1. If no person described in subsection (1) meets the requirements of subsection (2), the Public Guardian and Trustee may make the decision to consent. 2004, c. 3, Sched. A, s. 26 (6).

Conflict between persons in same paragraph

  1. If two or more persons who are described in the same paragraph of subsection (1) and who meet the requirements of subsection (2) disagree about whether to consent, and if their claims rank ahead of all others, the Public Guardian and Trustee may make the decision in their stead. 2004, c. 3, Sched. A, s. 26 (7).


Transition, representative appointed by individual

  1. Where an individual, to whom personal health information relates, appointed a representative under section 36.1 of the Mental Health Act before the day this section comes into force, the representative shall be deemed to have the same authority as a person mentioned in paragraph 2 of subsection (1). 2004, c. 3, Sched. A, s. 26 (8).

Limited authority

  1. The authority conferred on the representative by subsection (8) is limited to the purposes for which the representative was appointed. 2004, c. 3, Sched. A, s. 26 (9).


  1. An individual who is capable of consenting with respect to personal health information may revoke the appointment mentioned in subsection (8) in writing. 2004, c. 3, Sched. A, s. 26 (10).



  1. A person who is entitled to be the substitute decision-maker of the individual under this section may act as the substitute decision-maker only in circumstances where there is no person who may act as the substitute decision-maker of the individual under subsection 5 (2), (3) or (4). 2004, c. 3, Sched. A, s. 26 (11).

Please visit this link to view qualifying information on the PHIPA 2004.

SUPPORTING DOCUMENTS: Client Confidentiality Policy, Security, Maintenance and Retention of Client Files


5170 Dixie Road, Suite 302
Mississauga, ON L4W 1E3

Phone: 905-629-1007

PAARC Non-Discrimination Policy

PAARC does not and shall not discriminate on the basis of race, color, religion (creed), national origin (ancestry), Canadian citizenship status, gender, gender expression, sexual orientation, disability, age, marital status, or military status in any of its activities or operations. These activities include, but are not limited to, hiring and involuntary termination of staff, selection of volunteers and vendors, and provision of services. We are committed to providing an inclusive and welcoming environment for all members of our staff, clients, volunteers, subcontractors, vendors, and clients.

AccessibilityPrivacy & PoliciesClient Rights & Responsibilities Logo for the Canadian Centre for Acreditation