Our Privacy Commitment to You and Your Family
Communicating Together Therapy & Wellness Associates is a private pediatric speech-language pathology clinic in Waterloo, Ontario. We understand that the privacy and security of you and your family’s Personal Health Information (PHI) is essential to building a safe and trusting therapeutic relationship.
Under Ontario’s privacy laws, PHI is identifying information about an individual that relates to their physical or mental health, the provision of healthcare, or payments for that care. We are committed to ensuring that safeguarding this information is a fundamental part of our daily practice.
1. What Information We Collect and Why
We only collect the PHI that is necessary to provide high-quality healthcare and to manage our clinic operations. This includes:
- Identification & Contact Details: We collect names, dates of birth, and addresses to accurately identify the client and communicate with parents or guardians.
- Clinical & Developmental History: We collect assessment results, health history, and clinical progress notes to create safe and effective treatment plans tailored to each client and their family’s needs.
- Care Team Coordination: We collect the names of other health providers to collaborate with each client’s care team (with your express consent), facilitating a coordinated approach.
- Financial & Payment Information: We collect information necessary to process payments for services, such as billing contact details and payment history. To protect your privacy, credit card data is handled through secure, encrypted payment processing and is not stored directly on our clinical systems.
- Compliance & Professional Standards: We collect and maintain records to comply with legal and regulatory requirements, such as those set by provincial legislation and our regulatory college, the College of Audiologists and Speech-Language Pathologists of Ontario (CASLPO). This ensures the clinic meets the professional standards for record-keeping and audit purposes.
2. How We Protect Your Information
We use a multi-layered approach to keep your data secure through technical, administrative, and physical safeguards:
- Secure Storage & Canadian Residency: All clinical health records are stored in Jane App, a secure health record platform that maintains System and Organization Controls (SOC 2). This means they undergo independent third-party audits to verify they meet high-level security and privacy standards. All core health records are stored “at rest” on servers located in Canada. You can review their commitments in the Jane App Privacy Notice.
- Secure Payment Processing: We utilize Jane Payments (powered by Stripe) to handle financial transactions safely. This system is PCI-DSS compliant, adhering to global security standards to protect your payment information. Your full credit card information is never stored on our clinic’s local devices; instead, it is protected through a process called “tokenization”. You can learn more about these Payment Security Standards here.
- Cloud Operations: While your primary records and emails stay “at rest” in Canada, we use professional-grade cloud services (Microsoft 365 for services such as email and word processing) which may utilize secure global networks to safely route your encrypted data during login or transmission.
- Encryption: We use professional-grade encryption to safeguard your information, making it unreadable to unauthorized parties during storage and transmission.
- Technical Safeguards: We use mandatory multi-factor authentication (MFA) and/or biometric locks (such as fingerprint or FaceID) on all clinical devices to protect against unauthorized access.
- Physical Security: Clinical devices and paper documents are stored in secure, private locations. In the clinic, this includes protection by a professional security system, while all secondary locations utilize locked, restricted access and full-disk encryption to protect information.
3. Your Privacy Rights
Under the Personal Health Information Protection Act (PHIPA), you (or your child, if they are deemed capable) have the following rights:
- Access and Correction: You have the right to submit a formal request to view or receive a copy of your child’s health record if you are the authorized decision-maker (such as a Substitute Decision-Maker for a non-capable child). If a child is deemed “capable” under PHIPA, they exercise these rights independently.
- Timelines and Process: We act on all formal requests in accordance with PHIPA requirements, which include certain legal exceptions and a standard 30-day response window.
- Factual Corrections: The authorized person may request a correction to factual information (such as a misspelled name or incorrect date) if they believe the record is inaccurate or incomplete.
- Informed Consent: The authorized person has the right to know why we collect information and can refuse, limit, or withdraw consent at any time, subject to legal or professional obligations.
- Inquiries and Breach Notification: The authorized person may ask questions about our privacy practices and has the right to be notified if the child’s information is stolen, lost, or accessed without authority.
4. How to Contact Us
If you have questions or wish to exercise your privacy rights, please contact our designated Privacy Officer:
Rhonda MacKinnon, M.Sc., SLP(C), Reg. CASLPO
Clinic Owner / Speech-Language Pathologist
Address: 490 Dutton Drive, Unit B12, Waterloo, ON, N2L 6H7
Phone: (519) 279-0463
Online: To send a message, please visit our Contact Page.
5. If You Still Have Concerns
If we are unable to resolve your concern, you have the right to reach out to the provincial regulator:
Office of the Information and Privacy Commissioner of Ontario (IPC)
2 Bloor Street East, Suite 1400, Toronto, Ontario, M4W 1A8
Telephone: (416) 326-3333 | Toll-Free: 1 (800) 387-0073 | Website: www.ipc.on.ca
Last Updated: May 12, 2026