Privacy Policy

CFCS uses a small number of approved technology platforms to support clinical documentation, administration, and communication. All platforms that handle personal health information (PHI) are reviewed for compliance with PHIPA and PIPEDA before use, and staff are trained on the appropriate use of each tool.

The following platforms are currently approved for use at CFCS:

Jane App – Clinical and Practice Management

Jane App is our primary practice management system. It is used for client scheduling, intake forms, session notes, billing, and secure messaging. All client health records are stored and maintained in Jane. Jane is a Canadian platform and stores data on servers located in Canada.

Staff access to Jane is role-based. Therapists may only access records for clients they are directly working with. Intake staff have access limited to scheduling and administrative functions. Unauthorized access to client records is a serious breach of this policy and will result in disciplinary action. All staff must sign out of Jane at the end of every session or work period, regardless of whether they are using a clinic device or a personal device.

Klarify – AI-Assisted Session Documentation

Klarify is an AI-assisted note-taking platform used by therapists to support session documentation. It listens to a therapy session and generates a draft summary. The therapist reviews and edits this summary to write the official session note in Jane. The audio recording is deleted automatically after the draft is created. Session transcripts and notes stored within Klarify are deleted by the therapist once the final note has been entered into Jane.

Privacy safeguards

• Therapists must use their CFCS-issued Klarify account credentials at all times. Personal accounts are not permitted under any circumstances.
• Therapists must sign out of Klarify at the end of every session or work period. This applies whether using a clinic device or a personal device.
• When using a personal device, therapists must ensure the device is password-protected, that no session files are downloaded or saved locally, and that no other household members can access the device during or after a session.
• All data processed by Klarify is hosted on servers located in Canada. No client data leaves Canada.
• Client data is never used to train AI models.
• Klarify complies with PHIPA (Ontario) and PIPEDA (federal) privacy requirements.
• Only client initials are entered into Klarify. Full names are never used.
  
  

Client consent

Clients must provide informed consent before Klarify is used in any session. Consent is obtained in advance of the first session and confirmed verbally at the start of that session. Clients are informed that the tool is optional, that the audio recording is deleted after the draft summary is created, and that only the final therapist-authored note is retained in their health record. Clients may withdraw consent at any time, including mid-session.

Consent decisions, whether a client agrees or declines, are documented in the client’s file in Jane.

Couples, family, and group therapy

All individuals participating in a session must provide individual consent before Klarify can be used. If any participant declines, traditional note-taking is used for that session. For sessions involving minors, consent from a parent or guardian is required, along with age-appropriate assent from the minor where applicable. Therapists must consult with the Clinical Director before using Klarify in group therapy settings.

Special circumstances

Klarify is not used for crisis interventions, forensic assessments, or court-ordered sessions. Therapists must also consult with the Clinical Director before using Klarify with clients whose capacity to consent may be in question.

Staff obligations

Therapists using Klarify are required to complete Cornerstone’s Klarify training before use, obtain and document client consent prior to every first use, review all AI-generated content before writing the final note, delete all session files from Klarify immediately after the Jane note is finalized, and report any technical issues, inaccurate summaries, or client concerns to the Managing Director or Clinical Director. Klarify’s privacy policy is available at https://www.klarify.ca/privacy-policy. Clients or staff with questions about how Klarify is used at CFCS should contact the Privacy Officer.

Microsoft 365 – Administrative and Communication Tools

CFCS uses Microsoft 365 (including Outlook, Word, and Teams) for internal communications, document drafting, and administration. These tools are used for operational and administrative purposes only. Personal health information is not to be stored in Microsoft 365 environments, drafted in Word documents, or transmitted via Outlook unless it is appropriately secured and is necessary for a legitimate administrative or clinical purpose.

Staff must not use personal Microsoft accounts or personal email addresses to conduct CFCS business or handle any client information. When working from a personal device, staff must sign out of all CFCS platforms at the end of each work period and must not store any client information locally on the device.

Generative AI Tools

CFCS may use generative AI tools (such as AI writing assistants) for administrative and communications tasks, including drafting internal documents, policy templates, staff communications, and marketing content. These tools are used at the administrative level only.

The following rules apply to all generative AI tool use:

• Personal health information (PHI) must never be entered into a generative AI tool. This includes client names, session content, case notes, intake information, or any identifying details.
• Generative AI tools may be used to draft non-clinical content such as policy documents, staff handbooks, website copy, and communications materials, provided no PHI is involved.
• Only clinic-approved tools may be used for work-related tasks. Staff must not use personal AI accounts to conduct CFCS business.
• All AI-generated content used in official CFCS documents, communications, or policies must be reviewed and approved by the appropriate staff member before use. AI output is a drafting aid, not a final work product.
  
  

Failure to comply with these rules is a violation of this policy and may result in disciplinary action and regulatory reporting.

Website and Online Communications

The CFCS website uses a live chat tool (Tawk.to) to respond to inquiries from the public. This tool is used for general intake and information purposes only. Staff must not request or collect PHI through the live chat function. Disclosures about the use of this tool are available on our website.