Privacy Policy

INNOVIM Privacy Policy & HIPAA Compliance

Last Modified: April 6, 2026

The INNOVIM practice and procedure are to safeguard personal employee information in its possession to ensure its confidentiality. Additionally, the company will collect only the personal information required to conduct its business operations and comply with government reporting and disclosure requirements.

1. Collection of Personal Information

Personal information collected by the company includes, but is not limited to:

  • Employee names and addresses
  • Telephone numbers and e-mail addresses
  • Emergency contact information
  • EEO data and Social Security numbers
  • Date of birth
  • Employment eligibility data
  • Benefits plan enrollment information
  • Dependent personal information
  • Certification and education credentials

2. Data Security and Access Control

Access to sensitive personal information within our Ultipro HRIS System (such as dates of birth and Social Security numbers) is strictly restricted via Multi-Factor Authentication (MFA). Access is granted only to administrators responsible for payroll, benefits, and essential HR handling.

All hard copy records are maintained in locked, secure areas. Electronic transmissions and business system applications are safeguarded under company proprietary electronic transmission and intranet policies and security systems.

3. HIPAA Compliance and Healthcare Providers

INNOVIM maintains privacy policy agreements with our healthcare and life insurance providers. These providers acknowledge their responsibility under the Health Insurance Portability and Accountability Act (HIPAA) to maintain the privacy of employees’ personal information and to ensure data is disseminated only through secure media.

4. Proprietary Company Information

Company-assigned information—including organizational charts, department titles, staff charts, job titles, department budgets, and company coding systems—is considered proprietary company information for internal purposes only. The company maintains the right to distribute such information as necessary to conduct business operations.

5. Permissible Disclosures (Standard of Reasonableness)

The following instances of information sharing are considered standard business operations and do not constitute a breach of confidentiality:

  • Service Recognition: Sharing partial birth dates (month/day) or service anniversaries with department heads for employee recognition.
  • Operations: Distributing telephone numbers or e-mail addresses to department heads to facilitate work schedules.
  • Administration: Sharing identifier information for salary planning, budget reviews, and timekeeping purposes.
  • Benefits: Distributing employee and dependent information during open enrollment or for benefit statement updates.

6. Reporting Breaches

If an employee becomes aware of a material breach in maintaining the confidentiality of personal information, the incident should be reported immediately to a representative of the Human Resources Department. HR will investigate the incident and take necessary corrective action based on a standard of reasonableness.

Contact Information

For questions regarding this policy or to report a privacy concern, please contact:

INNOVIM, LLC.
Attn: Human Resources
8403 Colesville Rd, Suite 1100
Silver Spring, MD 20910
Phone: 240-800-7786
Email: info@innovim.com