Privacy Policy

INNOVIM Privacy Policy & HIPAA Compliance

The INNOVIM practice and procedure is to safeguard personal employee information in its possession to ensure the confidentiality of the information. Additionally, the company will only collect personal information that is required to pursue its business operations and to comply with government reporting and disclosure requirements.

Personal information collected by the company includes employee names, addresses, telephone numbers, e-mail addresses, emergency contact information, EEO data, social security numbers, date of birth, employment eligibility data, benefits plan enrollment information, which may include dependent personal information, and school/college or certification credentials. All pre-employment inquiry information and reference checking records conducted on employees and former employee files are maintained in locked, segregated areas and are not used by the company in the course of its business operations.

Access to such personal information in our Ultipro HRIS System such as dates of birth and social security numbers, is restricted by Multi-Factor Authentication and accessible to only those administrators responsible for handling such information, payroll and benefits. 

Personal employee information will be considered confidential and as such will be shared only as required and with those who have a need to have access to such information. All hard copy records will be maintained in locked, secure areas with access limited to those who have a need for such access. Personal employee information used in business system applications will be safeguarded under company proprietary electronic transmission and intranet policies and security systems. Participants in company benefit plans should be aware that personal information will be shared with plan providers as required for their claims handling or record keeping needs.

Company-assigned information, which may include organizational charts, department titles and staff charts, job titles, department budgets, company coding and recording systems, telephone directories, e-mail lists, company facility or location information and addresses, is considered by the company to be proprietary company information to be used for internal purposes only. The company maintains the right to communicate and distribute such company information as it deems necessary to conduct business operations.

INNOVIM has privacy policy agreements from hits healthcare and life insurance providers in which they acknowledge the responsibility under HIPAA to maintain the privacy of employees’ personal information and to take measures to ensure it is maintained securely and disseminated only under secure media.

If an employee becomes aware of a material breach in maintaining the confidentiality of any personal information, the employee should report the incident to a representative of the human resources department. The human resources department has the responsibility to investigate the incident and take corrective action. Please be aware that a standard of reasonableness will apply in these circumstances. Examples of the release of personal employee information that will not be considered a breach include the following:

  • Release of partial employee birth dates, i.e., day and month is not considered confidential and will be shared with department heads who elect to recognize employees on such dates.
  • Personal telephone numbers or e-mail addresses may be distributed to department head in order to facilitate company work schedules or business operations.
  • Employee identifier information used in salary or budget planning, review processes and for timekeeping purposes will be shared with department heads.
  • Employee’s company anniversary or service recognition information will be distributed to appropriate department heads periodically.
  • Employee and dependent information may be distributed in accordance with open enrollment processes for periodic benefit plan changes or periodic benefits statement updates.