Scope: to clarify the process for managing digital information obtained during the recruitment process. 


Policy: Medical Home Alliance, LLC dba IMA Medical Group (IMA) is committed to protecting the privacy and confidentiality of individuals applying for employment. This policy outlines how we collect, use, retain, and protect personal data during the Recruitment Process in accordance with relevant law. This policy ensures transparency, supports compliance, and fosters trust with Applicants.
 

Definitions:

1. Personal Information: any information that can be used to identify an individual, including, but not limited to:

  • Name
  • Contact details
  • Employment history
  • Professional certification or license numbers
  • Social Security Number
  • Driver’s license or other identification numbers
  • Criminal history
  • Driver's license history checks
  • Financial information
  • Medical history

2. Recruitment Process: activities conducted to recruit, assess, and make hiring decisions regarding job Candidates/Applicants.

3. Candidate/Applicant: Any individual who applies for employment at IMA.

4. System Breach: is unauthorized access to IMA’s Human Resource Information System (HRIS), which contains Personal Information of current employees and job Candidates/Applicants. 

5. Third-Party Systems: means an entity that is utilized by IMA to maintain, store, or process Personal Information on behalf of IMA. 


Procedure: 

During the Recruitment Process, a Candidate/Applicant may provide IMA with Personal Information to facilitate the process. This information is then used to:

  • Evaluate your qualifications for a current or future employment role
  • To communicate with you about job applications, interviews, and outcomes
  • To perform background checks and verify employment credentials, as needed
  • To support equal opportunity and workforce initiatives
  • To meet regulatory and legal obligations
     

We may also use anonymized or aggregated data for internal reporting, workforce tracking, or recruiting analytics.
 

How We Share Information

We may share your Personal Information with the following, only as necessary:

  • HR personnel and internal hiring managers
  • Verified Third-Party Systems, such as background check providers or recruitment tools
  • Legal or regulatory bodies, when required by law
     

We do not sell or use your information for marketing.
 

Data Retention and Disposal

Your Personal Information will be retained only as long as needed to fulfill recruitment purposes or to comply with applicable laws. If you are not selected for a position, we may retain your information for future opportunities unless you request deletion. When disposal is required, information is destroyed securely (e.g., through permanent deletion or anonymization).

A Candidate/Applicant may request that their information be deleted by contacting the IMA Recruiting department at IMARecruitingTeam@inhealthmd.com.
 

Security Measures
We take reasonable administrative, technical, and physical steps to safeguard your information against unauthorized access or misuse. These include restricted HR access, using secure application platforms, enabling firewalls, strong password requirements, multifactor authentication, where applicable, and encrypted data storage, where applicable. 


In the event of a breach, we will:

  • Notify all individuals affected by the breach within 30 days from the date of breach notification. 
  • If warranted by the extent of the breach, provide those affected by the breach with one year of identity theft protection services at no cost to the affected individual(s). 
  • Partner with our internal IT team to conduct a thorough investigation of the breach to understand how the breach occurred and what can be done to prevent future vulnerabilities. Then, implement any required preventive measures to secure our systems. 
  • Contact the appropriate government authorities to disclose the breach as required by regulation and law. 
  • Please be aware that a standard of reasonableness will apply in these circumstances. Examples of the release of information that will not be considered a breach include the following: 
  • Release of partial employee birth dates, i.e., day and month, is not considered confidential. 
  • Release of partial personal telephone numbers or e-mail addresses.
  • Release of partial or masked Social Security numbers 

Policy Updates

We may update this policy from time to time to reflect legal or operational changes. Updates will be posted on our careers website.

References(s): 

1. Employment Background Checks and Drug Screening Policy

Authority: 

1. The Florida Information Protection Act

Original creation date: 06/06/2025

 


The electronic version of this policy is considered to be the most up-to-date version. Printed copies are considered uncontrolled documents. Before using a printed copy, verify that it is the most up-to-date version.