TMS Associates Privacy and HIPAA Policies

At TMS Associates, we take the process of respecting and protecting privacy seriously

In a world where privacy is increasingly at risk, we recognize the significance of safeguarding personal information entrusted to us. No other talent advisory, career advisory, or recruitment firm goes to greater lengths than TMS Associates to protect your data. We are committed to maintaining the highest standards of security and privacy throughout every step of the recruitment and advisory process.

Our policy reflects our dedication to complying with state privacy laws and the General Data Protection Regulation (GDPR) and outlines our careful approach to ensuring your information is safe.

Scope of Policy

This policy applies to all personal information collected by TMS Associates during our recruitment, talent advisory, and career consultation services. We comply with the applicable privacy laws in the states where we operate, including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and others mentioned below, as well as GDPR for our interactions with EU residents.

Information We Collect

We collect and process personal data, including but not limited to:

  • Contact details (name, email, phone number)

  • Professional and employment history

  • Educational background

  • Any other information you provide as part of the recruitment process

We do not collect or store Protected Health Information (PHI) or other sensitive patient information regulated under HIPAA.

Compliance with Privacy Laws

TMS Associates adheres to the privacy regulations of various U.S. states where we operate, including:

  • California: California Consumer Privacy Act (CCPA)

  • Colorado: Colorado Privacy Act (CPA)

  • Connecticut: Connecticut Data Privacy Act (CTDPA)

  • Florida: Florida Digital Bill of Rights (FDBR)

  • Indiana: Indiana Consumer Data Protection Act (ICDPA)

  • Iowa: Iowa Consumer Data Protection Act (ICDPA)

  • Maine: Maine Act to Protect the Privacy of Online Consumer Information (MAPP-OCI)

  • Montana: Montana Consumer Data Protection Act (MCDPA)

  • Nevada: Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA)

  • Oregon: Oregon Consumer Privacy Act (OCPA)

  • Tennessee: Tennessee Information Protection Act (TIPA)

  • Texas: Texas Data Privacy and Security Act (TDPSA)

  • Utah: Utah Consumer Privacy Act (UCPA)

  • Virginia: Virginia Consumer Data Protection Act (VCDPA)

General Data Protection Regulation (GDPR)

For interactions with EU residents, TMS Associates adheres to GDPR, ensuring personal data protection. EU residents have the right to:

  • Access their personal information

  • Request correction or deletion of their data

  • Opt-out of data processing or transfer

  • Request data portability

Our Stance on HIPAA

TMS Associates does not collect or store patient health information or PHI regulated by the Health Insurance Portability and Accountability Act (HIPAA). As a recruitment and advisory firm, our services focus on talent acquisition and advisory for healthcare professionals and organizations, but we do not handle healthcare data related to patient care.

Since we do not process or maintain PHI, TMS Associates is not subject to HIPAA’s privacy rules. However, we ensure that all personal information we collect from healthcare professionals and clients is securely handled and protected according to applicable privacy laws.

Data Protection and Security

We take data security seriously and have implemented industry-standard measures to protect your personal information from unauthorized access, alteration, or disclosure. These include encryption, access control, and regular security assessments.

Monitoring Emerging Privacy Laws

TMS Associates is actively monitoring the development of privacy laws across various states. As these laws come into effect, we are committed to ensuring full compliance. Below is a list of state privacy laws, some of which are already in place, while others are still in progress:

  • California: California Consumer Privacy Act (CCPA)

  • Colorado: Colorado Privacy Act (CPA)

  • Connecticut: Connecticut Data Privacy Act (CTDPA)

  • Florida: Florida Digital Bill of Rights (FDBR)

  • Indiana: Indiana Consumer Data Protection Act (ICDPA)

  • Iowa: Iowa Consumer Data Protection Act (ICDPA)

  • Maine: Maine Act to Protect the Privacy of Online Consumer Information (MAPP-OCI)

  • Massachusetts: Massachusetts Information Privacy Act (MIPA) (Proposed)

  • Montana: Montana Consumer Data Protection Act (MCDPA)

  • Nevada: Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA)

  • New York: New York Privacy Act (NYPA) (Proposed)

  • Oregon: Oregon Consumer Privacy Act (OCPA)

  • Tennessee: Tennessee Information Protection Act (TIPA)

  • Texas: Texas Data Privacy and Security Act (TDPSA)

  • Utah: Utah Consumer Privacy Act (UCPA)

  • Virginia: Virginia Consumer Data Protection Act (VCDPA)

  • Washington: Washington Privacy Act (WPA) (Proposed)

As these and other privacy laws are enacted, TMS Associates will fully integrate the necessary protections and obligations into our privacy practices, ensuring that we continue to protect your personal information in compliance with all applicable regulations.

Your Privacy Rights

At TMS Associates, we prioritize your privacy and want to ensure transparency in how your personal information is used. We do not sell your personal information to third-party companies or external entities. Your data is handled carefully and used solely for our recruitment and career advisory services.

How We Use Your Information:

  • We collect and use your personal information strictly to help you improve career outcomes and or match you with potential employers as part of the recruitment process.

  • Your personal information will only be shared with potential employers when you explicitly provide permission, ensuring that your data is only used in line with your career interests.

  • TMS Associates may also use your contact details to communicate with you about potential career opportunities, updates, and advisory services that align with your professional goals.

Your Rights Include:

  • Access: You can request access to the personal information we collect about you.

  • Correction: You may request corrections or updates to your personal information if it is inaccurate or incomplete.

  • Deletion: You can request the deletion of your data from our records, except where its retention is required by law or necessary for ongoing services.

  • Opt-out: You can opt out of receiving communications from us about talent success, career success, career options, etc.

If you wish to exercise any of these rights or have concerns about how your personal information is handled, don't hesitate to contact us.

Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy or as required by law. If your information is no longer required, we will securely delete or anonymize it to protect your privacy.

Cookies and Tracking Technologies

Our website uses cookies and other tracking technologies to improve user experience, gather analytics, and enhance the performance of our website. You can control the use of cookies through your browser settings and opt out if desired.

Third-Party Service Providers

We use third-party service providers to support our recruitment and advisory services (e.g., cloud storage and communication platforms). These world-class providers are vetted to ensure they comply with the same data protection standards we adhere to under applicable privacy laws.

International Data Transfers

If your personal information is transferred outside of your home country, we ensure that appropriate safeguards, such as standard contractual clauses or other legally recognized mechanisms, are in place to protect your data during international transfers.

Dispute Resolution

If you have any concerns or complaints regarding your privacy, please contact us. If you are dissatisfied with our response, you may have the right to escalate the matter to your jurisdiction's relevant data protection authority.

Updates to This Policy

We update this policy periodically to reflect changes in privacy laws or our business practices. We encourage you to review this policy regularly.

Contact Us

Please contact us for any questions regarding this policy or to exercise your privacy rights.