Privacy Policy
Effective Date: January 1, 2026 | Last Updated: January 1, 2026
Valiant Lifecare (VLMS Global) ("we," "us," "our") operates the VLMS HR & Talent Portal ("the Platform") available at hr.valiantlifecare.com. This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use the Platform. By accessing or using the Platform, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Platform.
HIPAA Notice: Valiant Lifecare operates as both a Covered Entity and a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Where applicable, our handling of Protected Health Information (PHI) is governed by our separately maintained HIPAA Notice of Privacy Practices, available upon request at hr@valiantlifecare.com.
1. Information We Collect
We collect the following categories of personal information:
- Account Information: Name, email address, password (hashed), date of birth, and account type (candidate, employee, administrator).
- Professional Credentials: AAPC and AHIMA member IDs, certification types, expiration dates, credential verification status, and work history.
- Employment Application Data: Resume, work history, skills assessments, coding accuracy test results, references, and interview notes.
- Learning Data: CEU course enrollment and completion records, assessment scores, and certificates earned through the Platform.
- HRIS Data (for employees): Job title, department, compensation information, performance review data, time and attendance records, and onboarding/offboarding documentation.
- Compliance Data: HIPAA training completion status, OIG exclusion check results, and mandatory compliance record logs.
- Technical Data: IP address, browser type, device information, access timestamps, and session data collected automatically when you use the Platform.
- Communications: Messages sent through the Platform, support tickets, and email correspondence with our team.
2. How We Use Your Information
We use the information collected for the following purposes:
- To create and manage your account and verify your identity
- To process job applications and facilitate the recruitment process
- To verify professional credentials with AAPC and AHIMA directly
- To deliver CEU courses, track progress, and issue completion certificates
- To conduct OIG exclusion and background checks as required for healthcare workforce compliance
- To comply with HIPAA workforce training and compliance obligations
- To send transactional communications (application status updates, password resets, verification emails)
- To improve the Platform through aggregate analytics and usage data
- To detect, prevent, and respond to fraud or security incidents
3. Protected Health Information (PHI) Handling
Valiant Lifecare may come into contact with Protected Health Information in the context of credential verification, coding work samples, and EHR access required for job performance assessment. All PHI is handled in strict compliance with the HIPAA Privacy Rule (45 CFR Part 164) and Security Rule. Specifically:
- PHI access is role-based and limited to the minimum necessary for the stated purpose
- PHI is never used for marketing or shared with unauthorized third parties
- All staff with PHI access complete annual HIPAA training tracked through the Platform
- PHI transmitted through the Platform is encrypted in transit (TLS 1.2 minimum) and at rest (AES-256)
- Breach notification procedures comply with 45 CFR §164.400–414
4. Third-Party Sharing
We do not sell your personal information. We share information only in the following circumstances:
- Employer Partners: With your explicit consent, your candidate profile may be shared with healthcare organisations actively recruiting on the Platform.
- Credentialing Bodies: We share credential IDs with AAPC and AHIMA for verification purposes.
- Compliance Services: OIG/SAM exclusion check services receive name and date of birth for screening.
- Service Providers: Vendors who assist us in operating the Platform (cloud hosting, email delivery, analytics) under strict data processing agreements.
- Legal Requirements: When required by law, court order, or government regulation, including CMS and HHS oversight activities.
5. Cookies and Tracking Technologies
The Platform uses cookies and similar technologies as described in our Cookie Policy. Essential cookies are required for Platform functionality. Analytics cookies are optional and governed by your browser settings. We use Google Fonts (loaded from Google's CDN), which may result in your IP address being transmitted to Google.
6. Data Retention
We retain personal information for as long as your account is active, plus an additional period as required by healthcare workforce compliance obligations. Specifically: employment application data is retained for 7 years in compliance with federal record retention requirements; HIPAA training records are retained for 6 years per 45 CFR §164.530(j); credential verification records are retained for the duration of employment plus 5 years. You may request deletion of non-compliance personal information by contacting us.
7. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- CCPA (California residents): Right to know, right to delete, right to opt out of sale (we do not sell data), and right to non-discrimination.
- GDPR (EEA residents): Right of access, rectification, erasure, restriction of processing, data portability, and right to object.
- All users: Right to access your account data through the Platform dashboard; right to update inaccurate information; right to request account deletion (subject to legal retention requirements).
To exercise any of these rights, contact us at privacy@valiantlifecare.com. We will respond within 30 days.
8. Data Security
We implement industry-standard technical and organisational security measures including: TLS 1.2+ encryption for all data in transit, AES-256 encryption for data at rest, role-based access controls, multi-factor authentication for all administrative access, annual third-party penetration testing, and SOC 2 Type II compliance certification.
9. Children's Privacy
The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, contact us immediately at hr@valiantlifecare.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and posted on the Platform with a revised effective date. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.
11. Contact for Privacy Requests
For privacy-related questions, requests, or to report a potential privacy concern:
- Email: privacy@valiantlifecare.com
- Phone: +1 (800) 555-1234 (select option 3 for Privacy)
- Mail: Valiant Lifecare — Privacy Officer, 1000 Healthcare Blvd, Suite 400, Wilmington, DE 19801