VIMSA HOME CARE SERVICE ("VIMSA", "we", "us", "our"), is committed to protecting the privacy, confidentiality, and security of personal information entrusted to us.
This Privacy Code of Conduct and Privacy Policy (the "Policy") sets out how VIMSA HOME CARE SERVICE collects, uses, discloses, stores, monitors, and safeguards personal and confidential information in the course of providing workforce recruitment, staffing, non-medical home care services, and operating the VIMSA digital platform.
⚠️ Compliance with this Policy is mandatory.
1
SCOPE AND APPLICATION
This Policy applies to:
Employees & Staff
All VIMSA HOME CARE SERVICE employees (permanent, temporary, casual)
Healthcare Professionals
Personal Support Workers (PSWs), caregivers, and healthcare professionals
Contractors
Independent contractors and agency staff
Clients & Representatives
Clients and their authorized representatives
Healthcare Organizations
Healthcare organizations, facilities, and institutional partners
Platform Users
Users of the VIMSA platform, applications, and communication tools
All employees and contractors must acknowledge this Policy upon onboarding and re-acknowledge it annually.
2
LEGAL AND REGULATORY FRAMEWORK
VIMSA HOME CARE SERVICE operates within Canada and complies with applicable privacy and data protection laws, including:
• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Alberta Personal Information Protection Act (PIPA)
• Alberta Health Information Act (HIA) where acting as an Affiliate
• Applicable provincial privacy legislation in other jurisdictions
• Contractual privacy and confidentiality obligations with healthcare organizations
• Professional regulatory, ethical, and confidentiality standards applicable to healthcare workers
Where VIMSA HOME CARE SERVICE engages in international recruitment or cross-border data flows, we apply privacy protections equivalent to Canadian standards.
3
GUIDING PRIVACY PRINCIPLES
VIMSA HOME CARE SERVICE's privacy practices are guided by the following principles:
Accountability
VIMSA HOME CARE SERVICE is responsible for personal information under its control
Identifying Purposes
Information is collected only for legitimate and identified purposes
Consent
Meaningful consent is obtained unless otherwise permitted by law
Limiting Collection
Only information necessary for operations is collected
VIMSA HOME CARE SERVICE does not intentionally collect or store patient medical records, except where it directly impacts care delivery on a need-to-know basis.
VIMSA HOME CARE SERVICE acts as an Affiliate, not a Custodian, under HIA unless otherwise specified by contract.
5
PLATFORM COMMUNICATIONS & MONITORING
Consent to Monitoring
By using the VIMSA platform:
• Employees and contractors consent to VIMSA HOME CARE SERVICE accessing, reviewing, and auditing platform communications for quality assurance, safety monitoring, dispute resolution, and compliance
• Clients consent to VIMSA HOME CARE SERVICE accessing communications with caregivers for the same purposes
⚠️ Platform communications should not be considered private or personal chat services.
6
INFORMATION SHARING BETWEEN PARTIES
Employee Info Shared with Clients
Limited information only where necessary:
• First name, phone number (if required)
• Photograph for identification
• Credentials or role confirmation
Client Info Shared with Employees
Only necessary information:
• Name and address
• Care requirements
• Emergency contacts, safety considerations
7
PRIVACY OBLIGATIONS OF EMPLOYEES & CONTRACTORS
Employees and contractors must:
✓ Provide accurate and up-to-date information
✓ Protect confidential and personal information
✓ Use VIMSA HOME CARE SERVICE systems only for authorized purposes
✓ Access information strictly on a need-to-know basis
✓ Not copy, store, photograph, or remove information without authorization
✓ Immediately report suspected privacy breaches
8
VIMSA HOME CARE SERVICE'S OBLIGATIONS
• Collecting only necessary personal information
• Using information solely for identified purposes
• Restricting internal access to authorized personnel
• Maintaining secure digital systems with audit capabilities
• Providing individuals with access to their personal information upon request
• Correcting inaccurate information promptly
9
SAFEGUARDS
Administrative
• Privacy training
• Confidentiality agreements
• Access controls
Technical
• Secure cloud infrastructure
• Encryption
• Multi-factor authentication
Physical
• Secure offices
• Controlled access
10
DISCLOSURE OF INFORMATION
Personal information may be disclosed:
• With consent
• To clients or institutions for legitimate staffing purposes
• To regulators, licensing bodies, or insurers as required
• Where required by law or court order
VIMSA HOME CARE SERVICE does not sell personal information.
11
RETENTION & DESTRUCTION
Information is retained only as long as necessary to meet legal, regulatory, and contractual obligations or resolve disputes. When no longer required, information is securely destroyed or anonymized.
12
BREACH MANAGEMENT
Any actual or suspected privacy breach must be reported immediately.
VIMSA HOME CARE SERVICE will:
• Investigate the incident
• Conduct a "Real Risk of Significant Harm" assessment
• Notify affected individuals and regulators where required
• Implement corrective measures
Failure to report breaches may result in disciplinary action.
13
ARTIFICIAL INTELLIGENCE & AUTOMATED SYSTEMS
The VIMSA platform may use automated tools to assist with workforce matching, scheduling, and operations.
VIMSA HOME CARE SERVICE commits to fairness, transparency, non-discrimination, ongoing monitoring for bias, and human oversight of significant decisions.
14
NON-COMPLIANCE & DISCIPLINE
Violation of this Policy may result in:
• Disciplinary action up to termination
• Contract termination
• Reporting to regulatory bodies
• Legal action where applicable
15
SOCIAL MEDIA, PHOTOGRAPHY & VIDEO RECORDING
To protect client privacy, dignity, and confidentiality, the use of social media and the taking of photographs, audio recordings, or video recordings at a client's residence or during service delivery is strictly prohibited, except where expressly authorized in writing.
15.1 Prohibition
Employees, contractors, and caregivers must not:
• Take photographs, videos, or audio recordings of clients, family members, homes, or belongings
• Share or post any content related to clients or service locations on social media
• Capture or share images that could identify a client or their residence
15.2 Limited Exceptions
Photography or recording is permitted only if:
• Explicit written consent is obtained
• The purpose is clearly defined
• VIMSA-approved systems are used
• Content is not shared externally
15.3 Use of Personal Devices
The use of personal mobile phones or devices to capture client-related images, videos, or audio is strictly prohibited unless expressly authorized in writing by VIMSA.
15.4 Breach and Consequences
Any violation may result in:
• Immediate removal from client assignment
• Disciplinary action, including termination
• Reporting to regulatory bodies
• Legal action
⚠️ Any accidental capture, loss, or unauthorized disclosure must be reported immediately to VIMSA management.