Last Updated: 08-18-2023
FORVIS, LLP collects and processes personal data including personal identifiable information in the normal course of business in providing accounting and consulting services primarily to the healthcare and banking industries. FORVIS, LLP does not in the normal course of business disclose such personal information to third parties.
TALENT SHIFT, LLC collects and processes personal data including personal identifiable information in the normal course of business in providing professional services work opportunities primarily in Advisory, Assurance, or Tax. TALENT SHIFT, LLC does not in the normal course of business disclose such personal information to third parties. TALENT SHIFT, LLC is a subsidiary of FORVIS, LLP.
We, individually and as a firm, abide by the ethical requirements of the American Institute of Certified Public Accountants and its Code of Professional Conduct. Per Rule 301 of the Code of Professional Conduct, we are prohibited from disclosing any confidential information obtained in the course of a professional engagement. In accordance with these professional standards, our Tax Quality Control Policies and Procedures also require treating all client information as confidential. The standards of confidentiality of our profession and FORVIS, LLP (FORVIS) impose a higher privacy standard than that mandated by federal legislation such as the Gramm-Leach-Bliley Act of 1999 (GLB Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as supplemented by the Health Information Technology for Economic and Clinical Health Act of 2008 (HITECH). Our privacy procedures adequately address the provisions of these laws. However, our privacy protection procedures apply not only to nonpublic personal information (covered by the GLB Act) but also to all client information in our possession, held either directly by us or indirectly through outside service providers. There is a definitional distinction between “privacy” and “confidentiality.” In the document entitled “AICPA/CICA Privacy Framework, revised March 22, 2004,” privacy is defined as the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information. Privacy, thus, concerns the control by individuals over their personal information. Confidentiality, typically, is about keeping any client information (personal or business) from being disclosed to unauthorized persons and can be required by contractual arrangements or ethical considerations. As applied by our firm, our clients have a right (except in limited circumstances defined later) to control access to their personal and business information in our possession. We have a responsibility to protect the confidentiality of all such information. Thus, our use of the term “confidentiality” encompasses protecting the privacy of personal information and the confidentiality of all client information in our possession. We also extend the procedures outlined in this privacy program to personal information of our partners, directors, and employees. As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) issued what is known as the Safeguards Rule. This rule requires financial institutions under FTC jurisdiction to adequately protect customer records and information. FORVIS meets the definition of being a “financial institution” because the FTC privacy provisions apply to businesses that are "significantly engaged" in "financial activities." These activities include providing financial, investment or economic advisory services and cover services offered by credit counselors, financial planners, tax preparers, accountants, and investment advisors. HIPAA contains two basic rules or parts, the Privacy Rule and the Security Rule. The Privacy Rule protects the privacy of individually identifiable health information referred to as protected health information or “PHI.” The Security Rule protects a subset of the information covered by the Privacy Rule, which is all PHI created, received maintained or transmitted in electronic form. This information is referred to as “e-PHI.” The Privacy Rule establishes standards for the permitted uses and disclosures of PHI including disclosures to the individual, for treatment and healthcare operations purposes and for limited research purposes. Generally, the individual patient must consent to disclosure if the disclosure is for reasons other than treatment, payment issues or healthcare operations. The Security Rule requires the establishment and maintenance of reasonable and appropriate administrative, technical, and physical safeguards for protecting PHI. HITECH now supplements this regimen by setting federal standards for notifications in the event any PHI is breached and thus there occurs an unauthorized disclosure or use and specifically imposes the HIPAA requirements and liabilities upon business associates of “covered entities” such as health systems where PHI is disclosed to a business associate incident to healthcare operations. FORVIS is one such business associate given the firm’s service to the healthcare industry and is thus subject to these rules.
TALENT SHIFT, LLC