Control and occupational environments set the tone of the organization, influencing the control consciousness of its people. Newcleus recognizes that the effectiveness of controls and policies is greatly influenced by the people who create, administer, and monitor them. Integrity and ethical values, organizational structure, and management philosophy are important and influencing elements that are held at the highest priority of Newcleus.
Newcleus appreciates and respects the importance of protecting the privacy of data that is exchanged when interacting with our websites or during the normal course of business with our clients, prospects, vendors and staff. This policy outlines the controls, practices, rules, and guidelines we employ to safeguard the security and privacy of all data that Newcleus processes and attempts to demonstrate our commitment to security, ethical values, competence and to our clients.
Newcleus stores only information submitted by website users, clients, and prospects for the purpose of creating access accounts, information requests and processing documents necessary to administer and manage selected products, plans, and services.
Some examples of personal information collected are:
Name, address and email collected to create an access account for Newcleus websites or other software solutions
Similar information submitted voluntarily for marketing purposes
Company and applicant information required for strategy, service, and administration
Newcleus websites only collect information that is offered by site users or customers of their own accord.
Information Security & Privacy Safeguards
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Newcleus has put in place appropriate physical, logical, and managerial procedures to safeguard and secure the information we collect as detailed below.
Newcleus uses the following layers of technical controls to protect its information:
Antivirus: To protect against malicious code that could compromise information or damage company systems.
Email filtering: Actively filters incoming email messages for phishing and spam attacks.
Encryption: We encrypt client information accessed through online account access services to prevent unauthorized users from viewing that information. Company policies require client information stored on mobile devices used for business, including laptops, tablets, and smartphones, to be encrypted as well.
Firewalls: Newcleus’ internal network resides behind a corporate firewall designed to prevent unauthorized external parties from accessing that data.
System activity monitoring: A variety of resources are used to monitor systems and identify suspicious activity. Intrusion detection systems and data leakage protection systems reduce the risk of incoming attacks and information loss.
Our technical controls are supplemented with the following processes, procedures, and policies to further protect information:
Business need to know: Access to company systems is implemented based on the principle of least privilege. Access is provided to each system user based solely on their job needs with no additional access provided.
Change control: A formal policy is in place to help ensure all changes to company systems maintain the confidentiality, integrity, and availability of those systems.
Corporate governance: Our company’s governance system is abundant, with multiple committees supporting information protection initiatives.
Cyber security threat simulations: Newcleus conducts cyber security threat assessments via regularly conducted penetration testing. This identifies areas of program strength and opportunities for improvement.
Incident response: Our well-defined computer security and privacy incident response program is designed to contain and resolve any incidents efficiently and effectively. The program is periodically reviewed and exercised to train and ensure preparation for events.
Privacy: All employees receive privacy training, with adherence and monitoring of this and all other Newcleus policies conducted by department supervisors.
Internal and external IT auditors: Internal and external auditors regularly review and assess Newcleus’ information technology systems and operations to ensure we comply with our documented policies and procedures as well as applicable regulations and industry best practices.
Policies and standards: Newcleus maintains written policies and standards for information protection. These policies and standards provide the foundation and guidance for our information security, privacy, and risk management program.
Records management and sanitization: Our formalized data management program manages the lifecycle of all information that we handle, including adherence to regulatory requirements and secure disposal of confidential information.
Risk assessments: Risk assessments are performed biannually as well as during the development and acquisition of information systems to help ensure those systems include appropriate protection of client information.
Security awareness: Newcleus provides employees and financial representatives with security awareness and training, such as ongoing security awareness articles and events, training in company policies and standards, and simulated phishing exercises.
Separation of duties: Specific job duties are separated to prevent a conflict of interest when appropriate.
Threat monitoring: Our internal teams and third-party industry security organizations work together to monitor our environment for existing and potential threats.
User access reviews: Newcleus reviews user access to company systems quarterly to help ensure users maintain an appropriate level of access to those systems.
Newcleus also protects its clients’ information from physical harm and theft with the following methods:
Building and data center physical security: Physical access to our buildings and data centers is restricted with defense in depth to ensure the confidentiality, integrity, and availability of company systems and physical assets.
Business continuity and disaster recovery planning: Formal business continuity and disaster recovery plans are maintained and tested regularly. These plans are designed to maximize the availability of company systems and information and recover from natural or human-made disasters as efficiently and effectively as possible.
Redundancy: As part of its business continuity and disaster recovery plans, we maintain redundant data centers to help ensure the availability of company systems and client information.
Terms of Service
Please read these Terms of Service (“Terms”, “Terms of Service”) carefully before using the Newcleus website (the “Service” ) operated by “Newcleus” (“Newcleus”, “us”, “we” , or “our” ). Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users, and others who access or use the Service. By accessing or using the Service, you agree to be bound by these Terms. If you disagree with any part of the terms, then you may not access the Service.
Links to Other Websites
- Our Service may contain links to third-party websites or services that are not owned or controlled by (“Newcleus”).
- (“Newcleus”) has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party web sites or services. You further acknowledge and agree that (“Newcleus”) shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
- We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.
- We may terminate or suspend access to our Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.
- All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
- These Terms shall be governed and construed in accordance with the laws of Pennsylvania, United States, without regard to its conflict of law provisions.
- Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service, and supersede and replace any prior agreements we might have between us regarding the Service.
- We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material, we will try to provide at least 30 days’ notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
- By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Service.
This Notice Describes How Protected Health Information About You May Be Used And Disclosed And How You Can Get Access To This Information. Please Review It Carefully.
Newcleus Will Use And Share Protected Health Information Of Insured’s As Necessary To Carry Out Payment And Health Care Operations As Permitted By Law. We Are Required By Law To Maintain The Privacy Of Our Insured’s Protected Health Information And To Provide Insured’s With Notice Of Our Legal Duties And Privacy Practices With Respect To Their Protected Health Information. We Are Required To Abide By The Terms Of This Notice So Long As It Remains In Effect. We Reserve The Right To Change The Terms Of This Notice And To Make The New Notice Effective For All Protected Health Information Maintained By Us. Copies Of Any Revised Notices Will Be Mailed To All Insured’s Then Covered By Newcleus.
Uses of Disclosures of Your Protected Health Information
This Section Describes Uses And Disclosures Of Your Protected Health Information That We May Make. In Some States, More Stringent Laws May Limit Or Prohibit A Use Or Disclosure Described Below. In Those Circumstances, Newcleus Will Conduct Itself According To The More Stringent Law.
Except as described in this Notice, we will not use or disclose your protected health information, including psychotherapy notes, without written authorization from you. In addition, use or disclosure of psychotherapy notes, or the use or disclosure of protected health information for marketing purposes, or disclosure of protected health information in a manner that constitutes a sale, requires your authorization. If you do authorize Newcleus to use or disclose your protected health information for another purpose, you may revoke your authorization in writing at any time. If you revoke an authorization, Newcleus will no longer use or disclose your protected health information in the manner covered by that authorization, except to the extent that Newcleus has taken action in reliance on the authorization, or if the authorization was obtained as a condition of obtaining insurance coverage, Newcleus has the right to contest a claim under a policy or to contest the policy itself.
Uses and Disclosures for Payment
Newcleus will make uses and disclosures of your protected health information as necessary and as permitted by law for payment purposes. For example, we may use information regarding your medical procedures and treatment to process and pay claims or to determine whether services are covered under the ACB rider. Newcleus may also forward such information to another health plan, which may also have an obligation to process and pay claims on your behalf.
Uses and Disclosures for Health Care Operations
Newcleus will use and disclose your protected health information as necessary, and as permitted by law, for our health care operations. This includes enrollment, underwriting, policy issuance, securing reinsurance, customer service, and other activities relating to the creation and servicing of your insurance coverage, compliance, auditing, rating, fraud and abuse detection, business management and general administrative activities, quality improvement and assurance, and other functions related to the ACB rider. We may not use your genetic information for underwriting or eligibility purposes. Such activities may involve our use of third parties that perform services for us. When we hire other parties to help us conduct our business, we require them to protect your protected health information. Further, we do not permit them to use or share your protected health information for any purpose other than the work they are doing on our behalf or as required by law. In addition, your Newcleus Representative and others assisting your Financial Representative have access to the information that they need to provide service to you.
Disclosures to an Employer for Premium Payment Purposes
Newcleus may disclose to your employer when necessary for premium payment purposes only: your name, address, policy number, and premium amount due for your life insurance policy with ACB rider. Be assured that Newcleus will not disclose any other protected health information to your employer without your written authorization.
Family and Friends Involved in Your Care
With your approval, Newcleus may from time to time disclose your protected health information to designated family, friends, and others who are involved in your care or in payment for your care. Such disclosures are limited to the information necessary to facilitate that person’s involvement in caring for you or paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited protected health information with such individuals without your approval. If you have designated a person (i.e., secondary addressee) to receive information regarding payment of the premium on your life insurance policy, we will inform that person when your premium has not been paid. We may also disclose limited protected health information to a public or private entity that is authorized to assist in disaster relief efforts in order for that entity to locate a family member or other person that may be involved in some aspect of caring for you.
Payment of Claims
Newcleus may contact you and/or your authorized representative to obtain or provide information on payment of your claims.
Other Health-Related Products
Newcleus may use or disclose your protected health information to offer you upgrades to your ACB rider, or other health-related products or services which may be available to you because you are a policyholder with an ACB rider.
Other Uses and Disclosures
Newcleus is permitted or required by law to make certain other uses and disclosures of your protected health information without your authorization. We may release your protected health information:
- for public health activities, such as required reporting of disease, injury, birth and death, and for required public health investigations;
- as required by law if we believe you to be a victim of abuse, neglect, or domestic violence;
- if required by law to a government oversight agency conducting audits, investigations, or civil or criminal proceedings;
- if required to do so by a court or administrative subpoena or discovery request; in most cases you will have notice of such release;
- to law enforcement officials as required by law to report wounds and injuries and crimes;
- to law enforcement agencies to help prevent fraud, or alert them that unlawful activity may have occurred;
- if you are a member of the military as required by armed forces services;
- if necessary for national security or intelligence activities;
- to insurance and other regulatory authorities;
- to workers’ compensation agencies if necessary for your workers’ compensation benefit determination;
- to our re-insurers;
- to your attending physician or medical professional or facility to enable them to inform you of medical information of which you may not be aware; and
- to others as permitted or required by law.
Rights That You Have
You Have A Number Of Rights Related To Your Protected Health Information That Are Described Below. All Communication And Requests Regarding Those Rights, Where Applicable, Should Be Submitted In Writing, Signed By You Or Your Personal Representative And Mailed To Our Privacy Official At The Address Listed At The End Of This Notice.
Access to Your Protected Health Information
You have the right to copy and/or inspect protected health information in certain records that we retain on your behalf, including your application, billing and benefit statements, claim forms, policy change requests, and records relating to your health or medical condition or treatment. We may charge you a reasonable, cost-based fee for any copies you request. We may also charge for postage if you request a mailed copy and will charge for preparing a summary of the requested information, if you request one.
Amendments to Your Protected Health Information
You have the right to request that certain protected health information that we maintain about you be amended or corrected. We are not obligated to make all requested amendments but will give each request careful consideration. All amendment requests must state the reasons for the amendment/correction request. If we make an amendment or correction you request, we may also notify others who work with us and have copies of the uncorrected record, if we believe that such notification is necessary. Please understand that we will not amend protected health information that we did not create, unless we are notified of the need for amendment by the entity that created it. For example, requests to amend information in your medical records need to be directed to the medical provider or facility that created the information.
Accounting for Disclosures of Your Protected Health Information
You have the right to receive an accounting of certain disclosures we make of your protected health information. The first accounting in any 12-month period is free; you may be charged a reasonable, cost-based fee for each subsequent accounting you request within the same 12-month period.
Restrictions on Use and Disclosure of Your Protected Health Information
You have the right to request restrictions on certain of our uses and disclosures of your protected health information for payment or health care operations. Your request must describe in detail the restriction you are requesting. We are not required to agree to your request for a restriction.
Requesting Confidential Communication of Your Protected Health Information
You have the right to request that communications regarding your protected health information from us be delivered by alternative means or at alternative locations. We will accommodate reasonable requests, such as instructions that messages not be left on voice mail or sent to a particular address.
Right to Notification Following a Breach of Unsecured Protected Health Information
You will receive notifications from Newcleus of breaches of your unsecured protected health information.
If You Believe Your Privacy Rights Have Been Violated, You Can File A Complaint In Writing With Our Privacy Official At The Address Listed At The End Of This Notice. You May Also File A Complaint In Writing With The Secretary Of The U.S. Department Of Health And Human Services In Washington D.C. Within 180 Days Of A Violation Of Your Rights. There Will Be No Retaliation For Filing A Complaint.