Home > Corporate Privacy Policy

Corporate Privacy Policy

Overview and Applicability

Insurance Strategies Services LLC (hereafter referred to as ISC SERVICES) supports the right to privacy, including the rights of individuals to control the dissemination and use of personal data that describes them, their personal choices, or life experiences. ISC SERVICES supports domestic and international laws and regulations that seek to protect the privacy rights of such individuals.

This policy applies to ISC SERVICES clients and their clients whose personal data is the subject of the services that ISC SERVICES provides to its clients. The policy also applies to all ISC SERVICES employees, contractors, temporaries, consultants, and other workers. This latter group of individuals will be provided with and are expected to be familiar with and fully in compliance with this policy. Workers who do not comply with the provisions of this policy are subject to disciplinary action up to and including termination. A copy of our most current policy is included on the ISC SERVICES website.

Only medical information that may specifically identify an individual and is used or disclosed by ISC SERVICES is protected by the terms as defined in the Privacy Rule of the Administrative Simplification provision of the Health Insurance Portability and Accountability Act of 1996 (‘HIPAA’). This medical information is described to as ‘protected health information’ and we refer to it throughout this document as ‘personal data’. Alternatively, as an employee, your sick leave records FMLA leave information, workers compensation files, disability, life insurance and OSHA records are not personal data and are not covered by this policy.

This policy also applies to outsourcing organizations that perform information-processing services on behalf of ISC SERVICES. Use of outsourcing organizations to process personal data must always include a contractual commitment to observe these policies and related ISC SERVICES procedures and standards as specified by the Information Services department. All outsourcing organizations handling personal data provided by ISC SERVICES must periodically issue certificates of compliance with this policy, and permit ISC SERVICES to initiate independent audits to determine compliance with this policy.

This policy does not apply to visitors to its internet website although that website is governed by a separate privacy policy to ensure the confidence of our clients and visitors and to demonstrate our commitment to fair information practices and to protect the privacy of those visiting the website. Please see our website for more information.

Definitions

Personal data: Any information relating to an individual. Such data includes name, address, telephone number, address, social security number, personal health information, and personal business transaction details. For example, such a person could be the subject of an ISC SERVICES work product or an ISC SERVICES worker either direct or indirectly. This policy does not apply to statistical reports or other collections of information in which specific natural persons are not identifiable.

Processing of personal data or “processing”: Any operation or set of operations performed on personal data, whether by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, blocking, erasure or destruction.

Owner: The ISC SERVICES manager or executive, who determines the purposes for processing personal data, and who makes decisions about the security mechanisms to be used to protect such personal data.

Custodian: The ISC SERVICES manager, or third-party organization manager if processing has been outsourced, who processes personal data according to the instructions provided by the Owner.

Third party: Any person, partnership, corporation, public authority, government agency, or any other entity other than the individual, Owner, Custodian, and the persons who, under the direct authority of the Owner or the Custodian, are authorized to process the data.

Recipient: The person, public authority, government agency, or any other entity to which personal data is disclosed, even if the recipient is a third party.

Consent: Any freely-given informed indication of his or her wishes by which the individual signifies his or her agreement to have his or her personal data processed, which may include disclosure.

No distinction between data, information, knowledge, or wisdom is made in this policy.

Specific Requirements

All personal data must be processed fairly and lawfully, according to the laws and regulations of all jurisdictions where ISC SERVICES does business. This includes but is not limited to information that constitutes protected health information as defined in the Privacy Rule of the Administrative Simplification provision of the Health Insurance Portability and Accountability Act of 1996 (‘HIPAA’) for purposes of evaluating the medical condition in the context of the transference of the ownership of life insurance policies of individuals submitted by clients. ISC SERVICES has established Information Security policies to guard against unnecessary disclosure of individual’s personal data.

Personal data must be collected for purposes communicated to the individual and not further processed in a way incompatible with those purposes. Further processing of such data for historical, statistical or other business purposes is not incompatible with the original purpose provided the further processing includes adequate additional controls protecting the rights of the individual.

The amount of personal data collected must be adequate, relevant, and not excessive in relation to the purposes for which they are collected or for which they are further processed.

Personal data must be accurate and complete, and where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate or incomplete, keeping in mind the purposes for which it was collected or for which it is further processed, are definitively erased or corrected.

Personal data must not be kept in a form that permits identification of individuals for any longer than is necessary for the purposes for which the data was collected or for which it is further processed. For example, this can be implemented with linked separate files respectively containing identification information and related sensitive information. Owners of personal data are responsible for ensuring compliance with the following points.

Personal data may be processed only if:

  • The individual has given his or her consent unambiguously.
  • Processing is necessary for the performance of a contract to which the individual is party, such as completing an underwriting evaluation for a life insurance settlement.
  • Processing is required to respond to a request made by the individual.
  • Processing is necessary for compliance with a legal obligation to which the Owner is subject.
  • Processing is necessary in order to protect the vital interests of the individual.

Processing personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, criminal offenses, health, or sex life is prohibited unless:

  • The individual has provided explicit consent to such processing.
  • Processing is necessary for the purposes of carrying out the obligations and specific rights of the Owner in the field of employment law.
  • Processing is necessary to protect the vital interests of the individual or of another person where the individual is physically or legally incapable of giving his or her consent. Custodians of personal data are responsible for ensuring that items in the preceding two points are complied with.

Information to be Given to the Individual

Upon request, ISC SERVICES must provide all individuals with a brief written summary of the subject’s rights to learn about, get copies of, lodge objections to, and correct personal data. Trained personnel who can explain an individual’s rights must be available to subjects by telephone.

If ISC SERVICES changes its privacy policy, an attempt must promptly be initiated to notify all individuals affected. As a part of this notification, ISC SERVICES must provide a summary of the changes in the policy to the individuals affected and what these changes mean. Individuals also must be given an opportunity to be removed from ISC SERVICES records. If ISC SERVICES does not have current addresses of individuals for which it has information the last addresses it has will be used.

Individual’s Right of Access to Data:

Every individual has the right to obtain the following from ISC SERVICES without undue constraint at reasonable intervals and without excessive delay or expense:

  • Confirmation as to whether data relating to him or her is processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data is disclosed.
  • Details as to the source of information about the individual, if such information is recorded.
  • Communication of the personal data to the subject in an intelligible form.
  • Knowledge of the logic involved in any automatic processing of data concerning him or her at least in the case of the automated decisions affecting the individual.
  • When appropriate, an indication that his or her personal data has been corrected, erased, or blocked because it was incomplete or inaccurate.
  • Notification to third parties to whom the data has been disclosed of any correction, erasure, or blocking carried out in compliance with the prior paragraph, unless this proves impossible or involves a unreasonable effort or expense.

Individual’s Right to Object

Individuals must be given an opportunity to examine, and issue complaints about, inaccuracies and incompletions in records containing their personal data. Investigations of complaints must be promptly performed, and must be answered with a letter informing the involved individuals about the courses of action that ISC SERVICES will take. Any resulting erasures or corrections must be promptly performed and at no cost to the individuals. Reasonable steps to prevent reoccurrence of the same inaccuracies or incompletions must be taken, for instance by adding an explanatory paragraph in the subject’s file.

An exception is permitted to the requirements for criminal activity investigation records, and other legitimate business activities where disclosure to the individual would be highly likely to jeopardize the business process. All disclosures to government agencies and other third parties must be preceded by written or other notice sent to the subject individual. A blanket, one-time approval of such disclosures is sufficient. Sufficient time must be provided between the receipt of such notice by the individual and the actual disclosure to the third party to permit the individual to object should he or she so elect.

Disclosure of Personal Data to Third Parties

ISC SERVICES may provide third parties with personal data processed on its systems for generally accepted business purposes such as court orders, subpoenas, employment verification, governmental licensing, underwriting, and other reasons. All recipients of such information must definitively identify themselves, certify in writing the legal and customary purposes for which the information is sought and certify that the personal data will be used for no other purposes.

Contact Information

The privacy contact for ISC SERVICES is:

Insurance Strategies Services LLC
Attn: HIPAA Privacy Contact Official
17755 U.S. Highway 19 North
Suite 150
Clearwater, FL 33764

Complaints

If an individual believes their privacy rights have been violated, you may file a complaint with ISC SERVICES or with the Secretary of the Department of Health and Human Services. To file a complaint with ISC SERVICES, contact the Privacy Official at the address listed below. All complaints must be submitted in writing.

An individual will not be penalized for filing a complaint.

The ISC SERVICES Privacy Contact (solely for eligibility, appeals, and filing privacy-related complaints) is:

Insurance Strategies Services LLC
Attention: HIPAA Privacy Complaint Official
17755 U.S. Highway 19 North
Suite 150
Clearwater, FL 33764

When is this Policy Effective

This policy is effective as of January 1, 2006, and will remain in effect until it is revised. ISC SERVICES has the right to change this policy at any time and for any reason. ISC SERVICES has the right to make the revised or changed policy effective for medical information it already has about individuals or may have in the future.