Legal

Legal Documentation

Explore our trusted healthcare services designed to support your health at every step.

Get in touch

About us

Privacy Policy

Who we are. NOVUS United Catholic Benefits (“NOVUS,” “we,” “us,” or “our”) provides faith-aligned healthcare and retirement benefits to eligible organizations and members. This Privacy Policy explains how we collect, use, disclose, and protect information through our websites, portals, and services (collectively, the “Services”). Scope & role under HIPAA/ERISA. Depending on the program and our agreement with your organization, NOVUS may act as a HIPAA covered entity or a business associate to a covered entity. In either role, we handle Protected Health Information (PHI) in accordance with the HIPAA Privacy, Security, and Breach Notification Rules. We also comply with applicable ERISA obligations for plan records and disclosures where we serve as or support a plan sponsor/administrator. Information we collect. We collect: (a) member/participant data (name, contact, DOB, identifiers); (b) benefits and eligibility data; (c) PHI related to claims, payments, care management, or utilization review (when applicable); (d) account, authentication, and audit logs for portals; and (e) site/device data (cookies, IP, analytics). When we act under HIPAA, PHI is handled per the Privacy Rule; when we act outside HIPAA (e.g., marketing sites), we treat personal data under applicable consumer privacy laws. How we use information. We use information to deliver and administer benefits; determine eligibility; process claims and payments; prevent fraud; comply with law; operate and secure the Services; improve user experience; and communicate about benefits, required notices, and service updates. Uses of PHI are limited to those permitted by HIPAA or authorized by you. Legal bases & plan governance. When HIPAA applies, our uses/disclosures follow the Privacy Rule and your plan documents/authorizations. When consumer privacy laws apply (e.g., website visitors), we rely on compliance with legal obligations, legitimate interests (e.g., site security), consent where required (e.g., cookies), and performance of a contract (e.g., portal access). See “Your privacy rights” below for state/EU rights. How we share information. We share PHI only as permitted: with providers, payers, plan sponsors/administrators, or business associates who perform services under Business Associate Agreements (BAAs); with regulators or as required by law; and with vendors that support secure operations (IT, hosting, analytics) under contractual safeguards. We do not sell PHI. Security. We implement administrative, physical, and technical safeguards aligned to the HIPAA Security Rule (e.g., access controls, encryption in transit/at rest where appropriate, logging/monitoring, workforce training, vendor diligence, and risk assessments). Breach notification. If a breach of unsecured PHI occurs, we provide notices to affected individuals and the U.S. Department of Health & Human Services (and, when required, the media) without unreasonable delay and within required timeframes. If we serve as a business associate, we notify the covered entity as required. Retention. Plan/participant records supporting filings are generally retained at least six (6) years under ERISA §107; benefit-determination records must be kept long enough to determine benefits (which can be longer). We also follow applicable state/federal retention rules for claims, financial, and tax records. Your privacy rights. HIPAA: Individuals may request access, amendments, and an accounting of disclosures of their PHI, and may request restrictions or confidential communications as provided by the Privacy Rule. California (CCPA/CPRA) and other U.S. state laws: Depending on your state, you may have rights to access, delete, correct, and opt out of certain data uses (e.g., targeted advertising or “sales/sharing”). We honor verifiable requests and will not discriminate for exercising rights. EU/EEA (GDPR): If applicable, you may have rights to access, rectify, erase, port, and restrict/ object to processing, and to lodge a complaint with a supervisory authority. Lawful bases for processing are described above. Children’s privacy. Our Services are intended for members and plan participants. We do not knowingly collect personal information from children online without appropriate consent or as permitted by law. International transfers. If personal data is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) consistent with applicable law. Changes. We may update this Policy to reflect operational, legal, or regulatory changes. We will post the “Effective Date” when changes take effect.

Terms of Service

Agreement to Terms. By accessing NOVUS websites, portals, or Services, you agree to these Terms. If you use the Services on behalf of an organization, you represent you are authorized to bind that organization. No medical or legal advice. Content on our sites is for general information only. It is not medical, legal, or tax advice. Your plan documents and provider guidance control for benefit decisions. Account & eligibility. Portal access may require registration, strong credentials, and multi-factor authentication. You are responsible for keeping credentials confidential and for all activity under your account. Acceptable use. You agree not to misuse the Services (e.g., by attempting unauthorized access, interfering with security, or submitting unlawful content). We may suspend or terminate access for violations. Plan documents control. Plan/benefit coverage terms, exclusions, appeals, and fiduciary/administrator roles are governed by plan documents and applicable law (ERISA for most private-sector plans). In the event of a conflict between this site and plan documents, the plan documents control. HIPAA & privacy. Use of PHI is governed by HIPAA and our Notice of Privacy Practices or BAAs, as applicable. For consumer data collected on our sites (outside HIPAA), our Privacy Policy applies. Third-party services. We may link to or integrate with third-party tools (e.g., ID verification, analytics). NOVUS is not responsible for third-party content or practices; review their terms and privacy policies. Intellectual property. All site content, trademarks, and logos are owned by NOVUS or our licensors and protected by law. You may not copy, modify, or distribute content without permission. Security & maintenance. We take reasonable measures to secure the Services and may perform maintenance or updates that temporarily affect availability. See our Privacy Policy for security details aligned to the HIPAA Security Rule. Disclaimers & limitation of liability. The Services are provided “as is” and “as available.” To the maximum extent permitted by law, NOVUS disclaims warranties (express or implied) and limits liability for indirect, incidental, or consequential damages arising from or related to your use of the Services. Indemnification. You agree to indemnify NOVUS against claims arising from your misuse of the Services or violation of these Terms. Governing law & venue. These Terms are governed by the laws of the Commonwealth of Pennsylvania (without regard to conflict-of-law rules). Exclusive venue lies in the state or federal courts located in Blair, PA. Changes. We may update these Terms; the “Effective Date” will reflect the latest version. Continued use after changes constitutes acceptance.

Privacy Policy

Who we are. NOVUS United Catholic Benefits (“NOVUS,” “we,” “us,” or “our”) provides faith-aligned healthcare and retirement benefits to eligible organizations and members. This Privacy Policy explains how we collect, use, disclose, and protect information through our websites, portals, and services (collectively, the “Services”). Scope & role under HIPAA/ERISA. Depending on the program and our agreement with your organization, NOVUS may act as a HIPAA covered entity or a business associate to a covered entity. In either role, we handle Protected Health Information (PHI) in accordance with the HIPAA Privacy, Security, and Breach Notification Rules. We also comply with applicable ERISA obligations for plan records and disclosures where we serve as or support a plan sponsor/administrator. Information we collect. We collect: (a) member/participant data (name, contact, DOB, identifiers); (b) benefits and eligibility data; (c) PHI related to claims, payments, care management, or utilization review (when applicable); (d) account, authentication, and audit logs for portals; and (e) site/device data (cookies, IP, analytics). When we act under HIPAA, PHI is handled per the Privacy Rule; when we act outside HIPAA (e.g., marketing sites), we treat personal data under applicable consumer privacy laws. How we use information. We use information to deliver and administer benefits; determine eligibility; process claims and payments; prevent fraud; comply with law; operate and secure the Services; improve user experience; and communicate about benefits, required notices, and service updates. Uses of PHI are limited to those permitted by HIPAA or authorized by you. Legal bases & plan governance. When HIPAA applies, our uses/disclosures follow the Privacy Rule and your plan documents/authorizations. When consumer privacy laws apply (e.g., website visitors), we rely on compliance with legal obligations, legitimate interests (e.g., site security), consent where required (e.g., cookies), and performance of a contract (e.g., portal access). See “Your privacy rights” below for state/EU rights. How we share information. We share PHI only as permitted: with providers, payers, plan sponsors/administrators, or business associates who perform services under Business Associate Agreements (BAAs); with regulators or as required by law; and with vendors that support secure operations (IT, hosting, analytics) under contractual safeguards. We do not sell PHI. Security. We implement administrative, physical, and technical safeguards aligned to the HIPAA Security Rule (e.g., access controls, encryption in transit/at rest where appropriate, logging/monitoring, workforce training, vendor diligence, and risk assessments). Breach notification. If a breach of unsecured PHI occurs, we provide notices to affected individuals and the U.S. Department of Health & Human Services (and, when required, the media) without unreasonable delay and within required timeframes. If we serve as a business associate, we notify the covered entity as required. Retention. Plan/participant records supporting filings are generally retained at least six (6) years under ERISA §107; benefit-determination records must be kept long enough to determine benefits (which can be longer). We also follow applicable state/federal retention rules for claims, financial, and tax records. Your privacy rights. HIPAA: Individuals may request access, amendments, and an accounting of disclosures of their PHI, and may request restrictions or confidential communications as provided by the Privacy Rule. California (CCPA/CPRA) and other U.S. state laws: Depending on your state, you may have rights to access, delete, correct, and opt out of certain data uses (e.g., targeted advertising or “sales/sharing”). We honor verifiable requests and will not discriminate for exercising rights. EU/EEA (GDPR): If applicable, you may have rights to access, rectify, erase, port, and restrict/ object to processing, and to lodge a complaint with a supervisory authority. Lawful bases for processing are described above. Children’s privacy. Our Services are intended for members and plan participants. We do not knowingly collect personal information from children online without appropriate consent or as permitted by law. International transfers. If personal data is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) consistent with applicable law. Changes. We may update this Policy to reflect operational, legal, or regulatory changes. We will post the “Effective Date” when changes take effect.

Terms of Service

Agreement to Terms. By accessing NOVUS websites, portals, or Services, you agree to these Terms. If you use the Services on behalf of an organization, you represent you are authorized to bind that organization. No medical or legal advice. Content on our sites is for general information only. It is not medical, legal, or tax advice. Your plan documents and provider guidance control for benefit decisions. Account & eligibility. Portal access may require registration, strong credentials, and multi-factor authentication. You are responsible for keeping credentials confidential and for all activity under your account. Acceptable use. You agree not to misuse the Services (e.g., by attempting unauthorized access, interfering with security, or submitting unlawful content). We may suspend or terminate access for violations. Plan documents control. Plan/benefit coverage terms, exclusions, appeals, and fiduciary/administrator roles are governed by plan documents and applicable law (ERISA for most private-sector plans). In the event of a conflict between this site and plan documents, the plan documents control. HIPAA & privacy. Use of PHI is governed by HIPAA and our Notice of Privacy Practices or BAAs, as applicable. For consumer data collected on our sites (outside HIPAA), our Privacy Policy applies. Third-party services. We may link to or integrate with third-party tools (e.g., ID verification, analytics). NOVUS is not responsible for third-party content or practices; review their terms and privacy policies. Intellectual property. All site content, trademarks, and logos are owned by NOVUS or our licensors and protected by law. You may not copy, modify, or distribute content without permission. Security & maintenance. We take reasonable measures to secure the Services and may perform maintenance or updates that temporarily affect availability. See our Privacy Policy for security details aligned to the HIPAA Security Rule. Disclaimers & limitation of liability. The Services are provided “as is” and “as available.” To the maximum extent permitted by law, NOVUS disclaims warranties (express or implied) and limits liability for indirect, incidental, or consequential damages arising from or related to your use of the Services. Indemnification. You agree to indemnify NOVUS against claims arising from your misuse of the Services or violation of these Terms. Governing law & venue. These Terms are governed by the laws of the Commonwealth of Pennsylvania (without regard to conflict-of-law rules). Exclusive venue lies in the state or federal courts located in Blair, PA. Changes. We may update these Terms; the “Effective Date” will reflect the latest version. Continued use after changes constitutes acceptance.

Privacy Policy

Who we are. NOVUS United Catholic Benefits (“NOVUS,” “we,” “us,” or “our”) provides faith-aligned healthcare and retirement benefits to eligible organizations and members. This Privacy Policy explains how we collect, use, disclose, and protect information through our websites, portals, and services (collectively, the “Services”). Scope & role under HIPAA/ERISA. Depending on the program and our agreement with your organization, NOVUS may act as a HIPAA covered entity or a business associate to a covered entity. In either role, we handle Protected Health Information (PHI) in accordance with the HIPAA Privacy, Security, and Breach Notification Rules. We also comply with applicable ERISA obligations for plan records and disclosures where we serve as or support a plan sponsor/administrator. Information we collect. We collect: (a) member/participant data (name, contact, DOB, identifiers); (b) benefits and eligibility data; (c) PHI related to claims, payments, care management, or utilization review (when applicable); (d) account, authentication, and audit logs for portals; and (e) site/device data (cookies, IP, analytics). When we act under HIPAA, PHI is handled per the Privacy Rule; when we act outside HIPAA (e.g., marketing sites), we treat personal data under applicable consumer privacy laws. How we use information. We use information to deliver and administer benefits; determine eligibility; process claims and payments; prevent fraud; comply with law; operate and secure the Services; improve user experience; and communicate about benefits, required notices, and service updates. Uses of PHI are limited to those permitted by HIPAA or authorized by you. Legal bases & plan governance. When HIPAA applies, our uses/disclosures follow the Privacy Rule and your plan documents/authorizations. When consumer privacy laws apply (e.g., website visitors), we rely on compliance with legal obligations, legitimate interests (e.g., site security), consent where required (e.g., cookies), and performance of a contract (e.g., portal access). See “Your privacy rights” below for state/EU rights. How we share information. We share PHI only as permitted: with providers, payers, plan sponsors/administrators, or business associates who perform services under Business Associate Agreements (BAAs); with regulators or as required by law; and with vendors that support secure operations (IT, hosting, analytics) under contractual safeguards. We do not sell PHI. Security. We implement administrative, physical, and technical safeguards aligned to the HIPAA Security Rule (e.g., access controls, encryption in transit/at rest where appropriate, logging/monitoring, workforce training, vendor diligence, and risk assessments). Breach notification. If a breach of unsecured PHI occurs, we provide notices to affected individuals and the U.S. Department of Health & Human Services (and, when required, the media) without unreasonable delay and within required timeframes. If we serve as a business associate, we notify the covered entity as required. Retention. Plan/participant records supporting filings are generally retained at least six (6) years under ERISA §107; benefit-determination records must be kept long enough to determine benefits (which can be longer). We also follow applicable state/federal retention rules for claims, financial, and tax records. Your privacy rights. HIPAA: Individuals may request access, amendments, and an accounting of disclosures of their PHI, and may request restrictions or confidential communications as provided by the Privacy Rule. California (CCPA/CPRA) and other U.S. state laws: Depending on your state, you may have rights to access, delete, correct, and opt out of certain data uses (e.g., targeted advertising or “sales/sharing”). We honor verifiable requests and will not discriminate for exercising rights. EU/EEA (GDPR): If applicable, you may have rights to access, rectify, erase, port, and restrict/ object to processing, and to lodge a complaint with a supervisory authority. Lawful bases for processing are described above. Children’s privacy. Our Services are intended for members and plan participants. We do not knowingly collect personal information from children online without appropriate consent or as permitted by law. International transfers. If personal data is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) consistent with applicable law. Changes. We may update this Policy to reflect operational, legal, or regulatory changes. We will post the “Effective Date” when changes take effect.

Terms of Service

Agreement to Terms. By accessing NOVUS websites, portals, or Services, you agree to these Terms. If you use the Services on behalf of an organization, you represent you are authorized to bind that organization. No medical or legal advice. Content on our sites is for general information only. It is not medical, legal, or tax advice. Your plan documents and provider guidance control for benefit decisions. Account & eligibility. Portal access may require registration, strong credentials, and multi-factor authentication. You are responsible for keeping credentials confidential and for all activity under your account. Acceptable use. You agree not to misuse the Services (e.g., by attempting unauthorized access, interfering with security, or submitting unlawful content). We may suspend or terminate access for violations. Plan documents control. Plan/benefit coverage terms, exclusions, appeals, and fiduciary/administrator roles are governed by plan documents and applicable law (ERISA for most private-sector plans). In the event of a conflict between this site and plan documents, the plan documents control. HIPAA & privacy. Use of PHI is governed by HIPAA and our Notice of Privacy Practices or BAAs, as applicable. For consumer data collected on our sites (outside HIPAA), our Privacy Policy applies. Third-party services. We may link to or integrate with third-party tools (e.g., ID verification, analytics). NOVUS is not responsible for third-party content or practices; review their terms and privacy policies. Intellectual property. All site content, trademarks, and logos are owned by NOVUS or our licensors and protected by law. You may not copy, modify, or distribute content without permission. Security & maintenance. We take reasonable measures to secure the Services and may perform maintenance or updates that temporarily affect availability. See our Privacy Policy for security details aligned to the HIPAA Security Rule. Disclaimers & limitation of liability. The Services are provided “as is” and “as available.” To the maximum extent permitted by law, NOVUS disclaims warranties (express or implied) and limits liability for indirect, incidental, or consequential damages arising from or related to your use of the Services. Indemnification. You agree to indemnify NOVUS against claims arising from your misuse of the Services or violation of these Terms. Governing law & venue. These Terms are governed by the laws of the Commonwealth of Pennsylvania (without regard to conflict-of-law rules). Exclusive venue lies in the state or federal courts located in Blair, PA. Changes. We may update these Terms; the “Effective Date” will reflect the latest version. Continued use after changes constitutes acceptance.

FAQ

Answers to Your Questions

Get quick, clear information about our services, coverage, support, and more

Are your plans fully compliant with the Catholic Church's Ethical and Religious Directives (ERD's)?

Is this a nationwide service or just for local organizations?

Do you help us transition from our current insurer?

Do our employees need to be catholic to be covered?

Are we too small to join NOVUS?

How quickly can we get started?

Do I have to leave my current healthcare broker or consultant?

How do I know if my doctors and hospitals are in-network?

FAQ

Answers to Your Questions

Get quick, clear information about our services, coverage, support, and more

Are your plans fully compliant with the Catholic Church's Ethical and Religious Directives (ERD's)?

Is this a nationwide service or just for local organizations?

Do you help us transition from our current insurer?

Do our employees need to be catholic to be covered?

Are we too small to join NOVUS?

How quickly can we get started?

Do I have to leave my current healthcare broker or consultant?

How do I know if my doctors and hospitals are in-network?

FAQ

Answers to Your Questions

Get quick, clear information about our services, coverage, support, and more

Are your plans fully compliant with the Catholic Church's Ethical and Religious Directives (ERD's)?

Is this a nationwide service or just for local organizations?

Do you help us transition from our current insurer?

Do our employees need to be catholic to be covered?

Are we too small to join NOVUS?

How quickly can we get started?

Do I have to leave my current healthcare broker or consultant?

How do I know if my doctors and hospitals are in-network?

Your NOVUS journey begins in one click

Book your appointment today and reclaim your organization’s mission with benefits support rooted in transparency, trust, and belief.


Contact us

Our services

Your NOVUS journey begins in one click

Book your appointment today and reclaim your organization’s mission with benefits support rooted in transparency, trust, and belief.


Contact us

Our services

Your NOVUS journey begins in one click

Book your appointment today and reclaim your organization’s mission with benefits support rooted in transparency, trust, and belief.


Contact us

Our services