Privacy Policy

In the course of examination processes, certification, recertification, and Continuous Certification (collectively, "Certification Processes"), the American Board of Surgery, Inc. ("ABS") must collect and utilize personal and professional information pertaining to its applicants and diplomates. ABS has issued the following Privacy Policy to govern ABS' collection, use, and disclosure of such information and its policies and practices regarding the privacy of information during the Certification Processes. The goal of establishing this privacy policy is to assure all persons disclosing information to ABS during the Certification Processes of the sensitivity and care utilized in protecting this information.

Use and Disclosure of Personal Information

In order to determine the qualifications of applicants during the Certification Processes, ABS requires that applicants and diplomates provide personal contact and identifying information, as well as personal, educational, and professional background information. This information is used by ABS to identify and determine an applicant's or diplomate's appropriate status with the ABS.

In connection with the registration and administration of its examinations, ABS requires an applicant's or diplomate's personal information, including name, mailing address, and social security number. Social security numbers are used only as an individual identifier. ABS restricts access to such personal information to ABS employees and contractors who need this information to conduct the registration, administration, and scoring of examinations, and for the verification of certification by ABS.

ABS does not disclose any personal information regarding its applicants or diplomates to non-ABS employees and contractors, except when required by law (such as complying with a subpoena or court order) or as described below for the American Board of Medical Specialties ("ABMS"). ABS does not share personal information about its applicants or diplomates with companies or other third parties outside of ABS for marketing purposes. ABS considers only the certification, recertification and Continuous Certification status of applicants and diplomates to be public information and regards all other information about applicants and diplomates as private and confidential.

Upon certification and recertification, ABS provides biographical and demographic data on diplomates to ABMS, which publishes The Official ABMS Directory of Board Certified Medical Specialists®. ABMS will directly contact diplomates regarding the publication of diplomate information in its directory. ABS diplomates will communicate directly to ABMS the personal information that they wish to appear in the directory.

ABS provides residency program directors with the results of their residents' performance on specific ABS examinations. Individual examination results are not provided to any other person or institution. ABS will use performance on examinations and other information for research purposes and may publish these studies. In these instances, however, ABS will not identify specific individuals, hospitals, or practice affiliations.

ABS provides summary information for specific residency programs regarding the collective performance of residents on ABS examinations to the Review Committee for Surgery, and in the interests of better informing medical students regarding surgical training, will provide this information to the public via the ABS website.

ABS reserves the right to disclose information in its possession regarding any individual whom it determines, in its sole and absolute discretion, is involved in a violation of ABS rules or procedures or engaged in misrepresentation or unprofessional behavior or any other illegal activity. Such determinations may include statistical analyses of examination responses.

Protection of Personal Information

ABS maintains physical, electronic, and procedural safeguards to protect and secure all personal information in its possession. ABS' security measures protect the confidentiality of online communication, examination results, and data related to the Certification Processes. ABS uses encrypted technology for the sensitive communications performed. Examination results and sensitive applicant and diplomate data transmissions are encrypted and stored in secure areas of ABS accessible only with a unique ID and password.

ABS database servers used for transactions and communication with applicants and diplomates are stored in a restricted, secure area in ABS accessible only to authorized personnel. Firewalls and monitoring devices are designed to prevent unauthorized network access via the Internet.

HIPAA Privacy Rule

The U.S. Department of Health and Human Services finalized regulations regarding privacy protections for certain health information pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As part of the Certification Processes, ABS may require an applicant to submit patient information that could be governed by HIPAA and its regulations.

ABS requires that all patient information that is forwarded as part of the Certification Processes be "de-identified" in accordance with the HIPAA privacy regulations so that all identifying information and markers that could be used to reasonably identify a patient are removed before it is forwarded to ABS. ABS will not accept any patient information that has not been de-identified in accordance with the HIPAA privacy regulations. It is the applicant or diplomate's responsibility to de-identify the patient's health information before it is submitted to ABS. If ABS receives any information that is not de-identified as part of the Certification Processes, ABS will return such information to the applicant so that it can be appropriately de-identified. This may delay ABS consideration of that applicant or diplomate during the Certification Processes. ABS cannot and will not be responsible for the applicant's violation of HIPAA and its regulations. If you have questions regarding de-identification or would like more information regarding de-identification requirements, please contact ABS.

ABS is committed to the privacy of patient information submitted by its applicants and diplomates during the Certification Processes. ABS is not a "covered entity" under HIPAA and is not subject to the HIPAA regulations. Because ABS will not accept patient information that has not been de-identified, ABS is not a "business associate" of an applicant or diplomate and ABS will not execute a business associate agreement with an applicant or diplomate.

Updated: November 2010