About > General Policies
In order to determine the qualifications of applicants during the Certification Processes, ABS requires that applicants and diplomates provide personal contact and identifying information, as well as personal, educational, and professional background information. This information is used by ABS to identify and determine an applicant's or diplomate's appropriate status with the ABS.
ABS collects the following information from Users. Except as otherwise indicated below, ABS does not collect personally identifiable information or "PII" (as defined below) unless you voluntarily provide it to us. In addition, ABS limits the PII it collects to information that is relevant for purposes of providing access to the account and associating examination and certification status information with users' accounts.
In connection with the registration and administration of its examinations, ABS requires an applicant's or diplomate's personal information, including name, mailing address, and social security number. Social security numbers are used only as an individual identifier. ABS restricts access to such personal information to ABS employees and contractors who need this information to conduct the registration, administration, and scoring of examinations, and verification of certification by ABS.
ABS considers only the certification, recertification and Continuous Certification status of applicants and diplomates to be public information and regards all other information about applicants and diplomates as private and confidential.
We may use PII that you provide to us to personalize your profile information in connection with your use of Services, or to maintain, customize and add new resources and services, and to allow communication and interaction between you and ABS. In addition, we will share the personal information we collect from you under the following circumstances:
ABS reserves the right to disclose to third parties, including medical licensing authorities, information in its possession regarding any individual whom it determines, in its sole and absolute discretion, is involved in a violation of ABS rules or procedures or engaged in misrepresentation or unprofessional behavior or any other illegal activity. Such determinations may include statistical analyses of examination responses.
You have the right to access your personal data/PII. You may choose to opt out of certain disclosures if you do not want your information released or used for a purpose materially different than the purpose for which it was originally collected or subsequently authorized by you. You may request that we update, correct, amend or delete any of the PII or other information we have collected from you, or you may opt out of receiving ABS announcements and other communications such as newsletters, by sending an email to us at email@example.com. We may choose not to fulfill any request that we determine is illegal or where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated, but our intention is to comply with opt-out requests, and other requests that seek to correct, update or delete your PII, as fully as possible in accordance with applicable law and the Privacy Shield Principles. You will also be given notice should we use your PII for a purpose other than that for which it was originally collected or processed. We do not ask for, collect or knowingly receive sensitive PII, i.e., PII specifying medical or health conditions, racial or ethnic origin, political opinions, religious beliefs, or information relating to sex life. Organizations that seek or disclose such sensitive PII must receive your affirmative express consent (opt in) before disclosing it to a third party or using it for a purpose other than that for which it was originally collected or subsequently authorized.
Under the Privacy Shield Principles, regarding PII transferred from the EU/UK or Switzerland, you will have the right to (i) obtain our confirmation as to whether we are processing your PII; (ii) have communicated to you such PII so that you can verify its accuracy and the lawfulness of the data processing; and (iii) have your PII corrected, amended or deleted where it is inaccurate or processed in violation of such Principles. We have the right to charge a fee that is not excessive to comply with your request. You do not have to justify your request for PII, but we have the right to engage in a dialogue with you to better understand what you are seeking. We also have the right to obtain sufficient information about your identity to ensure that the request is not fraudulent. If we determine that access should be restricted, we will provide you with an explanation as to why we made that determination, and give you a contact point for any further inquiries. For example, if we are unable to separate confidential commercial information from your PII, we have the right to deny or limit access to avoid revealing such confidential commercial information or redact the confidential commercial information. Moreover, we have the right to set reasonable limits on the number of times within a given period you have the right to make access requests, so as to limit repetitious or vexatious requests.
Any PII that you provide to us is stored on servers located in secure ABS-hosted or third-party data centers with restricted access, and which are protected by protocols, procedures and best practices designed to ensure the security of such information. In addition, we restrict access to PII to ABS employees, independent contractors and agents who need to know this information in order to develop, operate and maintain the Services, and are subject to confidentiality obligations. However, no server, computer or communications network or system, or data transmission over the Internet, can be guaranteed to be 100% secure. As a result, while we strive to protect User information, we cannot guarantee the security of any information you transmit to us or through the use of the Site or any of the Services. In the event that we believe that there has been a security breach involving your PII, we would endeavor to notify you promptly in accordance with applicable law. In the event such notification is appropriate under the circumstances, we would first try to notify you at the latest email address we have for you on record, subject to legal requirements.
The U.S. Department of Health and Human Services finalized regulations regarding privacy protections for certain health information pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As part of the Certification Processes, ABS may require an applicant to submit patient information that could be governed by HIPAA and its regulations.
ABS requires that all patient information that is forwarded as part of the Certification Processes be "de-identified" in accordance with the HIPAA privacy regulations so that all identifying information and markers that could be used to reasonably identify a patient are removed before it is forwarded to ABS. ABS will not accept any patient information that has not been de-identified in accordance with the HIPAA privacy regulations. It is the applicant or diplomate's responsibility to de-identify the patient's health information before it is submitted to ABS. If ABS receives any information that is not de-identified as part of the Certification Processes, ABS will return such information to the applicant so that it can be appropriately de-identified. This may delay ABS consideration of that applicant or diplomate during the Certification Processes. ABS cannot and will not be responsible for the applicant's violation of HIPAA and its regulations. If you have questions regarding de-identification or would like more information regarding de-identification requirements, please contact ABS.
ABS is committed to the privacy of patient information submitted by its applicants and diplomates during the Certification Processes. ABS is not a "covered entity" under HIPAA and is not subject to the HIPAA regulations. Because ABS will not accept patient information that has not been de-identified, ABS is not a "business associate" of an applicant or diplomate and ABS will not execute a business associate agreement with an applicant or diplomate.
The Site is a general audience website not intended for any person under 18 years old. We do not knowingly allow access to, or collect PII from, any person under the age of 13.
American Board of Surgery
1617 John F. Kennedy Boulevard, Suite 860
Philadelphia, PA 19103 USA
Attn: Gabriel L. I. Bevilacqua, Esq., General Counsel
Posted: May 25, 2018