Privacy Policy

Welcome to the ABS website located at www.absurgery.org (the "Site"). The American Board of Surgery Inc. ("ABS," "we," "us" or "our") is committed to respecting the privacy rights of all site visitors and users ("Users," "you," or "your"). We have established this Privacy Policy, publicly available on the Site under "About >> General Policies" to explain our practices regarding the collection and use of information about Site Users.

The Site is intended to provide information pertaining to ABS certification services. It provides access to information regarding certification requirements, as well as examination application and registration, news, links to other internet resources, and more. We use information that we collect from you to better serve you. By visiting the Site or using any of the Site's features or online services (collectively, "Services") or using any websites and communication channels, applications, and services that reference this policy, you consent to ABS' collection, use, processing, storage, deletion and disclosure of personally identifiable information relating to you as set forth in this Privacy Policy. This Privacy Policy is effective upon posting.

In the course of examination processes, certification, recertification, and Continuous Certification (collectively, "Certification Processes"), the ABS must collect and utilize personal and professional information pertaining to its applicants and ABS-certified surgeons, known as diplomates. ABS has issued the following Privacy Policy to govern ABS' collection, use, and disclosure of such information and its policies and practices regarding the privacy of information during the Certification Processes. The goal of establishing this Privacy Policy is to assure all persons disclosing information to ABS during the Certification Processes of the sensitivity and care utilized in protecting this information.

Information We Collect and Why

In order to determine the qualifications of applicants during the Certification Processes, ABS requires that applicants and diplomates provide personal contact and identifying information, as well as personal, educational, and professional background information. This information is used by ABS to identify and determine an applicant's or diplomate's appropriate status with the ABS.

ABS collects the following information from Users. Except as otherwise indicated below, ABS does not collect personally identifiable information or "PII" (as defined below) unless you voluntarily provide it to us. In addition, ABS limits the PII it collects to information that is relevant for purposes of providing access to the account and associating examination and certification status information with users' accounts.

  • Information You Give Us: All Users may visit the public areas of the Site without disclosing any personal information to ABS. However, in order to use certain Services, you may be asked to fill in dropdown menus or otherwise provide select personally identifiable information such as your name, email address, mailing address, phone number and similar information (collectively, "PII"). We only collect PII from you that you choose to provide, or authorize us to collect.

When you complete an application or registration form, you may also be required to provide your name, position, institution, address, telephone, fax, email address, and similar information. Users may request to receive information from ABS, or to otherwise interact with ABS, in which case an email or other address or PII may be collected in order to allow us to comply with the request, and for other purposes as may be disclosed to you at the time the request is made or otherwise as set forth in this Privacy Policy.

In connection with the registration and administration of its examinations, ABS requires an applicant's or diplomate's personal information, including name, mailing address, and social security number. Social security numbers are used only as an individual identifier. ABS restricts access to such personal information to ABS employees and contractors who need this information to conduct the registration, administration, and scoring of examinations, and verification of certification by ABS.

  • Collection of Other PII: We do not collect any PII constituting human resources data or "HR Data" either in the United States or abroad. Nor do we collect non-HR Data in the United States or abroad.
  • Cookies: "Cookies" are small bits of electronic information that a website sends to a User's browser for storage on your hard drive, which make your interaction with the Site more efficient by remembering you. For example you may not have to reenter a User ID on a subsequent Site visit. Like most websites, we employ the use of "cookies" in certain areas of our Site and with certain Services to allow us to provide information that is targeted to your role as an applicant or diplomate and optimizes your online experience, such as providing information of potential interest to you based on your use of the Services. Most cookies are "session cookies," meaning that they are automatically deleted at the end of your session (i.e. when you log out). Moreover, you always have the right to decline our cookies by setting your web browser to reject cookies, although this may adversely affect the usability of the Site.
  • Tracked Information: Our servers automatically track certain information about you as you use our Site, some of which may contain PII. This information may include the URL that you just came from, what browser you are using, how long you spend on particular webpages, and your IP address. Our Site logs track and collect aggregate and sometimes anonymized Site usage data, such as the number of hits and visits to our Site ("Usage Data"). This information is used for internal purposes by technical support staff to provide better services to the public. Our site usage information is not provided to third parties, but may be used for research purposes. When used for research, the statistics are aggregate and contain no individual PII. We do not ask for, collect or knowingly receive sensitive PII.

How We Use and/or Disclose the Information

ABS considers only the certification, recertification and Continuous Certification status of applicants and diplomates to be public information and regards all other information about applicants and diplomates as private and confidential.

We may use PII that you provide to us to personalize your profile information in connection with your use of Services, or to maintain, customize and add new resources and services, and to allow communication and interaction between you and ABS. In addition, we will share the personal information we collect from you under the following circumstances:

  • General Public. ABS considers only the certification, recertification and Continuous Certification status of applicants and diplomates to be public information and regards all other information about applicants and diplomates as private and confidential.
  • Protection of rights. We will share PII if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities; (ii) such action is appropriate to enforce the Terms of Service for the Site, including any investigation of potential violations thereof; (iii) such action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Services; or (iv) such action is appropriate to protect the rights, property or safety of ABS, its employees, Neutrals, users of the Services or others.
  • Service Providers. ABS currently engages service providers as data processors on our behalf, and they are subject to appropriate confidentiality and security measures, including compliance with this Privacy Policy. As a function of their role, we may share your PII with them. Any such third party data processors are and/or will be subject to contractual agreements to ensure that they only process PII provided by ABS in a manner consistent with ABS' obligations under the Privacy Shield Principles as more fully described and made accessible to you below. ABS remains liable under such Principles if its agent processes your PII in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to any damage.

ABS reserves the right to disclose to third parties, including medical licensing authorities, information in its possession regarding any individual whom it determines, in its sole and absolute discretion, is involved in a violation of ABS rules or procedures or engaged in misrepresentation or unprofessional behavior or any other illegal activity. Such determinations may include statistical analyses of examination responses.

  • Program Directors. ABS provides residency program directors with the results of their residents' performance on specific ABS examinations. Individual examination results are not provided to any other person or institution.
  • Accreditation Council for Graduate Medical Education. ABS provides summary information for specific residency programs regarding the collective performance of residents on ABS examinations to the Review Committee for Surgery, and in the interests of better informing medical students regarding surgical training, will provide this information to the public via the ABS website.
  • American Board of Medical Specialties ("ABMS"). Upon certification and recertification, ABS provides biographical and demographic data on diplomates to ABMS, which publishes The Official ABMS Directory of Board Certified Medical Specialists®. ABMS will directly contact diplomates regarding the publication of diplomate information in its directory. ABS diplomates will communicate directly to ABMS the personal information that they wish to appear in the directory.
  • Research. We use PII in order to: (i) determine eligibility and qualification of candidates for inclusion in a study or analysis; (ii) evaluate resident development and performance; (iii) amend and improve the Certification exams and programs to make them more effective at gauging professional competence and at equipping physicians with knowledge that would render them more professionally competent; and (iv) collaborate with other research investigators. Any work product or publication derived from this information will not identify individual physicians or training programs.
  • Marketing purposes. ABS does not share personal information about its applicants or diplomates with companies or other third parties outside of ABS for marketing purposes. We will occasionally use your PII for our own purposes, subject to applicable law, and subject to your clearly indicated right to opt-out of receiving any such communications from us. We may send you emails, newsletters, articles of potential interest, and announcements that we believe may be of interest to you.
  • Public Authorities. We may disclose your PII in response to lawful requests by public authorities, including meeting national security or enforcement requirements.

Control of Your Information; Opt-Out

You have the right to access your personal data/PII. You may choose to opt out of certain disclosures if you do not want your information released or used for a purpose materially different than the purpose for which it was originally collected or subsequently authorized by you. You may request that we update, correct, amend or delete any of the PII or other information we have collected from you, or you may opt out of receiving ABS announcements and other communications such as newsletters, by sending an email to us at abscomms@absurgery.org. We may choose not to fulfill any request that we determine is illegal or where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated, but our intention is to comply with opt-out requests, and other requests that seek to correct, update or delete your PII, as fully as possible in accordance with applicable law and the Privacy Shield Principles. You will also be given notice should we use your PII for a purpose other than that for which it was originally collected or processed. We do not ask for, collect or knowingly receive sensitive PII, i.e., PII specifying medical or health conditions, racial or ethnic origin, political opinions, religious beliefs, or information relating to sex life. Organizations that seek or disclose such sensitive PII must receive your affirmative express consent (opt in) before disclosing it to a third party or using it for a purpose other than that for which it was originally collected or subsequently authorized.

Under the Privacy Shield Principles, regarding PII transferred from the EU/UK or Switzerland, you will have the right to (i) obtain our confirmation as to whether we are processing your PII; (ii) have communicated to you such PII so that you can verify its accuracy and the lawfulness of the data processing; and (iii) have your PII corrected, amended or deleted where it is inaccurate or processed in violation of such Principles. We have the right to charge a fee that is not excessive to comply with your request. You do not have to justify your request for PII, but we have the right to engage in a dialogue with you to better understand what you are seeking. We also have the right to obtain sufficient information about your identity to ensure that the request is not fraudulent. If we determine that access should be restricted, we will provide you with an explanation as to why we made that determination, and give you a contact point for any further inquiries. For example, if we are unable to separate confidential commercial information from your PII, we have the right to deny or limit access to avoid revealing such confidential commercial information or redact the confidential commercial information. Moreover, we have the right to set reasonable limits on the number of times within a given period you have the right to make access requests, so as to limit repetitious or vexatious requests.

Third-Party Websites

While using the Site and certain Services, you may have access to or link to -party websites, or your use of the Services may involve transfer to a third-party website, e.g., you may be referred to a payment processor website to provide credit card information or to a society partner to access additional content. Linked third-party websites are independent of ABS, and have their own terms of use/service and privacy policies, which govern your use of such websites. Links on our site do not imply our endorsement of those third-party websites.

Security

Any PII that you provide to us is stored on servers located in secure ABS-hosted or third-party data centers with restricted access, and which are protected by protocols, procedures and best practices designed to ensure the security of such information. In addition, we restrict access to PII to ABS employees, independent contractors and agents who need to know this information in order to develop, operate and maintain the Services, and are subject to confidentiality obligations. However, no server, computer or communications network or system, or data transmission over the Internet, can be guaranteed to be 100% secure. As a result, while we strive to protect User information, we cannot guarantee the security of any information you transmit to us or through the use of the Site or any of the Services. In the event that we believe that there has been a security breach involving your PII, we would endeavor to notify you promptly in accordance with applicable law. In the event such notification is appropriate under the circumstances, we would first try to notify you at the latest email address we have for you on record, subject to legal requirements.

HIPAA

The U.S. Department of Health and Human Services finalized regulations regarding privacy protections for certain health information pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As part of the Certification Processes, ABS may require an applicant to submit patient information that could be governed by HIPAA and its regulations.

ABS requires that all patient information that is forwarded as part of the Certification Processes be "de-identified" in accordance with the HIPAA privacy regulations so that all identifying information and markers that could be used to reasonably identify a patient are removed before it is forwarded to ABS. ABS will not accept any patient information that has not been de-identified in accordance with the HIPAA privacy regulations. It is the applicant or diplomate's responsibility to de-identify the patient's health information before it is submitted to ABS. If ABS receives any information that is not de-identified as part of the Certification Processes, ABS will return such information to the applicant so that it can be appropriately de-identified. This may delay ABS consideration of that applicant or diplomate during the Certification Processes. ABS cannot and will not be responsible for the applicant's violation of HIPAA and its regulations. If you have questions regarding de-identification or would like more information regarding de-identification requirements, please contact ABS.

ABS is committed to the privacy of patient information submitted by its applicants and diplomates during the Certification Processes. ABS is not a "covered entity" under HIPAA and is not subject to the HIPAA regulations. Because ABS will not accept patient information that has not been de-identified, ABS is not a "business associate" of an applicant or diplomate and ABS will not execute a business associate agreement with an applicant or diplomate.

Children's Privacy

The Site is a general audience website not intended for any person under 18 years old. We do not knowingly allow access to, or collect PII from, any person under the age of 13.

Notification of Changes

This Privacy Policy may change from time to time and we will post all the most current, updated Policy here. We suggest you review it periodically to ensure that you are in agreement with the latest updates.

Privacy Shield

ABS complies with the EU – U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of PII transferred from the European Union and Switzerland to the United States, respectively. ABS has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of both Frameworks, and any reference to "Privacy Shield Principles" shall include such Principles under both the EU and Swiss Frameworks. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For further information about the requirements for compliance with the Privacy Shield, and further detail about the Privacy Shield Principles, please visit www.privacyshield.gov. For purposes of our participation in the Privacy Shield, ABS confirms that we are subject to the jurisdiction of the United States Federal Trade Commission (FTC), and to its investigatory and enforcement powers.

Complaints and Dispute Resolution

If you have any complaint or concern regarding your PII (personal data) under this Privacy Policy, or arising under the Privacy Policy please contact us at abscomms@absurgery.org. We suggest that you put in the subject line of any email or communication "Privacy Policy" or "Privacy Complaint." We will respond within 45 days. If this does not resolve your concern, you have three (3) escalating options. (1) If you have an unresolved privacy or data use dispute or concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at www.jamsadr.com. (2) If you are unable to resolve your issue under clause (1) above, you can raise the issue with the local Data Protection Authority in the UK/EU regarding customer data, which will then be taken up by the relevant EU Data Protection Authority with the US Department of Commerce to resolve the issue, and the Department of Commerce will use best efforts to resolve the issue within timeframes set forth in the Letter from the International Trade Administration of such Department, at no cost to you. (3) If you still believe that your complaint or dispute has not been resolved, you can invoke binding arbitration as a last resort (if permitted with respect to your complaint), by providing notice to us in the manner indicated in Annex I to the EU – U.S. Privacy Shield Principles, available online, and following the procedures set forth in such Annex. The location of the arbitration will be in the United States. You may choose video or telephone participation, which will be provided at no cost to you. In-person participation will not be required. To the maximum extent permitted by applicable law, you will not be entitled to recover attorneys' or arbitration fees, even if you would otherwise be entitled to them. In addition, EU citizens have the right to initiate a private cause of action. Finally, with respect to any PII transferred from Switzerland to the U.S., the Swiss Federal Data Protection and Information Commissioner's authority shall substitute for the EU Data Protection Authority, and ABS agrees to cooperate with such Swiss Commissioner in this context. ABS commits to follow up in its verification that the attestations and assertions made in this Privacy Policy are true, and to remedy any problems that may arise if we fail to comply with the Privacy Shield Principles.

Mediation

You also agree that, in the event any dispute or claim arising out of or relating to your use of the Site or the Services or this Privacy Policy that does not relate to your PII (personal data), or that is not covered by the previous paragraph, you and ABS will attempt in good faith to negotiate a written resolution of the matter directly between the parties. You agree that if the matter remains unresolved for forty-five (45) days after notification (via certified mail or personal delivery) that a dispute exists, all parties shall join in mediation services in Philadelphia, Pennsylvania with a mutually agreed mediator in an attempt to resolve the dispute. Should you file any arbitration claims, or any administrative or legal actions without first having attempted to resolve the matter by mediation, then you agree that to the maximum extent permitted by applicable law, you will not be entitled to recover attorneys' fees, even if you would otherwise be entitled to them.

Verification

ABS self-assesses its compliance to the Privacy Shield Framework. ABS' Privacy Policy regarding PII received from the EU is accurate, comprehensive and conforms to the Privacy Shield Principles.

Questions? Contact Us

If you have any questions about our privacy practices or this Privacy Policy, please contact us by email at abscomms@absurgery.org or you can contact us by mail at:

American Board of Surgery
1617 John F. Kennedy Boulevard, Suite 860
Philadelphia, PA 19103 USA
Attn: Gabriel L. I. Bevilacqua, Esq., General Counsel

Posted: May 25, 2018

 

E9EF-3746681423-A236