DATA PRIVACY AND SECURITY POLICY

1.0 Introduction

In the course of registration, examination, certification, recertification, and Maintenance of Certification processes (collectively, "Certification Processes"), the American Board of Anesthesiology, Inc. (ABA) must collect and utilize personal and professional information pertaining to its applicants and diplomates. The ABA has issued this Data Privacy and Security Policy to govern the collection, use, and disclosure of such information. The Policy ensures that the ABA will protect the security and privacy of any information provided to us during the Certification Processes.


2.0 Personal Information

The ABA requires that registrants, candidates, and diplomates provide certain personal information to be used by the ABA during the Certification Processes. In connection with performing activities relating to the Certification Processes, the ABA uses its best efforts to keep such information confidential and protected and will limit such disclosures to those who have a “need to know” the information in order to properly perform an ABA function or operation relating to the Certification Processes. With respect to external disclosures to third parties, the ABA may disclose certain registrant or diplomate personal information in response to lawful processes (such as a subpoena or court order) and make disclosures to the public regarding the registrant’s or diplomate’s certification status. In making such external disclosures to third parties, the ABA will only disclose such information that is minimally necessary to accomplish the purposes described above and require any receiving party to take proper security precautions, unless such information is already in the public domain. The ABA also may disclose certain registrant or diplomate information to research partners approved by the ABA for the purpose of conducting studies to assess ABA certification processes or to conduct scientific research relating to anesthesiologists, the practice of anesthesiology and/or the education of anesthesiologists.


3.0 Security

The ABA maintains physical, electronic, and procedural safeguards to protect and secure all personal information in its possession. The ABA’s security measures protect the confidentiality of online communications, examination results, and other data related to the Certification Processes. Examination results and sensitive registrant and diplomate data transmissions are encrypted and stored in secure areas of ABA systems accessible only by authorized ABA personnel with a unique ID and password. ABA database servers used for transactions and communication with registrants and diplomates are located in a restricted, secure area accessible only by authorized personnel. Firewalls and monitoring devices are utilized to prevent unauthorized access via the Internet.


4.0 Notifications

The ABA takes all reasonable precautions to ensure that personal information is never exposed to any unauthorized person. In the unlikely event that an unauthorized party gains access to personal information stored in the ABA’s computer systems, the ABA will notify the affected person(s) without unreasonable delay and consistent with the legitimate needs of law enforcement, pursuant to North Carolina law 75-65 “Protection from security breaches.” In this event, the ABA will take all necessary steps to determine the scope of the breach and restore our systems to a reasonable level of security.
 

Click here for more information on North Carolina General Statute 75-65.
Updated: January, 2013