DATA PRIVACY AND SECURITY POLICY

During registration, examination, certification, recertification and maintenance of certification processes (collectively, “certification processes”), the American Board of Anesthesiology, Inc.  (“the ABA”, "us", "we", or "our") must collect and utilize personal and professional information pertaining to its registrants, candidates and diplomates. The ABA has issued this Data Privacy and Security Policy to govern the collection, use and disclosure of such information. The Policy’s purpose is to help protect the security and privacy of information provided during the certification processes.
 
The ABA requires that registrants, candidates and diplomates provide certain personal information to be used during the certification processes. We work diligently to keep such information confidential and protected and to limit such disclosures to those who “need to know” the information to properly perform an ABA function or operation relating to the certification processes.
 
The ABA maintains physical, electronic and procedural safeguards to protect and secure all personal information in its possession. The ABA’s security measures endeavor to protect the confidentiality of online communications, examination results and other data related to the certification processes. Examination results and sensitive registrant, candidate and diplomate data transmissions are encrypted and stored in secure areas of ABA systems accessible only by authorized Board personnel with a unique ID and password. ABA database servers used for transactions and communication with registrants, candidates and diplomates are located in a restricted, secure area accessible only by authorized personnel. Firewalls and monitoring devices are utilized to seek to prevent unauthorized access via the Internet. The ABA endeavors to take reasonable precautions to ensure that personal information is not exposed to unauthorized persons. In the unlikely event that an unauthorized party gains access to personal information stored in the ABA’s computer systems, the Board will notify the affected person(s) without unreasonable delay and consistent with the legitimate needs of law enforcement. In this event, the ABA will take steps to determine the scope of the breach and restore our systems to a reasonable level of security.
 

The Service

The ABA operates the web domain theaba.org, which publishes several websites, including www.theaba.org, portal.theaba.org, and rtid.theaba.org (the "Service").
 
In addition to informing you of our policies regarding the collection, use, and disclosure of personal data when you use our Service, this policy also informs you of the choices you have associated with that data.  The ABA may share relevant personal information with third-party vendors for them to provide services for you, such as publishing certification information, verifying Continuing Medical Education course completions, deploying informational emails or payment processing. Third-party vendors are required to keep your personal information confidential.
 
The ABA may also disclose certain registrant, candidate or diplomate personal information to third parties in response to lawful processes (such as a subpoena or court order) and make disclosures to the public regarding the registrant’s, candidate’s or diplomate’s certification status. In making such external disclosures to third parties, the ABA will only disclose information that is minimally necessary to accomplish the purposes described above and require any receiving party to take proper security precautions, unless such information is already in the public domain. The ABA also may disclose certain registrant, candidate or diplomate information to research partners approved by the Board to conduct studies to assess ABA certification processes or scientific research relating to anesthesiologists, the practice of anesthesiology and/or the education of anesthesiologists. Such research partners are required to keep information confidential.
 
The ABA takes great care to protect physicians’ personal information. However, if you leave our domains while managing your ABA account and share information, including your personally identifiable information, with third parties, we will not have control over how the third party uses and secures your information. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.
 

Definitions

  • Personal Data: Personal Data means data about a living individual who can be identified from such data (or from data and other information either in our possession or likely to come into our possession).
  • Usage Data: Usage Data is data collected automatically from use of the Service or from the Service infrastructure itself (e.g., the duration of a page visit).
  • Data Controller: The Data Controller is someone who (either alone, jointly or in conjunction with a group) determines the purposes for which and the manner in which any personal data are processed.  For the purpose of this Privacy Policy, we are a Data Controller.
  • Data Processor (or Service Provider): The Data Processor (or Service Provider) is any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.  We may use the services of various Service Providers to process your data more effectively.
  • Data Subject: The Data Subject is any living individual who is the subject of Personal Data, including Users and others.
  • User: The User is the individual using our Service (e.g., physicians). The User corresponds to the Data Subject, who is the subject of Personal Data.
  • Information Collection and Use: We collect several different types of information for various purposes to provide and improve our Service to you.
 

Types of Data Collected

  • Personal Data: While using our Service, we may ask you to provide personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
    • Email address
    • First name and last name
    • Phone number
    • Address, State, Province, ZIP/Postal code, City
    • Medical Licensure History and Status
    • Education History and Status 
  • Cookies and Usage Data: We may use your Personal Data to contact you with information regarding your certification status, programmatic updates, and other news of the Board that may be of interest to you.
  • Usage Data: We may also collect information on how the Service is accessed and used ("Usage Data"). Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
  • Tracking & Cookies Data: We use cookies and similar tracking technologies to monitor activity on our Service and store certain information.

Cookies are files with small amounts of data that are stored on a User’s device and may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts that collect and track information to analyze and improve our Service.     

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:
Session Cookies: We use Session Cookies to operate our Service. Session cookies are stored in temporary memory and are not retained after the browser is closed.          

Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.
 

Use of Data

The ABA uses the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support
  • To gather and analyze valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To provide you with news, programmatic information and general updates about services and events that we offer that may be of interest to you
  • To conduct research, in which case your data will be decoupled from your personal identity
 

Retention of Data

The ABA will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
 
The ABA will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

 
Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ. 
 
  • International Users: If you are an International User located outside of the United States and choose to provide personal information to us, please note that we transfer the data, including Personal Data, to the United States for processing. 
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.    

The ABA endeavors to take reasonable steps to treat your data securely and in accordance with this Privacy Policy. We will not knowingly transfer your Personal Data to an organization or a country that does not have adequate security controls in place to avoid theft, misuse or other abuses.
 

Disclosure of Data

  • Disclosure for Law Enforcement: Under certain circumstances, the ABA may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a subpoena).
  • Legal Requirements: The ABA may disclose your Personal Data if we reasonably believe such action is necessary to:
    • To comply with a legal obligation
    • To protect and defend the rights or property of the ABA
    • To prevent or investigate possible wrongdoing in connection with the Service
    • To protect the personal safety of the Service users or the public
    • To protect against legal liability
 

Security of Data

The security of your data is of the utmost importance to us. However, no method of data transmission using the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
 

"Do Not Track" Function

We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. This functionality does not work on our sites and our sites will not acknowledge, respond to, or accept a Do Not Track request.
 

Your Rights

The ABA aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data. You can update your Personal Data directly within your Account Settings in your portal account. You are encouraged to change your personal information when necessary. The ABA generally does not make changes to physicians’ personal information in their portal accounts. The only change that requires intervention by the ABA is a name change, which requires documentation of the change.
 
If you wish to be informed what Personal Data we hold about you and/or want it to be removed from our systems, or have any concerns regarding the accuracy or completeness of it, please contact our Communications Center at (866) 999-7501 or at coms@theABA.org.        

In certain circumstances, you have the right:

  • To access and receive a copy of the Personal Data we hold about you

  • To rectify any Personal Data held about you that is verified as inaccurate

  • To request the deletion of Personal Data held about you

You have the right to data portability for the information you provide to the ABA. You can request a copy of your Personal Data in a commonly used electronic format so that you can manage and move it.  Please note that your identity must be verified before responding to such requests.

 
Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform related services or to assist us in analyzing how our Service is used.  These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
 

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.      

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information about your activity related to our Service. For more information on Google privacy practices, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

 

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).     

We will not store or collect your credit card information. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
 
The payment processor we work with is Authorize.net. For information on the Authorize.net, visit their Privacy Policy web page: https://www.authorize.net/company/privacy/
 

Links to Other Sites

Our Service may contain links to other sites that we do not operate. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
 
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
 

Children's Privacy

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
 

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you via email and posted messages on our Service of any changes to the policy prior to the change becoming effective. We will update the "effective date" at the top of this Privacy Policy.
 
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
 

Contact Us

If you have any questions about this Privacy Policy, please contact our Communications Center at (866) 999-7501 or at coms@theABA.org.
 
By using the ABA site and furnishing your data to us you acknowledge that you have read the foregoing ABA Privacy and Security Policy and consent to it in its entirety.