About > General Policies
Welcome to the ABS website located at www.absurgery.org (the "Site"). The American Board of Surgery Inc. ("ABS," "we," "us" or "our") is committed to respecting the privacy rights of all site visitors and users ("Users," "you," or "your"). We have established this Privacy Policy, publicly available on the Site under "About >> General Policies" to explain our practices regarding the collection and use of information about Site Users.
The Site is intended to provide information pertaining to ABS certification services. It provides access to information regarding certification requirements, as well as examination application and registration, news, links to other internet resources, and more. We use information that we collect from you to better serve you. By visiting the Site or using any of the Site's features or online services (collectively, "Services") or using any websites and communication channels, applications, and services that reference this policy, you consent to ABS' collection, use, processing, storage, deletion and disclosure of personally identifiable information relating to you as set forth in this Privacy Policy. This Privacy Policy is effective upon posting.
In the course of examination processes, certification, recertification, and Continuous Certification (collectively, "Certification Processes"), the ABS must collect and utilize personal and professional information pertaining to its applicants and ABS-certified surgeons, known as diplomates. ABS has issued the following Privacy Policy to govern ABS' collection, use, and disclosure of such information and its policies and practices regarding the privacy of information during the Certification Processes. The goal of establishing this Privacy Policy is to assure all persons disclosing information to ABS during the Certification Processes of the sensitivity and care utilized in protecting this information.
In order to determine the qualifications of applicants during the Certification Processes, ABS requires that applicants and diplomates provide personal contact and identifying information, as well as personal, educational, and professional background information. This information is used by ABS to identify and determine an applicant's or diplomate's appropriate status with the ABS.
ABS collects the following information from Users. Except as otherwise indicated below, ABS does not collect personally identifiable information or "PII" (as defined below) unless you voluntarily provide it to us. In addition, ABS limits the PII it collects to information that is relevant for purposes of providing access to the account and associating examination and certification status information with users' accounts.
When you complete an application or registration form, you may also be required to provide your name, position, institution, address, telephone, fax, email address, and similar information. Users may request to receive information from ABS, or to otherwise interact with ABS, in which case an email or other address or PII may be collected in order to allow us to comply with the request, and for other purposes as may be disclosed to you at the time the request is made or otherwise as set forth in this Privacy Policy.
In connection with the registration and administration of its examinations, ABS requires an applicant's or diplomate's personal information, including name, mailing address, and social security number. Social security numbers are used only as an individual identifier. ABS restricts access to such personal information to ABS employees and contractors who need this information to conduct the registration, administration, and scoring of examinations, and verification of certification by ABS.
ABS considers only the certification, recertification and Continuous Certification status of applicants and diplomates to be public information and regards all other information about applicants and diplomates as private and confidential.
We may use PII that you provide to us to personalize your profile information in connection with your use of Services, or to maintain, customize and add new resources and services, and to allow communication and interaction between you and ABS. In addition, we will share the personal information we collect from you under the following circumstances:
ABS reserves the right to disclose to third parties, including medical licensing authorities, information in its possession regarding any individual whom it determines, in its sole and absolute discretion, is involved in a violation of ABS rules or procedures or engaged in misrepresentation or unprofessional behavior or any other illegal activity. Such determinations may include statistical analyses of examination responses.
You have the right to access your personal data/PII. You may choose to opt out of certain disclosures if you do not want your information released or used for a purpose materially different than the purpose for which it was originally collected or subsequently authorized by you. You may request that we update, correct, amend or delete any of the PII or other information we have collected from you, or you may opt out of receiving ABS announcements and other communications such as newsletters, by sending an email to us at abscomms@absurgery.org. We may choose not to fulfill any request that we determine is illegal or where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated, but our intention is to comply with opt-out requests, and other requests that seek to correct, update or delete your PII, as fully as possible in accordance with applicable law. You will also be given notice should we use your PII for a purpose other than that for which it was originally collected or processed. We do not ask for, collect or knowingly receive sensitive PII, i.e., PII specifying medical or health conditions, racial or ethnic origin, political opinions, religious beliefs, or information relating to sex life. Organizations that seek or disclose such sensitive PII must receive your affirmative express consent (opt in) before disclosing it to a third party or using it for a purpose other than that for which it was originally collected or subsequently authorized.
According to the privacy principles, you will have the right to (i) obtain our confirmation as to whether we are processing your PII; (ii) have communicated to you such PII so that you can verify its accuracy and the lawfulness of the data processing; and (iii) have your PII corrected, amended or deleted where it is inaccurate or processed in violation of such principles. We have the right to charge a fee that is not excessive to comply with your request. You do not have to justify your request for PII, but we have the right to engage in a dialogue with you to better understand what you are seeking. We also have the right to obtain sufficient information about your identity to ensure that the request is not fraudulent. If we determine that access should be restricted, we will provide you with an explanation as to why we made that determination, and give you a contact point for any further inquiries. For example, if we are unable to separate confidential commercial information from your PII, we have the right to deny or limit access to avoid revealing such confidential commercial information or redact the confidential commercial information. Moreover, we have the right to set reasonable limits on the number of times within a given period you have the right to make access requests, so as to limit repetitious or vexatious requests.
While using the Site and certain Services, you may have access to or link to -party websites, or your use of the Services may involve transfer to a third-party website, e.g., you may be referred to a payment processor website to provide credit card information or to a society partner to access additional content. Linked third-party websites are independent of ABS, and have their own terms of use/service and privacy policies, which govern your use of such websites. Links on our site do not imply our endorsement of those third-party websites.
Any PII that you provide to us is stored on servers located in secure ABS-hosted or third-party data centers with restricted access, and which are protected by protocols, procedures and best practices designed to ensure the security of such information. In addition, we restrict access to PII to ABS employees, independent contractors and agents who need to know this information in order to develop, operate and maintain the Services, and are subject to confidentiality obligations. However, no server, computer or communications network or system, or data transmission over the Internet, can be guaranteed to be 100% secure. As a result, while we strive to protect User information, we cannot guarantee the security of any information you transmit to us or through the use of the Site or any of the Services. In the event that we believe that there has been a security breach involving your PII, we would endeavor to notify you promptly in accordance with applicable law. In the event such notification is appropriate under the circumstances, we would first try to notify you at the latest email address we have for you on record, subject to legal requirements.
The U.S. Department of Health and Human Services finalized regulations regarding privacy protections for certain health information pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As part of the Certification Processes, ABS may require an applicant to submit patient information that could be governed by HIPAA and its regulations.
ABS requires that all patient information that is forwarded as part of the Certification Processes be "de-identified" in accordance with the HIPAA privacy regulations so that all identifying information and markers that could be used to reasonably identify a patient are removed before it is forwarded to ABS. ABS will not accept any patient information that has not been de-identified in accordance with the HIPAA privacy regulations. It is the applicant or diplomate's responsibility to de-identify the patient's health information before it is submitted to ABS. If ABS receives any information that is not de-identified as part of the Certification Processes, ABS will return such information to the applicant so that it can be appropriately de-identified. This may delay ABS consideration of that applicant or diplomate during the Certification Processes. ABS cannot and will not be responsible for the applicant's violation of HIPAA and its regulations. If you have questions regarding de-identification or would like more information regarding de-identification requirements, please contact ABS.
ABS is committed to the privacy of patient information submitted by its applicants and diplomates during the Certification Processes. ABS is not a "covered entity" under HIPAA and is not subject to the HIPAA regulations. Because ABS will not accept patient information that has not been de-identified, ABS is not a "business associate" of an applicant or diplomate and ABS will not execute a business associate agreement with an applicant or diplomate.
The Site is a general audience website not intended for any person under 18 years old. We do not knowingly allow access to, or collect PII from, any person under the age of 13.
This Privacy Policy may change from time to time and we will post all the most current, updated Policy here. We suggest you review it periodically to ensure that you are in agreement with the latest updates.
If you have any complaint or concern regarding your PII (personal data) under this Privacy Policy, or arising under the Privacy Policy please contact us at abscomms@absurgery.org. We suggest that you put in the subject line of any email or communication "Privacy Policy" or "Privacy Complaint." We will respond within 45 days.
You also agree that, in the event any dispute or claim arising out of or relating to your use of the Site or the Services or this Privacy Policy that does not relate to your PII (personal data), or that is not covered by the previous paragraph, you and ABS will attempt in good faith to negotiate a written resolution of the matter directly between the parties. You agree that if the matter remains unresolved for forty-five (45) days after notification (via certified mail or personal delivery) that a dispute exists, all parties shall join in mediation services in Philadelphia, Pennsylvania with a mutually agreed mediator in an attempt to resolve the dispute. Should you file any arbitration claims, or any administrative or legal actions without first having attempted to resolve the matter by mediation, then you agree that to the maximum extent permitted by applicable law, you will not be entitled to recover attorneys' fees, even if you would otherwise be entitled to them.
If you have any questions about our privacy practices or this Privacy Policy, please contact us by email at abscomms@absurgery.org or you can contact us by mail at:
American Board of Surgery
1617 John F. Kennedy Boulevard, Suite 860
Philadelphia, PA 19103 USA
Attn: Abby Pozefsky, Esq., General Counsel
Updated: Jan. 4, 2019