Use and Disclosure of Personal Information
To determine the qualifications of applicants during the Certification Processes, the ABPS requires that applicants and diplomates provide personal contact and identifying information, as well as personal, educational, and professional background information. The Oral Examination requires that the applicant provide sensitive information about patients that they treat. This information is used by ABPS to identify and determine an applicant’s or diplomate’s appropriate status with the ABPS.
As part of the registration and administration of its examinations, the ABPS requires an applicant’s or diplomate’s personal information, including name, mailing address, and social security number. Social security numbers are used only as an individual identifier. The ABPS restricts access to such personal information to ABPS employees and contractors who require this information to conduct the registration, administration, and scoring of examinations, and for the verification of certification by the ABPS.
The ABPS does not disclose any personal information regarding its applicants or diplomates to non-ABPS employees and contractors, except when required by law (such as complying with a subpoena or court order) or as described below for the American Board of Medical Specialties (“ABMS”). The ABPS does not share personal information about its applicants or diplomates with companies or other third parties outside of the ABPS for marketing purposes. The ABPS considers only the certification, recertification and Continuous Certification status of applicants and diplomates to be public information.
Upon certification and recertification, the ABPS provides biographical and demographic data on diplomates to the ABMS, which publishes The Official ABMS Directory of Board Certified Medical Specialists®. The ABMS will directly contact diplomates regarding the publication of diplomate information in its directory. ABPS diplomates will communicate directly to ABMS the personal information that they wish to have appear in their directory.
The ABPS provides residency program directors with the results of their residents’ performance on specific ABPS examinations. Individual examination results are not provided to any other person or institution. The ABPS will use performance on examinations and other information to accomplish its mission and for research purposes. The ABPS may publish studies generated as a result of such research. Published studies will not, without consent, identify specific individuals, hospitals, or practice affiliations.
The ABPS provides summary information for specific residency programs regarding the collective performance of residents on ABPS examinations to the Residency Review Committee for Plastic Surgery, and in the interests of better informing medical students regarding surgical training, will provide this information to the public via the ABPS website.
The ABPS reserves the right to disclose information in its possession regarding any individual whom it determines, in its sole and absolute discretion, is involved in a violation of the ABPS rules or procedures or engaged in misrepresentation or unprofessional behavior or any illegal activity. Such determinations may include statistical analyses of examination responses.
Protection of Personal and Financial Information
The ABPS maintains reasonable physical, electronic, and procedural safeguards to protect and secure all personal information in its possession. The ABPS’ security measures protect the confidentiality of online communication, examination results, and data related to the Certification Processes.
ABPS collects personal information such as names, street or post office box addresses, email addresses, etc., and in some cases financial information (such as credit card information). The ABPS restricts access to financial information collected by the ABPS to ABPS employees and contractors who need to know this information to conduct the business and affairs of the ABPS.
HIPAA Privacy Rule
The U.S. Department of Health and Human Services finalized regulations regarding privacy protections for certain health information pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As part of the Certification Processes, the ABPS may require an applicant to submit patient information that could be governed by HIPAA and its regulations.
The ABPS requires that all patient information that is forwarded as part of the Certification Processes be “de-identified” in accordance with the HIPAA privacy regulations so that all identifying information and markers that could be used to reasonably identify a patient are removed before it is forwarded to the ABPS. The ABPS will not accept any patient information that has not been de-identified in accordance with the HIPAA privacy regulations. It is the applicant’s or diplomate’s responsibility to de-identify the patient’s health information before it is submitted to the ABPS. If the ABPS receives any information that is not de-identified as part of the Certification Processes, the ABPS will return such information to the applicant so that it can be appropriately de-identified. This may delay the ABPS consideration of that applicant or diplomate during the Certification Processes. The ABPS cannot, and will not, be responsible for the applicant’s violation of HIPAA and its regulations. If you have questions regarding de-identification or would like more information regarding de-identification requirements, please contact your attorney or the ABPS.
The ABPS is committed to maintaining the privacy of patient information submitted by its applicants and diplomates during the Certification Processes. The ABPS is not a “covered entity” under HIPAA and is not subject to the HIPAA regulations.