Data Privacy and Security Policy

We value transparency around our data and security policies

PRIVACY NOTICE
Updated: January 1, 2025

This Privacy Notice describes the information the American Board of Anesthesiology, Inc. (“ABA”, “we”, “our”, or “us”) collects, how we use and retain this information, with whom we share it, and the choices you have in connection with these activities. This Privacy Notice applies to our registration, examination, certification, recertification, and continuing certification processes (collectively, “Certification Processes”), our website, https://www.theaba.org/ (the “Website”), and third-party social media platforms (collectively, the “Services”).

1. PERSONAL INFORMATION WE COLLECT, HOW WE USE IT, AND HOW WE SHARE IT

When you interact with us through the Services, we collect your personal information. Personal information is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.

We will collect your personal information when you:

  • Register for ABA GO Account. When you create an ABA GO account, we will collect your identifiers (last four digits of your social security number, ABA ID, date of birth and last name). This information will be used to verify you and create your account. Your status relative to our examination and certification system will be publicly available on the Website and is searchable by any user of the Website based on your first and/or last name in the “verify a physician’s certification status” function of the Website. The ABA may also disclose certain registrant, candidate, or diplomate information to research partners approved by the Board to conduct studies to assess ABA certification processes or scientific research relating to anesthesiologists, the practice of anesthesiology, and/or the education of anesthesiologists. Such research partners are required to keep information confidential.
  • Register for RTID. When residency programs register for the ABA’s Residency Training Information Database (RTID) information is collected from the residency programs concerning training reports, program director reference forms and certificates of clinical competency for trainees or board certification candidates. The ABA retains this information for 75 years.
  • Register for an examination. When you register for an examination, we will collect your identifiers (name, email address, telephone number, mailing address), professional history (medical licensure history and status, and examination history), education information (education history and status), sensitive personal information (date of birth, social security number, gender, race, and ethnicity), and health information to support your request for an accommodation (as applicable). We will use your identifiers, professional history, and education information to assess your qualifications to register for the examination. We will also collect and share with our third-party test service provider your language, date of birth, social security number, test sponsor’s identification number, employment information, previous examination history, education information, source of financing for the test, and if applicable, accommodations granted, which the service provider will only be permitted to use to provide the services to the ABA. We will also use your name and contact information to communicate with you about the examination, your results, and to keep in touch with you in the future. We will only use your sensitive personal information for diversity, equity, and inclusion efforts.
  • Participate in an examination. When you participate in an examination, we record your performance and in doing so also collect your audio and visual information. We use the recordings, together with your personal identifiers, to score your exam and for quality control purposes. We will also use the recordings to create deidentified transcripts which we will use, with the help of an artificial intelligence (AI) tool, to determine common issues and mistakes with a view to improve future exams. We will not use the information externally in identified format. All video and audio recordings, as well as all transcripts produced from the audio recordings will be retained for the time necessary to complete the scoring and the deidentification in accordance with ABA retention policies following which only deidentified information will be retained.
  • Use a third-party testing provider to administer a written examination. When you arrive at a third-party testing center, the testing center will collect, on our behalf, your identifiers (examination identification number, all or part of two forms of a government-issued identification number and/or mother’s maiden name), and signature. This information will be used by the testing center, on our behalf, to verify your identity. The third-party testing center will collect visual and auditory information (an audio and video recording of you while you are taking the examination) to proctor the examination, identify examination dishonesty and cheating, and review the recording in the future related to allegation of dishonesty and cheating. After the examination is completed, we will collect, through our third-party examination provider, your test results.
  • Request a Duplicate Certificate. When you complete the duplicate certificate request form, we will collect your identifiers (name, ABA ID Number, address to ship the certificate, and, if different, an address for future correspondence) and the certificate type. We will use this information to process your request, ship the duplicate certificate to the address you provided, and communicate with you in the future.
  • Submit a Data Request. When you submit a request for data to use for scientific literature or medical education, we will collect your identifiers (name, business telephone number, business address, and signature) and employer information (institution name, position/job function), the request and request fulfillment date, and a description of: (a) the data requested, (b) the purpose for which the data will be used, and (c) the final product in which the requested data or analysis of the requested data will appear. We will use this information to process your request, communicate with you about the request, and if approved, coordinate the delivery of the requested data.
  • Complete the Media Contact form. When you complete the media contact form, we will collect your identifiers (name, business telephone number, business email address) and the details of your inquiry. We will use this information to communicate with you about your request.
  • Subscribe to our marketing communications. When you are added to our marketing communications list, if we have not collected it already, we will collect your personal identifiers (name and email address). We use this personal information to send you email alerts and communications. We will share your identifiers (name and email address) with our email marketing provider to send you the emails. You can unsubscribe at any time by clicking on the “unsubscribe” link in each email. Please note that we will continue to send you notifications necessary to the Services, or your request services or inquiries. Our communications contain tracking technologies to analyze whether a predefined action took place by a recipient. You can disable tracking by disabling the display of images by default in your email program.
  • Make a Payment. We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g., payment processors). We will not store or collect your credit card information. That information is provided directly to our third- party payment processors whose use of your personal information is not governed by this Privacy Notice. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The payment processor we work with is Authorize.net. For information on Authorize.net, visit their Privacy Policy web page: https://www.authorize.net/company/privacy/
  • Visit the Website. In addition to the personal information you provide directly to us, we also collect information automatically as you use our Website. We use essential, functional, analytics, and advertising cookies to collect your internet or other electronic network activity information (device, usage, location information (determined through your IP address), such as your browsing history, configuration, unique online identifiers, and interactions with our ads on third-party websites), when you interact with the Website. We use this information to: (i) track you within the Website; (ii) enhance user experience; (iii) conduct analytics to improve the Website; (iv) prevent fraudulent use of the Website; (v) diagnose and repair Website errors, and, in cases of abuse, track and mitigate the abuse; and (vi) market to you more effectively across different web pages and social media platforms. In general, to disable cookies and limit the collection and use of information through them, you can set your browser to refuse cookies or indicate when a cookie is being sent. When you opt-out, an opt-out cookie will be placed on your device. The opt-out cookie is browser and device specific and will only last until cookies are cleared from your browser or device. Particular third-party cookies to note on our Website include:
    • Google Analytics. We use Google Analytics to collect information on your use of our Website to improve our Website. In order to collect this information, Google Analytics may set cookies on your browser, or read cookies that are already there. Google Analytics may also receive information about you from applications you have downloaded that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to our Website is restricted by the Google Analytics Terms of Use and Privacy Policy. Generally, to prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on.
  • Interact with us on social media. When you interact with our page on social networking websites, such as Facebook, Twitter (now “X”), LinkedIn, and Instagram (each a “Social Media Page” and collectively “Social Media Pages”), we collect basic engagement metrics and use it to tailor content and marketing and use it to improve user experience as set forth in this section. Please note that we do not control the use or storage of the information that you have posted to any social networking websites. This information is collected and processed by the social networking websites for their own purposes, including marketing. For more information on how Facebook, Twitter (“X”), LinkedIn, and Instagram use your personal information, please see Facebook’s Privacy Policy, Twitter’s (X’s) Privacy Policy, LinkedIn Privacy Policy, and Instagram’s Privacy Policy.
    • Social Media Pages. When interacting with our Social Media Pages, we collect, from you, your personal identifiers (first and last name) and visual information (photograph (i.e., profile picture)), as well as any information that you provide when interacting with our Social Media Pages (e.g., commenting, sharing, and rating). We use this information to advertise our services, for events and invitations, and to communicate with users via the contribution and comment function. Because our Social Media Pages are publicly accessible, when you use them to interact with other users, for example by posting, leaving comments or liking or sharing posts, any personal information that you post in them or provide when registering can be viewed by others or used by them as they see fit.
    • Community Management. We collect, from you, your engagement, including “likes”, shares, messages and other interactions with the content, in order to analyze and evaluate how our content is perceived, to learn from it, and to improve our public relations efforts. We use this information to create outreach that matches our Social Media Pages and to disseminate it via social networking sites.
    • Events and Photos. When you register for an event on our Social Media Page, we collect, from you, your personal identifiers (first and name, email address, telephone number, physical address, and any other information you provide). We use this information to create and manage the event (e.g., to create the guest list, accreditation and admission control, room and personnel planning, planning the catering) as well as to send you your invitation and notifications about the event. We also use this information for prevention of fraud and defense against legal claims. At events for which you have registered, photos and video recordings may be made (possibly by a photographer commissioned by us), in which you may also be shown. If you are the central subject of a recording, the photographer will ask you before the recording/taking the photo whether you agree and consent. We use the photos for our public relations and marketing on our various media/digital media outlets.
    • Messenger Functionality. When using messenger functionality on Social Networks, Social Networks collect, automatically, your internet or other electronic network activity information (IP address, date and time of the server request, time zone, specific browser or app function, access status, amount of data transferred, browser or app from which the Request comes, device type, operating system used, and its interface (e.g., Android or IOS), language, version of the operating system, and device identifiers). We do not use this information; its use is governed by the respective Social Networks’ privacy policies (linked above).
    • Information Processed Solely by Social Networks. We do not know how the Social Networks use personal information for its own purposes, how long the personal information is stored on the Social Network or whether the Social Network data is passed on to third parties. If you are currently logged in to a Social Network as a user, the Social Network automatically collects, through trackers on your device, your Social Network ID or a link between the Social Network ID and the advertising ID (IDFA from Apple or GAID from Google) when you open the Social Network app through your mobile device (e.g., smartphone or tablet). This enables the Social Network to understand that you have visited our Social Media Page along with other Social Network pages that you have clicked on, whether you clicked on Social Network buttons integrated into websites that partner with the Social Network, and other online interactions that report user data to the Social Network. Based on this data, content or advertising tailored to you can be offered. You can find more information about the personal information collected by Social Networks, how it is used and how long it is stored by visiting the Social Network’s privacy policies, linked above.

PLEASE NOTE: Our Service may contain links to other sites we do not operate. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

 

Data Retention

Unless otherwise stated in this Privacy Notice, we retain your personal information (i) for as long as the relevant account exists, or (ii) until we no longer need your information to fulfill the purposes for which we collected it. However, we may need to use and retain your personal information for longer than the periods indicated above for purposes of:

  • Compliance with our legal obligations. For example, retaining your records for the purpose of accounting, dispute resolution, and compliance with labor, tax, licensing, and financial laws and regulations.
  • Meeting our safety and security commitments. Such as keeping our properties secure and preventing fraud.
  • Exercising or defending legal claims. We also may need to retain personal information for longer than the periods indicated above in order to respond to legal process or enforceable governmental requests, or to enforce our contracts or Terms of Use, including investigation of potential violations.

 

2. HOW WE SHARE YOUR PERSONAL INFORMATION

ABA shares personal information in the following instances:

  • Within ABA. We share your personal information within ABA to provide efficiently and effectively, or keep in contact with you through, the Services. Access to your personal information is limited to those on a need-to-know basis, including ABA staff and board members.
  • With service providers. We share personal information with service providers that assist us in providing the Services or our services. These service providers are described more specifically in the PERSONAL INFORMATION WE COLLECT, HOW WE USE IT, AND HOW WE SHARE IT section of this Privacy Notice. Generally, the ABA may share relevant personal information with third-party vendors such as publishing certification information, verifying Continuing Medical Education course completions, test center and proctoring services, deploying informational emails, or payment processing.
  • In the event of a corporate reorganization. In the event that we intend to alter, or do alters the structure of our business, such as a reorganization, we would share personal information with third parties and their agents and advisors for the purpose of facilitating and completing the restructuring. We would also share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings.
  • For legal purposes. We will share your personal information where we are legally required to do so, such as in response to court orders, law enforcement or legal process, including for national security purposes; to establish, protect, or exercise our legal rights, as required to enforce our terms of service or other contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law to which ABA is subject.
  • With your consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the personal information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time.

ABA may also share anonymized and aggregated data (“De-Identified Information”) in marketing materials.

3. GENERAL INFORMATION CHOICES

You have the following choices with respect to your personal information:

  • Change your Portal account information. You can update your information directly within your Account Settings in your portal account. You are encouraged to change your personal information when necessary. The ABA generally does not make changes to physicians’ personal information in their portal accounts. The only change that requires intervention by the ABA is a name change, which requires documentation of the change.
  • Opt-out of marketing email trackers. You can disable tracking by disabling the display of images by default in your email program.
  • Opt-out of marketing communications. You may opt-out of receiving marketing emails from us by clicking the “unsubscribe” link provided with each email. Please note that we will continue to send you emails necessary to the Services or any assistance or services you request. For text message marketing, you can opt out by replying “STOP” to any automated text message.
  • Opt Out of Other Cookies. All session cookies are temporary and expire after you close your web browser. Persistent cookies can be removed by following your web browser’s directions. To find out how to see what cookies have been set on your computer or device, and how to reject and delete the cookies, please visit: https://www.aboutcookies.org/. Please note that each web browser is different. To find information relating to your browser, visit the browser developer’s website and mobile application. If you reset your web browser to refuse all cookies or to indicate when a cookie is being sent, some features of our website may not function properly. The opt-out cookie will not work for essential cookies. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return and update your preferences. By clicking on the “Opt-Out” links below, you will be directed to the respective third-party website where your computer will be scanned to determine who maintains cookies on you. At that time, you can either choose to opt out of all targeted advertising or you can choose to opt out of targeted advertising by selecting individual companies who maintain a cookie on your machine.

4. DO NOT TRACK

We do not recognize “Do Not Track” requests for internet browsers. Do Not Track is a preference you can set to inform websites and applications that you do not want to be tracked.

5. SECURITY OF YOUR PERSONAL INFORMATION

We implement and maintain reasonable security measures to protect the personal information we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. Examination results and sensitive registrant, candidate, and diplomate data transmissions are encrypted and stored in secure areas of ABA systems accessible only by authorized Board personnel with a unique ID and password. ABA database servers used for transactions and communication with registrants, candidates, and diplomates are located in a restricted, secure area accessible only by authorized personnel. Firewalls and monitoring devices are utilized to seek to prevent unauthorized access via the internet. However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.

6. AGE RESTRICTION

The Services are not intended for individuals under the age of thirteen (13). If we learn that we have collected or received personal information from a child under the age of thirteen (13), we will delete that information. If you believe we might have information from or about a child under the age of thirteen (13), please contact us at (866) 999-7501 or coms@theaba.org.

7. CHANGES TO THIS PRIVACY NOTICE

We may amend this Privacy Notice in our sole discretion at any time. If we do, we will post the changes to this page, and will indicate the date the changes go into effect. We encourage you to review our Privacy Notice to stay informed. If we make changes that materially affect your privacy rights, we will notify you by prominent posting on the Website, and/or via email, and request your consent, if required.

8. CONTACT US

If you have any questions regarding this Privacy Notice, please contact us at (866) 999-7501 or coms@theaba.org.

Last modified on January 1, 2025