Collection of Personal Information
You may choose to disclose or not disclose the personal information we request during the registration process; however, if you choose not to disclose the requested information, we may not be able to provide you with some or all of the information or services you request.
Automated Information Collection
How We Use Your Information
We use the information collected automatically to obtain general statistics regarding the use of the Website and its specific web pages and to evaluate how our visitors use and navigate the Website. For example, we may calculate the number of people who use the Website, open our emails, and which pages are most popular.
The ABO Website uses the information you provide through the registration process to provide you with the information and services you request, to communicate with you on matters relating to the Website and your account, to provide necessary information to accrediting or certifying bodies and other of our business affiliates (but only in connection with the information and services you request from us) to provide you with information about related services and/or products.
The ABO Website may also use information about you to resolve disputes, troubleshoot problems, or enforce our rights. At times, the ABO Website may review the information of multiple users to identify problems or to resolve disputes.
Opt-Out Policy: If you do not wish to receive certain communications from the ABO Website you may opt out by declining the service offered or informing us that you no longer wish to receive such communications. We will comply with your request unless such communications are necessary for the administration of your account, required by law, or necessary to protect our rights.
Sharing with Third Parties
Some of your private information may be disclosed to third parties in order to provide the information and services that you request, and may be used by both the ABO Website and third parties to provide that information and/or perform those services. You acknowledge that certain activities may require the ABO Website to share your private information, your patient-level data, and/or the activity’s results with the associated third party accreditor. We are not responsible for the use of any such information by such third party accreditor, including use by any of the same in a manner not intended when such information is disclosed to them.
We may combine, in a non-personally-identifiable format, the information that the ABO Website collects from you with information from other users to create aggregate data, which may be shared with third parties. For example, the ABO Website might inform third parties regarding the number of users of our Website and their collective interaction within the Website.
The ABO website is not a “covered entity” as that phrase is defined under HIPPA (pub. L. 104-191) and/or the privacy and security rules, 45 c.f.r. parts 160 & 164 subparts c and e. As such, the ABO website is not subject to HIPAA or the privacy and security rules. The ABO website makes no warranty or representation that the business associate addendum is necessary and/or sufficient for the compliance by you or any health care professional with HIPAA, the privacy and security rules, and/or any other applicable law or regulation pertaining to the confidentiality, use or safeguarding of health information. The ABO website makes no warranty or representation that the disclosures of information by you or any health care professional to the ABO website are permissible under HIPAA and/or the privacy and security rules. You and each health care professional is solely responsible for all decisions it makes regarding the use, disclosure or safeguarding of “protected health information.”
Technical and legal circumstances beyond our control could prevent the ABO Website from ensuring that your information will never be disclosed in ways not otherwise described herein. For example, among other things, we may be required by law, regulation or court order to disclose information to government representatives or third parties under certain circumstances. If the ABO Website is requested by law enforcement officials or judicial authorities to provide information on individuals, the ABO Website may, without your consent, provide such information. In matters involving claims of personal or public safety or in litigation where the data is pertinent, the ABO Website may use or disclose your personal information without your consent or court process. Unauthorized parties may unlawfully intercept or access transmissions despite any commercially reasonable security efforts by the ABO Website. Even with such technology, no website is 100% secure. Further, corporate restructurings, sale of assets, merger, divestiture and other changes of control or financial status affecting the Website may require disclosure as an incidental result of a transfer of assets by operation of law or otherwise. Therefore, the ABO Website does not promise, and you should not expect, that your private information shall remain private under all circumstances and you shall not hold the ABO Website or its business associates liable for its failure to do so.
You may review and update the personal information you have provided to the ABO Website and change certain choices you have made concerning the sharing of your personal information, by making changes on the ”My ABO” tab at the top of the page.
The ABO Website uses commercially reasonable efforts to ensure the security of your personal information, but no method of transmitting or storing electronic data is ever completely secure, and the ABO Website cannot guarantee that your information will never be accessed, used, or released in a manner that is inconsistent with this policy.
Links to Other Websites
Transfer of Data Outside Your Home Country
Your information will be stored, processed, and accessed in the United States. If you use the Website from outside of the United States, you consent to the transfer of your information to the United States (i.e., outside your country of residence).
Changes to This Policy
If you have any questions that are not answered elsewhere on this site, if you would like to review the personally identifiable information we have collected about you, or if you believe that this policy has been violated, please contact us at firstname.lastname@example.org. Our response to such inquiries may be limited to information under our direct control.
HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security)
- Business Associate. “Business Associate” shall have the meaning given to such term under the Privacy and Security Rules, including, but not limited to, 45 C.F.R. § 160.103, and in this case shall include www.americanboardofoptometry.com, the American Board of Optometry, CECity.com, Inc. and their respective affiliates.
- Covered Entity. “Covered Entity” shall have the meaning given to such term under the Privacy and Security Rules, including, but not limited to, 45 C.F.R. § 160.103, and in this case shall include any user of the website to which this Addendum relates.
- Designated Record Set. “Designated Record Set” shall have the meaning given to such term under the Privacy Rule, codified at 45 C.F.R. § 164.501.
- Electronic Protected Health Information or “EPHI”. “Electronic protected health information” or “EPHI” shall have the same meaning given to such term under the Security Rule, including, but not limited to, 45 C.F.R. § 160.103.
- HIPAA. “HIPAA” shall mean the Health Insurance Portability and Accountability Act of 1996.
- Individual. “Individual” shall have the meaning given to such term under the Privacy Rule, codified at 45 C.F.R. § 160.103, and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
- Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information, codified at 45 C.F.R. Parts 160 and 164, subparts A and E.
- Privacy and Security Rules. “Privacy and Security Rules” shall mean the federal regulations set forth at 45 C.F.R. Parts 160 and 164 issued pursuant to HIPAA.
- Protected Health Information or “PHI”. “Protected Health Information” or “PHI” shall have the meaning given to such term under the Privacy and Security Rules, codified at 45 C.F.R. § 160.103.
- Required by Law. “Required by Law” shall have the meaning given to such term under the Privacy Rule, codified at 45 C.F.R. § 164.103.
- Security Rule. “Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information, codified at 45 C.F.R. § 164 Subparts A and C.
- Secretary. “Secretary” shall mean the Secretary of the United States Department of Health and Human Services or his or her designee.
- Other terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in the Privacy and Security Rules.
II. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
- Limitations on Disclosure. Business Associate agrees to not use or disclose PHI other than as permitted or required by this Addendum or as Required by Law. Business Associate shall not use or disclose PHI in a manner that would violate the Privacy Rule if done by Covered Entity, unless expressly permitted to do so pursuant to the Privacy Rule and this Addendum.
- Safeguards. Business Associate agrees to use appropriate safeguards to prevent use of disclosure of PHI other than as provided for by this Addendum or as required by law.
- Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Addendum.
- Reporting of Disclosures. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Addendum of becoming aware of such disclosure.
- Agents and Subcontractors. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Addendum to Business Associate with respect to such information.
- Access. To the extent Business Associate has PHI in a Designated Record Set, Business Associate agrees to provide access to Covered Entity, at the request of Covered Entity, to PHI in a Designated Record Set, in order to meet the requirements under 45 C.F.R. § 164.524.
- Amendment. To the extent Business Associate has PHI in a Designated Record Set and to the extent applicable, Business Associate agrees to make PHI in a Designated Record Set available to Covered Entity for purposes of amendment, per 45 C.F.R. § 164.526.
- Accounting. To the extent applicable, Business Associate agrees to document disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528.
- Availability of Books and Records. Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary, in a time and manner designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
III. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE
- Uses and Disclosures of PHI. Except as provided in Paragraphs B, C, D and E, below, Business Associate may only use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity to provide the features, information and services offered through the ABO Website and for the purposes of analysis, research and publication.
- Use for Management and Administration. Except as otherwise limited in this Addendum, Business Associate may, consistent with 45 C.F.R. § 164.504(e)(4), use PHI if necessary (i) for the proper management and administration of the Business Associate, or (ii) to carry out the legal responsibilities of the Business Associate.
- Disclosure for Management and Administration. Except as otherwise limited in this Addendum, Business Associate may, consistent with 45 C.F.R. § 164.504(e)(4), disclose PHI for the proper management and administration of the Business Associate, provided that (i) the disclosures are Required By Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed (“Person”) that it will remain confidential and be used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the Person, and the Person notifies the Business Associate in writing of any instances of which it becomes aware in which the confidentiality of the information has been breached.
- Data Aggregation. Except as otherwise limited in this Addendum, Business Associate may use PHI to provide Data Aggregation services as permitted by 42 C.F.R. § 164.504(e)(2)(i)(B).
- De-Identification. Business Associate may de-identify PHI received from Covered Entity, consistent with the Privacy Rule’s standards for de-identification. 45 C.F.R. § 164.514.
- Reporting Violations. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 42 C.F.R. § 164.502(j)(1).
IV. SECURITY RULE OBLIGATIONS
- Business Associate Obligations. Business Associate shall implement the requirements set forth in this Section IV with regard to EPHI.
- Safeguards. Business Associate shall have in place Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity, and Availability of the EPHI that it creates, receives, maintains or transmits on behalf of Covered Entity pursuant to the Addendum.
- Subcontractors. Business Associate shall ensure that any agent, including a subcontractor, to whom it provides EPHI agrees to implement reasonable and appropriate safeguards to protect such EPHI.
- Security Incident Reporting. Business Associate shall report any Security Incident promptly upon becoming aware of such incident.
VI. TERM AND TERMINATION
- Term. The Term of this Addendum shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI (as provided in Paragraph V(C) below), protections are extended to such information, in accordance with the termination provisions in this Section.
- Termination for Cause. Upon Covered Entity’s knowledge of a material breach of the terms of this Addendum by Business Associate, Covered Entity:
1. Shall provide an opportunity for Business Associate to cure, and, if Business Associate does not cure the breach within 30 days, Covered Entity may immediately terminate this Addendum;
2. May immediately terminate this Addendum if Covered Entity has determined that (a) Business Associate has breached a material term of this Addendum, and (b) cure is not possible; or
3. If Covered Entity determines that neither termination nor cure are feasible, Covered Entity shall report the violation to the Secretary.
- Effect of Termination.
- Except as provided below in Paragraph 2 of this Section, upon termination of this Addendum, for any reason, Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate and Business Associate is obligated to ensure that such PHI is returned or destroyed consistent with this Addendum. Business Associate and its subcontractors or agents shall retain no copies of the PHI.
- Where Business Associate asserts that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon Business Associate’s good faith representations that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this Addendum to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.
- Regulatory References. A reference in this Addendum to a section in the Privacy or Security Rule means the section as in effect at the relevant time.
- No Third Party Beneficiaries. Nothing expressed or implied in this Addendum is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity and Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever.
- Disclaimer. Business Associate expressly disclaims that it is subject to HIPAA and/or the Privacy and Security Rules, since it is not a “Covered Entity” as that term is defined under HIPAA. Business Associate makes no warranty or representation that compliance by Covered Entity with this Addendum is satisfactory for Covered Entity to comply with any obligations it may have under HIPAA, the Privacy and Security Rules Rule, or any other applicable law or regulation pertaining to the confidentiality, use or safeguarding of health information. Covered Entity is solely responsible for all decisions it makes regarding the use, disclosure or safeguarding of PHI.
I'M A DIPLOMATE/CANDIDATE
LEARNING BUILDER ACCOUNT ACCESS
Check Board Certification Status
By going through the voluntary process of becoming board certified, our Diplomates demonstrate competence beyond entry level.