The purpose of this policy is to communicate the extent to which certain information, including but not limited to certified professional and exam candidate identities, contact information and demographics, payment information, candidate exam performance results, exam content, business plans and other proprietary information, will be kept private and confidential by IBHRE, its leaders, staff, and contractors, while in use to fulfill the mission and goals of the organization. Further, this policy defines how IBHRE will maintain a balance between the need to collect and use personal information to deliver services with the need to protect the privacy of that information.
IBHRE utilizes the database management services of the Heart Rhythm Society (HRS) to maintain confidential information on exam candidates and certified professionals. Both organizations are committed to protecting and maintaining the confidentiality and security of the information that you provide to us through standing policies and procedures.
SCOPE OF POLICY
The provisions of this policy apply to leaders, staff, independent contractors, agents, and representatives of IBHRE, exam candidates and certified professionals, where applicable. While this policy is largely intended to define privacy as a means of protecting the identities, personal information and exam results of candidates, which in practice will apply to the actions of IBHRE staff, leaders, contractors, agents, and representatives of IBHRE, this policy also defines privacy as a means of protecting the security of IBHRE exams, exam content, and other intellectual property, thereby applying to the actions of aforementioned staff, leaders, contractors, and agents as well as exam candidates and certified professionals. Information transmitted to IBHRE, via phone, fax, e-mail, standard mail or Internet, by exam candidates and certified professionals shall be used by IBHRE, its leaders, staff, and contractors, to successfully administer the certification and recertification programs while holding the individual’s identification in full and complete confidence. IBHRE will employ reasonable effort to protect and safeguard information received to keep personal information private and confidential.
IBHRE has established safeguards, both online and through conventional storage of paper documents, to help prevent unauthorized access to or misuse of candidate and certified professional personal information. IBHRE cannot guarantee that personally identifiable information will never be disclosed in a manner consistent with this policy such as a result of unauthorized acts by third parties that violate applicable law or relevant web policies. IBHRE has security measures in place to protect against the loss, misuse, and alteration of the information under our control, both online and offline.
The IBHRE site, and its affiliate site operated by the Heart Rhythm Society, operates secure data networks protected by industry standard firewall and password protection systems. The servers on which IBHRE stores personal information are kept in a secure environment using industry-standard back-up and security procedures and protections.
All application, certification and user information is restricted in IBHRE’s offices. Only employees who need the information to process candidate exam information or provide services are granted access to personal information. All employees have signed a confidentiality agreement prohibiting the unauthorized disclosure, use or distribution of user-related information. Furthermore, employees are kept up-to-date on IBHRE security and privacy policies and practices as well as the importance of maintaining and working with client information in a secure and confidential manner.
Access to IBHRE’s offices is restricted after normal business hours with security cards required for entry into the building and keys required for office access. The building is also equipped with security cameras and a burglar alarm system. A security guard is located on the premises during and after normal business hours.
Although IBHRE strives to protect users’ personal information and privacy, please be advised that IBHRE cannot guarantee that the security precautions taken will prevent third parties from illegally obtaining candidate information. IBHRE procedures meet certification personnel accreditation best practices indicating that candidates are provided with privacy and data integrity that meets established industry standards.
Collection of Personal Information
- IBHRE will collect only what personal information is necessary to:
- Provide its services and carry out its statutory functions
- Fulfill its duty of care to staff and candidates
- Plan, resource, monitor, and evaluate its services and functions
- Comply with accreditation, state and federal government reporting requirements
- Comply with its statutory and or other legal obligations in respect of IBHRE staff
- Investigate incidents or defend any legal claims against IBHRE, its services, or its staff
- Comply with laws that impose specific obligations regarding the handling of personal information.
When a candidate applies for a certification examination or for recertification online or by paper application, IBHRE in turn collects the following personal information:
- Full name and designations
- Business address
- Home address
- E-mail address
- Telephone number
- What certification the candidate is applying for
- Education/ training information
- Professional statistics
- Demographic data
- Survey information
- Payment information
Use of Personal Information
IBHRE will use personal information to:
- Create and maintain candidates and certified professional activity records
- Assess a candidate’s suitability for examination
- Recognize efforts and achievements of candidates
- Notify candidates and certified professionals about updates, programs, services and/or special offers from IBHRE or HRS
- Ask candidates and certified professionals to participate in brief surveys
- Satisfy statutory or other legal obligations
- Successfully administer the IBHRE certification examinations and/or recertification processes
- Complete any registration, purchases or other transactions candidates request online
- Improve the IBHRE web site
- Improve IBHRE programs and services and identify, develop and offer products or services that may be of interest to stakeholders
- Generate aggregate statistical studies and conduct research related to IBHRE programs and services
Disclosure of Personal Information
IBHRE discloses personal candidate information to certain third-party contractors to administer the services requested by the candidate. IBHRE’s contract with these third parties prohibits them from using personal information except to provide services requested by the candidate.
IBHRE may also disclose personal information collected on the website, in accordance with applicable law, to investigate incidents or defending legal claims about IBHRE, its services or staff, to assert or defend our rights or property, to prevent harm to others, to collect a debt, or in response to legal processes such as subpoenas.
IBHRE does not recognize the Heart Rhythm Society (an independent affiliate organization) as a third party under this policy. IBHRE will share personal information with the Heart Rhythm Society for the following reasons:
- To effectively administer IBHRE certification exams or recertification processes while utilizing HRS services
- To promote HRS programs and services to candidates and certified professionals
Changes to Personal Information
Candidates may log onto their online accounts to change or update their contact information. Candidates may also contact IBHRE staff to add or delete user access, and update personal information. After submitting their exam application, candidates do not have the ability to re-access and alter their application data.
IBHRE may ask candidates for certain information, such as credit card information, when candidates apply for an exam or order products and services. This information is used to process requests and may be shared with credit card processing companies, merchants, and other third parties. These organizations have independent privacy and data collection practices, and IBHRE are not responsible for their independent policies. IBHRE only uses credit card information for completing the requested transaction and it is retained only as necessary for administrative purposes.
At several periods during the year, IBHRE requests information via surveys. Participation in these surveys is completely voluntary. Information requested may include demographic information, such as name, address, age, membership category, or professional affiliation. Survey information is collected to improve exam programs, products, services, and to support strategic planning efforts and gauge the satisfaction of stakeholders.
Testimonials may be posted on IBHRE’s website which might contain personally identifiable information such an individual’s name, business, and location. The individual’s consent is obtained prior to posting their name and testimonial. The individual may request removal of this testimonial at any time by contacting firstname.lastname@example.org.
IBHRE may aggregate non-identifiable information to create statistical data, which will be used to help analyze site traffic and improve services. IBHRE may also use such aggregated information to describe website services to potential partners or other third parties. At no point, however, will the aggregated information identify a candidate.
Information Collected on Website
IBHRE is the sole owner of the information collected on its site. This information will not be sold, shared, or rented without consent, or used in other than those outlined in this statement. Personal information provided by candidates will be used to improve IBHRE’s website and provide stakeholders with a more personalized experience. IBHRE reserves the right to disclose user information in response to subpoenas, court orders, or as otherwise required by applicable law, and in those instances where IBHRE reasonably determines that disclosing such information is necessary to investigate, prevent, or take action regarding illegal activities, or to protect IBHRE’s rights, property, other web site users, or any party that could be harmed by such activities.
Information that identifies specific individuals will not be disclosed to others without permission, except for those specific circumstances described in this policy or unless the disclosure is necessary to provide services that have been expressly requested. IBHRE will not ask permission to collect or use aggregate information about website visitors or users of products or services, since aggregate information does not identify specific individuals.
Communications from Site
IBHRE sends automated administrative e-mails related to certification and renewals to contacts assigned for such communications. These e-mails are related to upcoming data submittal deadlines, application and renewal processing, data receipt confirmations and general certification information.
Upon applying for a certification examination (online or by paper application), a candidate must provide a working e-mail address in order to receive communications from IBHRE. This e-mail address is stored in the Heart Rhythm Society database and may be used to distribute information about IBHRE and HRS programs, products and services via e-mail messages. Candidates have the option of unsubscribing from this list by clicking the ‘unsubscribe’ button at the bottom of any mass e-mail sent by IBHRE or HRS. Candidates should be aware that the list used to send HRS promotional e-mails is the same list used to send vital e-mails pertaining to the IBHRE exams and certification program. Unsubscribing will remove an individual from all communications, with the exception being transaction-based messages from IBHRE and HRS (such as receipts, registration confirmations, etc.). Opt-outs, however, provide individuals with the opportunity to select specific types of information that they do not wish to receive.
Hosting Provider Information
The Internet service provider that hosts the IBHRE web site will have a site administrator (IBHRE’s webmaster) with the ability to access all such information as part of website maintenance. This company and the webmaster have signed a non-disclosure agreement with IBHRE. IBHRE will maintain an individual’s contact information and business information in a secure and protected information database after an exam application is submitted. IBHRE will maintain this information unless a written request is submitted to remove an individual’s information from the database.
IBHRE reserves the right to disclose any identifiable or non-identifiable information if required to do so by law or if IBHRE believes that such action is necessary in order to (i) conform with the requirements of the law or to comply with legal process served on IBHRE; (ii) or to protect or defend the legal rights or property of IBHRE, the IBHRE site, or its users.
IBHRE will take reasonable steps to ensure that the personal information collected, used or disclosed is accurate, complete, and up to date. Individuals seeking to update their personal information should contact the IBHRE Coordinator or log onto their online account on the HRS site.
IBHRE will take reasonable steps to protect the personal information it holds from misuse, from loss, and from unauthorized access, modification or disclosure. Information or data will be restricted to those who need to know and distribution of information will be kept to a minimum. Personal information will be destroyed or permanently de-identified when it is no longer needed for any purpose unless required to be archived in accordance with the Retention Policy.
IBHRE will, on request by an individual, take reasonable steps to let individuals know what sort of personal information it holds, for what purposes, and how it collects, uses and discloses that information. IBHRE will clearly document and regularly review its policies and procedures on the management of personal information. IBHRE will take all reasonable steps to promote a greater awareness and understanding of the way in which it manages personal information. IBHRE will provide a copy of this policy to anyone on request.
Access and Correction
IBHRE will support the right of individuals to seek access to their personal information, provided by them to IBHRE and the right to seek corrections to it wherever possible. IBHRE will provide reasons for denial of access or a refusal to correct personal information.
IBHRE will assign a number to identify an individual to carry out its functions efficiently.
IBHRE will respect an individual’s right to anonymity except in circumstances where it is necessary to provide their identity. If an individual chooses not to provide certain personal information, IBHRE may not be able to provide that individual with the services they require, or the same high standard of service.
IBHRE will only collect sensitive information about an individual:
• With the consent of the person
• If required by law or other regulation
• If the collection is necessary for the establishment, exercise, or defense of a legal claim
Disclosures of Relationships
It is the role of the IBHRE to educate staff, leadership, and other members on disclosure issues, actively recognize potential conflicts and develop proactive policies for individuals and the organization. Each officer, director, committee member, task force member, and staff member receives a copy of the IBHRE’s Code of Ethics Policy, which they are required to read and acknowledge in writing. Conflict of interest disclosure statements and confidentiality statements are signed and filed annually by volunteers and by staff upon hire.
IBHRE may, sell, trade, or rent a candidate’s information to a third party, to market exam preparation tools and endorsed programs that support IBHRE’s competency domains.
Transfer of Assets
Notification of Changes
CANDIDATE AND CERTIFIED PROFESSIONAL PRIVACY
Information transmitted to IBHRE, via phone, fax, e-mail, standard mail, or Internet by exam candidates and certified professionals shall be used by IBHRE, its leaders, staff, and contractors solely for the purpose of administering the certification and recertification programs and shall otherwise be kept in strict confidence. Only authorized IBHRE and HRS personnel may handle and process submitted records containing the personal information of IBHRE exam candidates and certified professionals. Such records include without being limited to: exam applications, maintenance of certification forms and IBHRE product order forms. E-mail addresses entered by participating users will be used for administrative purposes to notify users of ongoing certification requirements.
IBHRE leaders, staff, and contractors are prohibited from revealing the identity of an exam candidate to any inquiring third party without the expressed written permission of the candidate. IBHRE leaders, staff, and contractors are also prohibited from disclosing any exam score information to third parties without the express written permission of the candidate. IBHRE, as an organization, will not distribute or make public any lists, documents or other disclosure of the names, addresses or other personal information of any exam candidate or certified professional, nor regarding the candidacy, exam results or recertification results of candidates or certified professionals except as necessary to properly administer the examinations, market exam preparation resources, and grant certifications in accordance with the other policies of IBHRE. Exam candidates and certified professionals have the right make any changes to their contact information as deemed necessary to maintain contact with IBHRE and to ensure safe delivery of exam scores.
Storage of Information
A permanent record of personal information provided on exam applications and professional development activity forms shall be stored in a secure electronic database only accessible to IBHRE and HRS employees. Exam results that are stored in the database shall only be accessible to authorized personnel only and shall not be accessible to HRS staff at large. Paper applications and other written materials containing personal information concerning examination candidates and certified professionals shall be maintained in locked file cabinets on the premises of IBHRE headquarters until it is transferred to a secure, off-site storage facility pursuant to the Record Retention Policy. Temporary lists and eligibility files containing candidate data will be transferred to entities working for IBHRE on a contractual basis for the sole purpose of fulfilling duties directly related to the administration of an exam. Such contractors shall be required to enter into confidentiality agreements with IBHRE upon terms consistent with this policy.
Limitation of Access
IBHRE staff and occasionally contractors are the only affiliates with direct access to the personal information and exam results of examination candidates and certified professionals. These individuals are prohibited from disclosing candidate or certified professional information to third parties except where deemed appropriate by this policy.
IBHRE leadership, including the Board of Directors, Test Writing Committee members, and Ambassadors are not permitted direct access to nor entitled to obtain candidate information except where it applies to their formal responsibilities. Leaders who participate in the evaluation of exam results are not informed of the identity of participants in the exam in order to prevent potential for conflict of interest. Those who are at high levels of decision-making (e.g. IBHRE President, Board of Directors) may encounter situations in which the identity of a candidate or certified professional must be disclosed in order to review an issue brought forward by staff, address an appeal or respond to a complaint or grievance. In the event of such cases, leaders shall keep the identities and interests of all parties involved in strict confidence in accordance with fiduciary duties and the confidentiality policy.
Candidates who successfully complete an IBHRE examination are listed on the IBHRE website as IBHRE certified professionals. By submitting the exam application, a candidate authorizes IBHRE to add their name, credential, exam year, and business contact information to the website provided (and only if) they receive a passing score. IBHRE reserves the right to remove names from the website of individuals who do not successfully renew their certification.
By submitting the exam application, a candidate also authorizes IBHRE to respond to verification requests from third parties regarding the status of their certification. Certification is verified in writing through a standard form that provides confirmation of the candidate’s current certification status, date of initial certification, certification ID number and expiration date. All other data and information regarding exam scores and performance are kept fully confidential from third parties unless permission is granted in writing by the candidate or certified professional.
PRIVACY OF EXAM MATERIAL
IBHRE leaders, staff, and contractors may not disclose, use, lecture upon or publish in any manner or form any active/live IBHRE test questions, whether or not developed by them. IBHRE leaders, staff and contractors may not disclose, use, lecture upon or publish in any manner or form any of the practices or methodologies that are used by IBHRE and its test writing committees in creating such examination questions all of which are the property of and proprietary to IBHRE (collectively the “Proprietary Information”), except as such disclosure, use or publication may be required in connection with their work as an IBHRE leader, employee or contractor for IBHRE, or unless an officer of IBHRE expressly authorizes such in writing.
IBHRE leaders, staff, and contractors must obtain IBHRE's written approval before disclosing, publishing or submitting for publication any test questions or any other material (written, verbal, or otherwise) that relates to their work on behalf of IBHRE or that incorporates any Proprietary Information.
All test questions and examination forms are and shall remain the sole and exclusive property of IBHRE. All examination questions developed individually or in conjunction with others shall be deemed a work made for fire by such individuals or groups of individuals and are the sole and exclusive property of IBHRE. Leaders, staff, and contractors retain no rights in or to such questions or related Proprietary Information.
Candidate & Certified professional Confidentiality Requirement
By submitting (or having submitted) an application to take an IBHRE certification examination, exam candidates and certified professionals agree that they shall not disclose confidential information (whether oral or written in any form of media) related to, provided by or discussed during the examination or any other information identified as confidential. The aforementioned confidentiality policy is stipulated in the IBHRE Code of Ethics against the examination candidate or certified professional. Violation thereof may result in sanctions by IBHRE.
Retention of Personal Information
IBHRE retains personal information provided by individuals for as long as such information is considered to be relevant for the legitimate purposes of the IBHRE or until an individual instructs IBHRE to remove such information.
PRIVACY OF IBHRE BUSINESS AND OTHER INTERESTS
IBHRE expects and requires all leaders, staff, and contractors to keep confidential any sensitive or proprietary business-related information belonging to IBHRE which has not been released to the public domain or generally made known to all stakeholders. Such information includes but shall not be limited to:
- Terms, conditions, fee schedules or other information termed as ‘confidential’ in a contract or other written agreement made between IBHRE and another party
- Delivery of a Request for Proposal pertaining to change in vendor where the current vendor is not included in bidding process
- Unapproved financial records including budgets, statements and balance sheets including any information which may disclose the salary or compensation of IBHRE employees or contractors.
- Pending decisions, deemed confidential, which have not been approved or made public by the IBHRE Board of Directors
DEFINITION OF PRIVACY TERMS
Personal Information is almost any information, including paper and electronic records, photographs and video recordings that can be linked to an identifiable living person. It also includes information that is considered sensitive.
Sensitive Information includes information or opinion relating to a person’s racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, sexual preferences, membership of groups or criminal record.
Health Information is information or opinion that can be linked to an identifiable individual, including those deceased, which includes that individual’s physical, disability or genetic makeup. This includes information or opinion about a person’s health status and medical history, whether recorded or not.
Candidates and certified professionals include prospective, current, and past exam candidates and certified professionals.
Staff includes anyone who carries out a duty on behalf of IBHRE, paid or unpaid, or who is contracted to, or directly employed by the Heart Rhythm Society.
Unique Identifier means an identifier (usually a six digit number) assigned by IBHRE to an individual uniquely to identify that individual for the purposes of the operations of IBHRE eg; database ID # or certification number.
Consent must be voluntary, informed, specific and current to be valid where required for the collection, use or disclosure of personal information. An individual must also have the capacity to consent.
A Cookie is a block of data that is shared between a web server and a user’s browser that give the server information about a computer’s identity. Cookies can also capture website visiting patterns and preferences.
Third Party refers to any individual or group other than IBHRE, its contractors, exam candidates or certified professionals. Due to the unique relationship between the Heart Rhythm Society (HRS) and IBHRE, HRS is not considered a ‘Third Party’ under this definition. However, HRS, its volunteers, staff, contractors, agents and representatives, are held to the same standard of protecting candidate and certified professional privacy and confidentiality as anyone who is directly affiliated with IBHRE.