NBME® Privacy Notice
Date Updated: February 9, 2019
National Board of Medical Examiners (NBME®) provides this Privacy Notice ("Notice") to explain NBME's information collection, use, and dissemination practices in connection with the NBME web site: www.nbme.org and our NBME Services Portal (NSP) and any other web sites that link to this Notice (collectively, "Site"). If a client health profession organization provides personal information to NBME, the use of such information shall be limited to the purposes authorized by the client. Please review this Notice and feel free to contact us at firstname.lastname@example.org if you have any questions.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
1. General Users
NBME’s web servers may track the Internet protocol (IP) addresses of visitors to the Site to measure number of visits to the website. If you participate in NBME’s examination services (e.g., NBME Licensing Examination Services, NBME Self-Assessment Services), you will be required to provide personal information during the registration process and to create an account. To access certain portions of the Site including your NBME account, you have to submit a user ID and password. The personal information you have provided to NBME as well as information otherwise collected or generated by NBME, may be stored in your NBME account.
2. Collection of and Consent to Use Personal Information from Site Users
You provide personal information to us in the process of completing various forms for the United States Medical Licensing Examination® (USMLE®) and/or NBME programs and services for medical schools, students and graduates of medical schools. Personal information includes, but is not limited to:
- Date of birth
- Email address
- Billing and Mailing address
- Telephone number
- Credit card and billing information
- Social security or national identification number
- Medical school history (including Medical School name, country, professional degree, date degree conferred/expected)
The provision of information is sometimes required by law and at other times is a result of a contractual requirement. You may be required to provide information, for example in a case where we sign a contract with you to provide you with testing services, and the non-provision of information could, in certain circumstances, prevent a transaction from concluding. In general, you are required to respond to most of the questions on the application forms. However, you are not required to provide information regarding your ethnicity or first language where prompted to do so. Providing this information is optional and does not affect the outcome of your application. NBME uses information about the ethnicity and first language of its applicants for research purposes and to ensure the fairness of our exams.
By providing your personal information online to NBME, you acknowledge that NBME will use that information in accordance with this Notice. This information is used for identification purposes and as stated below in Section 6.
In addition to the personal information described above, we also collect aggregate information from many users about use of the NBME Services Portal (NSP), such as number of visits and pages visited on the NSP, and the overall duration of time spent on the NSP. The information we collect depends in large part upon the needs of your account and what services and features you use on the NSP. We do not disclose this information to third parties.
We have administrative, technical and physical measures in place to protect the security of your personal information. To protect your privacy, the NBME utilizes Secure Sockets Layer (SSL) technology to prevent third parties from seeing your personal and sensitive information (such as credit card number, social security number, or national ID number) during data transmission.
In order to access some services, you are required to enter a username and password to confirm your identity. For example, to access your personal information for NBME Licensing Examination Services, you must first confirm your identity by entering your USMLE identification number and a password. This authentication page is secured by SSL technology.
When you prepare to pay for services, you will enter our secure payment web page and will have a limited amount of time to enter the required information. NBME uses a third-party vendor to process your online payments. NBME uses digital certificates through VeriSign. As a VeriSign secure site, visitors can verify the site's authenticity and communicate with NBME securely using 128-bit encryption that protects confidential information.
Please note that pages other than the authentication page and payment page may not be secured by SSL or other encryption programs.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot and do not ensure or warrant the security of any information you transmit to us, and you do so at your own risk.
If, for any reason, you should choose not to provide your personal information online, you may request a paper version of the application or document request form by calling +1 215-590-9700 or by email to email@example.com. If you have questions about providing your personal information related to the NBME Self-Assessment Services, you may contact firstname.lastname@example.org .
4. Cookies and Tracking Technologies
As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve site functionality.
5. Credit Card
All credit card transactions are processed through a vendor who uses SSL. NBME uses a clearinghouse to verify and validate the credit card. NBME does not store or disclose credit card information.
6. Use of Personal Information Collected
NBME collects and uses the personal information you provide to better serve you and to carry out its public interest mission, including ensuring exams are fair and maintaining a permanent record of examinee performance. Such information is used to process your applications and requests for services or materials, to receive support for the services we provide, to verify that you meet the minimum qualifications for our programs and services, to allow us to contact you to provide those services, to complete delivery of services, for billing purposes, to ensure the integrity, security and fairness of our exams, and to protect you and NBME from fraudulent transactions. We also use the information we collect to tailor and improve your experience if you use the NSP. Additionally, NBME and its collaborating organizations, including the Federation of State Medical Boards (FSMB), the Educational Commission for Foreign Medical Graduates (ECFMG), and the Association of American Medical Colleges (AAMC), may use personal information for research and statistical purposes.
Your credit card information is used to bill you for services. We will not use your credit card information for any other purpose.
We do not use automatic decision-making or engage in profiling that results in significant effects to you.
Where we intend to process your personal information for a purpose other than the purpose for which it was collected, we will provide you with information regarding the purpose for the processing, as well as other relevant information, prior to processing your personal information for the new purpose.
User Data Supplementation
We may receive information about you from other sources, including publicly available databases or third parties, and combine this data with information we already have about you. Specifically, we receive personal information from ECFMG, FSMB, AAMC, or from medical schools, residency programs, and other healthcare organizations that purchase NBME’s exam services or otherwise collaborate with NBME such as the International Consortium of Health and Wellness Coaches, and the International Council for Veterinary Assessments. This helps us to update, expand and analyze our records, verify the identity of new examinees and process purchases of our services, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
7. Disclosure of Personal Information to Third Parties
We may distribute the personal information that you submit to us, both internally within our organization and to our agents and affiliates as necessary for purposes related to our services. While we endeavor to maintain the confidentiality of all material submitted that is identified as confidential by the submitter, we cannot accept, and hereby expressly disclaim, any liability from losses relating to the unauthorized disclosure or interception via the Internet of any information that you submit.
We disclose your personal information to certain third parties to provide the products and services you have requested online. To support these services, we send a portion of your personal information, such as name and USMLE ID, to them using secured protocols and encryption. They have access to the minimal information needed to perform their functions but otherwise will not use the information for other purposes. When you apply for a USMLE examination, we will provide certain registration information to NBME’s test delivery vendors, Prometric or Internet Testing Systems, LLC, to schedule and administer the test. If you request a test accommodation, we may also share your personal information with consultants who review and evaluate the requests and the supporting documentation you provide. We also provide personal information to medical schools, residency programs, or other healthcare organizations that purchase NBME’s exam services. We will also provide your information to other educational institutions upon your request.
NBME uses a third-party vendor to process your online payment transactions. To process these transactions, your payment information must be disclosed to this third party. See Section 3 above.
The USMLE is sponsored jointly by the NBME and the Federation of State Medical Boards (FSMB). ECFMG and NBME also collaborate to create and administer USMLE Step 2 CS. To ensure an efficient and accurate examination process for applicants, and to provide the services you have contracted with us for, portions of the personal information you provide to us during the registration process are retained in a shared database for the purposes of exam registration and scheduling. Additionally, this information, as well as performance data from the examination, is used by these organizations for research and statistical purposes. NBME also maintains permanent examinee records for verification by examinees, educational institutions, medical employers and licensing authorities.
NBME also shares certain user information, such as USMLE ID, social security number, name, medical school name and graduation date, date of birth, gender, score information, and, if provided, ethnic and first language information, with the Association of American Medical Colleges (AAMC) pursuant to a data sharing agreement. This organization uses the data that we provide for research purposes.
NBME also may provide personal information to third parties that have entered into contracts with us to provide certain services. Specifically, NBME may share your information with its Customer Relationship Management (CRM) vendors, survey management vendors, content management vendors, or IT services management companies. We may also use this information to help us manage programs and services that may be of interest to you.
Please also note that all of your activities on the NBME Services Portal are traceable through your single sign-on (SSO) account. If you use your name as part of your SSO account or User ID, your name may be available to third parties that contract with us to provide certain services after enrollment.
At times we may be required by law, court order or legal process to disclose your personal information. We may disclose information about you, in our sole discretion, if we believe that disclosure is necessary: (a) to satisfy any law, regulation, governmental request or to respond to a subpoena; (b) to operate this website; (c) to protect the safety, rights or property of NBME or users of the NSP or any of NBME's websites; and (d) or as otherwise permitted under this Notice.
In certain situations, NBME may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Other than as noted in this Notice, or as NBME shall notify users in the future or at the time any data is collected, NBME does not sell, rent, share, offer, or otherwise disclose any personal information, such as names, e-mail addresses, mailing addresses, telephone numbers, and other personal information that you voluntarily provide to NBME, to any organization or individual, except to the extent necessary to comply with applicable laws or valid legal process, or to protect the rights or property of NBME.
In the event that we sell or transfer all or a portion of our business and assets, we reserve the right to transfer your personal information in connection with that transaction and you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. In such event, we will use reasonable efforts to ensure that your personal information remains protected.
8. International Visitors
This section applies to those that visit our Site from the European Economic Area or Switzerland.
A. Lawful Basis for Processing
On certain occasions, we process your personal information when it is necessary for the performance of a contract to which you are a party, such as to provide services to you that you have requested. We also process your personal information to respond to your inquiries concerning our products and services.
On other occasions, we process your personal information where required by law. We also process your personal information if necessary to protect your interests or the interests of a third party.
Additionally, we process your personal information when necessary to do so for direct marketing purposes, for assessing our exams, and maintaining accurate permanent examination records and these interests are not overridden by your data protection rights. Where we process your personal information for this purpose, our legitimate interest is to improve our exams, ensure their fairness, maintain an official record of examinee performance, and provide other services to you.
If the processing of personal information is necessary and there is no statutory basis for such processing, we will ask for your consent to process your personal information. You have the right to withdraw your consent to such processing of personal information at any time.
If you wish to exercise the right to withdraw consent, please contact us at email@example.com.
B. Transfers of Personal Information
Please be aware that the personal information we collect or receive may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location. If you are located outside of the United States, please be advised that we process and store personal information in the United States. In some instances, we rely on entering into the Standard Contractual Clauses with data processors to legitimize the data transfer from the European Economic Area to the United States. We may also use processors that have self-certified to the EU-U.S. Privacy Shield Framework.
C. Your Rights
You have a right to the following:
- To request access to the personal information we hold about you;
- To request that we rectify or erase your personal information;
- To request that we restrict or block the processing of your personal information;
- Under certain circumstances, to receive personal information about you that we store and transmit to another without hindrance from us, including requesting that we provide your personal information directly to another, i.e., a right to data portability; and
- Where we previously obtained your consent, to withdraw consent to processing your personal information.
To exercise these rights, please contact us at firstname.lastname@example.org. Please be aware that NBME may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so. Additionally, you have the right to lodge a complaint against us. To do so, contact the supervisory authority in your country of residence.
9. Access and Ability to Correct Personal Information
A. NBME Self-Assessment Services
Upon request NBME will provide you with information about whether we hold any of your personal information. If your personal information changes, or if you no longer desire our service, you may correct, update, or delete inaccuracies by making the change within your account by selecting "Personal Information" or by emailing our Customer Support at email@example.com or by contacting us by postal mail at the contact information listed below. We will respond to your request within 30 days.
B. NBME Licensing Examination Services
Using the Site, you may access and verify or change your personal information such as mailing and e-mail addresses and telephone number. You may also submit a name change request. The submission of a name change request will generate further instructions regarding how to complete the request. NBME must receive appropriate documentation before we will make such a name change. You may also check the status of your USMLE applications, scheduling permits, score reports, and document requests. To do so, you must have both your USMLE identification number and a password. If you do not have your password, you may obtain one by accessing the NLES website and following the instructions for logging in. The NLES website is available 24 hours a day, 7 days a week, with the exception of maintenance periods. Upon written request accompanied by appropriate documentation, NBME will change your social security number or birth date. To request such a change to your personal information, you may write to us at the address listed in Section 13, "Inquiries and Concerns," below.
C. NBME Services Portal (NSP)
If you wish to verify or modify any of the information you have submitted to us on the NSP, please contact your NSP account administrator or you may contact us at: firstname.lastname@example.org
NBME acknowledges that you have the right to access your personal information. In some cases, NBME has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the NBME’s client (the data controller).
In some case, NBME collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our clients. We will retain personal data we process on behalf of our clients for as long as needed to provide services to our client.
D. Data Retention
We will retain your information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of information is the respective statutory retention period or, in the case of data we use for marketing purposes, five (5) years from the time you provide us with such data or from your most recent affirmative statement that you would like us to continue to use your data for such purposes. After expiration of the applicable period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract, or for the maintenance of permanent examination records required for long-term licensing verification purposes.
10. Links to and from NBME
For your convenience, this Site may contain links to other Internet websites. However, NBME does not endorse, and is not responsible for, the privacy practices or the content of these websites. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy notice of any website you visit.
Our website includes social media features, such as the Facebook button. These features may collect your IP address, which page(s) you visit on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy notice of the company providing it.
11. Children’s Privacy
This Site is not designed to attract children. Accordingly, we do not knowingly collect personal information from anyone under 13 years of age.
12. Commitment to Privacy
The NBME is committed to protecting your privacy. While we cannot guarantee privacy perfection, we will address any issue to the best of our abilities as soon as possible.
13. Communications from the Site
A. Service-related Announcements
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
You may sign-up to receive newsletters or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the "Unsubscribe" link found in emails we send to you or by contacting us at email@example.com.
B. Customer Service
Based upon the personal information you provide, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes.
14. Inquiries and Concerns
If we decide to change our Notice, we will post those changes to this privacy statement, the home page, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this Notice, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective.
A. For General Inquiries:
If you have any questions regarding this Notice, you may contact the NBME, in its role as data controller, at:
National Board of Medical Examiners (NBME)
Office of Communications
3750 Market Street
Philadelphia, PA 19104
Phone: (215) 590-9500
For inquiries related to your rights under the General Data Protection Regulation (GDPR), please contact us at firstname.lastname@example.org. VeraSafe has been appointed as NBME's representative in the European Union for data protection matters, pursuant to Article 27 of the GDPR. VeraSafe can be contacted in addition to email@example.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Prague 1, 11002
B. Questions related to the NBME Licensing Examination Services:
If you have questions related to the NBME Licensing Examination Services or if you would like to review and/or change your personal information in connection with the NBME Licensing Examination Services, you may do so online (please see Section 8 of this Notice) or you may contact us at:
National Board of Medical Examiners (NBME)
3750 Market Street
Philadelphia, PA 19104
Phone: (215) 590-9700
Fax: (215) 590-9457
C. Questions related to the NBME Self-Assessment Services:
If you have questions related to the NBME Self-Assessment Services, you may contact us at: firstname.lastname@example.org
D. Questions related to the NBME Services Portal:
If you have questions related to the NBME Services Portal, you may contact us at: email@example.com
E. Questions related to the NBME International Foundations of Medicine® (IFOM®) Program:
If you have questions related to the NBME IFOM program, you may contact us at: firstname.lastname@example.org
F. Questions related to the Health & Wellness Coach Certifying Examination:
If you have questions related to the HWC Certifying Examination program, you may contact us at: email@example.com