AOA’s privacy appeal prompts change at testing organization

AOA’s privacy appeal prompts change at testing organization

Full Social Security Numbers (SSNs) will no longer be used to identify students taking optometric board examinations, following changes precipitated by the AOA leadership's urgent appeal for privacy.

This is a great victory for the AOA's student members. 

In an online statement posted Oct. 28, the National Board of Examiners in Optometry (NBEO) noted its decision to discontinue use of registrants' nine-digit SSNs in favor of a new "OE Tracker number system." This number—combined with registrants' last four SSN digits—now serves as the primary identifier for doctors and optometry students. Additionally, the full SSNs of existing registrants were truncated to the last four digits.

The NBEO states the "OE Tracker number system" now employs five identifying parameters (optometrist, first name, last name, last four SSN digits and graduation year) that have a "very low" probability of duplication between two registrants. According to NBEO's TestPoints® newsletter, the updates took effect Oct. 20 and were due to "contemporary global concerns about the challenges in protecting personal identifiers within all databases."

"This is a great victory for the AOA's student members," says Ashley Wing, Pacific University College of Optometry student. "The decision by the NBEO to reverse course and now begin to institute key security safeguards for our personal data follows a determined effort by concerned students and our national organization, the AOA, to insist on change."

AOA advocating for doctors, students

This NBEO change comes after the AOA's Board of Trustees passed a motion Oct. 8 that encouraged optometric testing organizations and state boards of optometry to immediately implement recognized standards for data security in the wake of a wide-ranging and as-yet unresolved data breach affecting optometry.

This resolution called for a united effort by the AOA, affiliates and others, asking each to petition optometric organizations to eliminate the use of SSNs as personal identifiers, in favor of unique identifier numbers that are wholly unrelated to SSNs or other sensitive personal information.

"This data breach has impacted doctors and students of optometry across the country, and the AOA is pleased that NBEO has agreed to take this action to alleviate concerns and prevent future identity thefts," says AOA President Andrea P. Thau, O.D. "We will continue to press for action, including federal investigation into the breach, to provide peace of mind for our members and colleagues."

As the profession continues to contend with this data breach—though the source of the breach is still unknown—the AOA welcomes this NBEO action as helping bring peace of mind to students preparing to take boards. However, there's still more to be done to help eliminate the chance of this occurring again, and the AOA continues leading the charge.

At the direction of the AOA's Board of Trustees, the AOA also drafted a letter to the U.S. Attorney General's Office that calls for further Department of Justice investigation into these identity thefts. As stated in this letter (member login required), AOA hopes that by holding those responsible accountable, and reforming state licensing and testing requirements to address privacy concerns, the profession can move forward.

Optometry deserves to know the source of this breach, and until it is made known, the AOA continues to closely follow this situation and will provide updates when possible. The AOA encourages all doctors of optometry—not only students and new graduates—to proactively initiate credit monitoring, as all signs point to a vast scope of affected parties.

As a doctor of optometry impacted by the data breach, AOA Secretary-Treasurer Barbara L. Horn, O.D., says this is a welcome change that she wants to see make optometry safer from the threat of cybercrime: "The AOA will continue to push for full accountability and advocate for our doctor and student members on this issue." 

Click here to learn more about protecting your identity, even if you haven't been affected by this breach.

November 3, 2016

comments powered by Disqus