AOA asks NBEO for assurances on student data safety

September 29, 2016
Optometry students have concerns about providing personal data to take board examinations.

Lacking new information concerning an apparent data breach, it's imperative that students receive reassurances of privacy when sharing personal information for board examinations, AOA implores.

While the source of the data breach is still unknown, students are preparing to take their board examinations and, to do so, they need to provide sensitive information, including their social security numbers. This requirement is not consistent across health professions. For example, according to the Joint Commission on National Dental Examinations, dental students are not asked for their social security numbers, but are required to provide their DENTPIN, a unique personal identifier.   

It's a quandary that's left many students in limbo—an unresolved data breach gripping optometry since Aug. 2, elicits trepidation for disclosing such information on National Board of Examiners in Optometry (NBEO) exams, yet the alternative is an otherwise stalled academic path. This much AOA expressed to NBEO as the source of the breach has yet to be determined.  

In a letter dated Sept. 6, AOA President Andrea P. Thau, O.D., petitioned NBEO President William B. Rafferty, O.D., to reassure students and recent graduates that their personal data will be safeguarded.  

"In order to allay these concerns, can you provide assurances that the current NBEO registration system for new registrants—which includes the required entry of Social Security numbers—comports with best practices for testing bodies in other professions and meets all applicable industry standards for data security?" Dr. Thau asks.  

The AOA has yet to receive a formal reply, but will continue to insist on up-to-date, accurate information to provide to its student members, especially those with questions and concerns about data security.  

Anecdotal reports suggest that doctors and students began receiving unsolicited, fraudulent applications for Chase Amazon.com Visa cards submitted in their names, on and around Aug. 2. A possible second wave of malicious credit-line openings surfaced again near the beginning of September.  

Out of an abundance of concern for members, the AOA contacted the FBI and Federal Trade Commission after initial reports to apprise investigators of the situation. The AOA immediately conducted its own internal investigation, which concluded that no breach of the AOA's information systems had occurred. The AOA does not gather social security numbers through its membership process.  

The AOA continues to follow this situation closely and will provide updates when possible.

Related News

AOA MORE, optometry’s data registry, takes yearlong pause

The AOA will use the time to evaluate its collection efforts and create a registry for the future that is most useful to improving eye health and vision care. The AOA launched the registry in 2015.

Talking politics in the office? 3 things to keep in mind

Even if you’re choosing to disengage, today’s politics have a way of finding you. What are the ground rules for approaching political debates in the practice?

New rules ahead for patient access to electronic health records

Under new rules for the 21st Century Cures Act, doctors of optometry will need to prepare for changes going into effect April 5. Doctors should check in with their health IT vendor in order to make sure they meet the new requirements.