1. Home
  2. privacy and security

Privacy and Security

American Academy of Private Practice in Speech Pathology and Audiology (AAPPSPA) Privacy and Security Policy 

Effective Date: June 16, 2025

 

AAPPSPA is committed to protecting the privacy and security of personal information of all individuals who participate in our ASHA Continuing Education (CE) programs. This policy outlines how we collect, use, store, protect, and share personal information in compliance with the American Speech-Language-Hearing Association (ASHA) Continuing Education Board (CEB) requirements effective 2025, as well as applicable federal and state privacy laws.

 

This policy applies to all personal information collected from CE program participants, including but not limited to:

  • ASHA members
  • Non-ASHA members
  • Students
  • International participants
  • Course instructors and presenters
  • Staff and contractors involved in CE activities

 

Definitions

Personal Information: Any information that can be used to identify an individual, including but not limited to name, ASHA account number, address, email, phone number, date of birth, certification/licensure information, and course participation records.

Sensitive Personal Information: Information that requires enhanced protection, including financial information, health information, demographic data, and government-issued identification numbers.

 

We collect the following types of personal information, with attendee approval/permission:

  • Full name
  • ASHA account number (when applicable)
  • Contact information (email, phone, address)
  • Professional credentials and licensure information
  • Course registration and completion data
  • Payment information (when applicable)
  • Demographic information (as required by ASHA for reporting purposes)
  • Accessibility needs and accommodations requests
  • Course evaluation responses
  • Learning assessment results

 

Methods of Collection

Approved personal information is/may be collected through:

  • Online registration forms
  • Course evaluations
  • Learning assessments
  • Email communications
  • Telephone communications
  • ASHA CE Registry reporting systems

 

Consent

We obtain explicit consent from individuals for the collection, use, and sharing of their personal information. Consent is obtained through:

  • Clear privacy notices at the point of collection
  • Opt-in mechanisms for data sharing beyond ASHA CE reporting requirements
  • Clear explanation of how personal information will be used
  • Option to withdraw consent (with understanding that this may impact CE credit reporting)

 

Use of Personal Information

AAPPSPA uses personal information for the following purposes:

  • Processing course registrations and payments
  • Reporting course completion to the ASHA CE Registry
  • Providing course materials and resources
  • Issuing certificates of completion
  • Conducting program evaluations
  • Communicating about current and future CE opportunities
  • Improving our CE programs based on participant feedback
  • Complying with ASHA CEB requirements and audits
  • Meeting legal and regulatory obligations

 

Data Security Measures

To protect personal information from unauthorized access, disclosure, alteration, or destruction, we implement the following security measures:

Technical Safeguards

  • Secure, password-protected database systems
  • Multi-factor authentication for staff accessing participant data
  • Firewalls and intrusion detection systems
  • Backup systems and disaster recovery protocols

Administrative Safeguards

  • Staff training on privacy and security procedures
  • Written policies and procedures for data handling
  • Access controls based on job responsibilities
  • Incident response procedures

Physical Safeguards

  • Secure disposal of physical and electronic records

 

Data Retention and Disposal

Personal information is retained for 7 years after course completion to comply with ASHA CEB requirements and state licensure board regulations

When no longer needed, personal information is securely disposed of through:

  • Secure deletion of electronic records
  • Shredding of physical documents
  • Annual review of stored data to identify and properly dispose of information that exceeds retention requirements

 

 

ASHA CE Registry

Course completion information is reported to the ASHA CE Registry for participants who provide their ASHA account number

Information shared includes:

  • Participant name
  • ASHA account number
  • Course information
  • Completion date
  • Number of CEUs earned

 

Third-Party Service Providers

We may share personal information with third-party service providers who help us deliver CE programs, including:

  • Payment processors
  • Email communication platforms
  • Survey and evaluation tools

All third-party service providers are contractually required to:

  • Use personal information only for the purpose of providing the contracted service
  • Implement appropriate security measures
  • Comply with applicable privacy laws and regulations
  • Not share or sell personal information to other parties

 

Legal Requirements

We may disclose personal information when required by law, regulation, or legal process.

We will notify individuals of such disclosures unless prohibited by law.

 

Individual Rights

Participants in our CE programs have the following rights regarding their personal information:

     

  Right to Access

  • Individuals may request a copy of their personal information that we maintain
  • Requests will be fulfilled within 30 days

 

Right to Correction

  • Individuals may request correction of inaccurate personal information.
  • Corrections will be made within 30 days and communicated to the ASHA CE Registry if applicable.

 

Right to Deletion

Individuals may request deletion of their personal information, except information that:

  • We are required to maintain for ASHA CEB compliance
  • Is necessary for our legitimate business interests
  • Is required for legal or regulatory compliance

 

Right to Opt-Out

Individuals may opt-out of:

  • Marketing communications
  • Sharing of information beyond what is required for ASHA CE reporting
  • Certain types of data processing

 

Process for Exercising Rights

To exercise any of these rights, individuals should contact our staff at:

Email:  office@aappspa.org

Phone: 206-338-9181

Mail: AAPPSPA, P.O. Box 355, Fairmont, MN 56031

 

Data Breach Notification

In the event of a data breach involving personal information:

 We will notify affected individuals within 30 days of discovery.

Notification will include:

  • Description of the breach
  • Types of information involved
  • Steps we are taking to investigate and mitigate harm
  • Measures individuals can take to protect themselves
  • Contact information for questions

We will notify the ASHA CEB of the breach as required.

We will comply with all applicable state and federal breach notification laws.

 

Special Considerations for Virtual Learning Environments 

For online and virtual CE programs:

We implement additional security measures for virtual learning platforms

Access to online courses is protected by unique login credentials/links

Participant interactions and communications within virtual platforms are subject to this privacy policy

We do not record participants without explicit consent

If sessions are recorded, participants are notified in advance and given options to:

  • Use a virtual background
  • Change their display name
  • Participate via chat only (except in cases of small group activities)

 

Updates to This Policy

This privacy and security policy will be reviewed annually and updated as needed to reflect:

  • Changes in ASHA CEB requirements
  • Changes in applicable laws and regulations
  • Changes in our CE program operations
  • Technological developments

 

When this policy is updated:

  • The revised policy will be posted on our website with an updated effective date
  • Current CE program participants will be notified of material changes
  • A copy of the updated policy will be available upon request

 

For questions or concerns about this privacy and security policy, please contact:

AAPPSPA President

Heather Scheer, M.S., CCC-SLP

Email:  office@aappspa.org 

Phone: 206-650-4358  

Mailing Address: AAPPSPA, P.O. Box 355, Fairmont, MN 56031

 

ASHA CE Administrator  

Crystal Reszczynski

Email:  office@aappspa.org  

Mailing Address: AAPPSPA, P.O. Box 355, Fairmont, MN 56031

 

Compliance Statement

AAPPSPA is committed to complying with all ASHA CEB requirements related to privacy and security, as well as applicable federal and state privacy laws. We regularly review and update our practices to ensure ongoing compliance and to implement privacy and security best practices.