Member Login
Search

Georgia Speech Language Hearing Association Privacy and Security Policy
ASHA CE Provider Code: AADJ
Effective Date: March 8, 2025

Introduction

The Georgia Speech Language Hearing Association (GSHA) is committed to protecting the privacy and security of personal information of all individuals who participate in our ASHA Continuing Education (CE) programs. This policy outlines how we collect, use, store, protect, and share personal information in compliance with the American Speech-Language-Hearing Association (ASHA) Continuing Education Board (CEB) requirements effective 2025, as well as applicable federal and state privacy laws.

Scope

This policy applies to all personal information collected from CE program participants, including but not limited to:
- ASHA members
- Non-ASHA members
- Students
- International participants
- Course instructors and presenters
- Staff and contractors involved in CE activities

Definitions

Personal Information: Any information that can be used to identify an individual, including but not limited to name, ASHA account number, address, email, phone number, date of birth, certification/licensure information, and course participation records.

Sensitive Personal Information: Information that requires enhanced protection, including financial information, health information, demographic data, and government-issued identification numbers.

Collection of Personal Information

Types of Information Collected

We collect the following types of personal information:
- Full name
- ASHA account number (when applicable)
- Contact information (email, phone, address)
- Professional credentials and licensure information
- Course registration and completion data
- Payment information (when applicable)
- Demographic information (as required by ASHA for reporting purposes)
- Accessibility needs and accommodations requests
- Course evaluation responses
- Learning assessment results

Methods of Collection

Personal information is collected through:
- Online registration forms
- Course evaluations
- Learning assessments
- Email communications
- Telephone communications
- ASHA CE Registry reporting systems

Consent

We obtain explicit consent from individuals for the collection, use, and sharing of their personal information. Consent is obtained through:
- Clear privacy notices at the point of collection
- Opt-in mechanisms for data sharing beyond ASHA CE reporting requirements
- Clear explanation of how personal information will be used
- Option to withdraw consent (with understanding that this may impact CE credit reporting)

Use of Personal Information

The Georgia Speech Language Hearing Association (GSHA) uses personal information for the following purposes:
- Processing course registrations and payments
- Reporting course completion to the ASHA CE Registry
- Providing course materials and resources
- Issuing certificates of completion
- Conducting program evaluations
- Communicating about current and future CE opportunities
- Improving our CE programs based on participant feedback
- Complying with ASHA CEB requirements and audits
- Meeting legal and regulatory obligations

Data Security Measures

To protect personal information from unauthorized access, disclosure, alteration, or destruction, we implement the following security measures:

Technical Safeguards
- Encryption of personal information during transmission and at rest
- Secure, password-protected database systems
- Regular security updates and patch management
- Firewalls and intrusion detection systems
- Regular security assessments and vulnerability testing
- Backup systems and disaster recovery protocols

Administrative Safeguards
- Access controls based on job/volunteer responsibilities

Physical Safeguards
- GSHA is paper-free and does not keep physical records

Data Retention and Disposal

- Personal information is retained for four (4) years after course completion to comply with ASHA CEB requirements and state licensure board regulations
- When no longer needed, personal information is securely disposed of through:
- Secure deletion of electronic records
- Shredding of physical documents (if applicable)
- Annual review of stored data to identify and properly dispose of information that exceeds retention requirements

Data Sharing and Disclosure

ASHA CE Registry
- Course completion information is reported to the ASHA CE Registry for participants who provide their ASHA account number
- Information shared includes: participant name, ASHA account number, course information, completion date, and number of CEUs earned

Third-Party Service Providers
- We may share personal information with third-party service providers who help us deliver CE programs, including:
- Association management system providers
- Payment processors
- Email communication platforms
- Survey and evaluation tools
- All third-party service providers are contractually required to:
- Use personal information only for the purpose of providing the contracted service
- Implement appropriate security measures
- Comply with applicable privacy laws and regulations
- Not share or sell personal information to other parties

Legal Requirements
- We may disclose personal information when required by law, regulation, or legal process
- We will notify individuals of such disclosures unless prohibited by law

Individual Rights

Participants in our CE programs have the following rights regarding their personal information:

Right to Access
- Individuals may request a copy of their personal information that we maintain
- Requests will be fulfilled within [30] days

Right to Correction
- Individuals may request correction of inaccurate personal information
- Corrections will be made within [30] days and communicated to the ASHA CE Registry if applicable

Right to Deletion
- Individuals may request deletion of their personal information, except information that:
- We are required to maintain for ASHA CEB compliance
- Is necessary for our legitimate business interests
- Is required for legal or regulatory compliance

Right to Opt Out
- Individuals may opt out of:
- Marketing communications
- Sharing of information beyond what is required for ASHA CE reporting
- Certain types of data processing

Process for Exercising Rights
To exercise any of these rights, individuals should contact the GSHA President at:
- Email: [email protected]
- Phone: 404-860-2328
- Mail: Georgia Speech Language Hearing Association
P.O. Box 1867
Buford, GA 30515

Data Breach Notification

In the event of a data breach involving personal information:
- We will notify affected individuals within 30 days of discovery
- Notification will include:
- Description of the breach
- Types of information involved
- Steps we are taking to investigate and mitigate harm
- Measures individuals can take to protect themselves
- Contact information for questions
- We will notify the ASHA CEB of the breach as required
- We will comply with all applicable state and federal breach notification laws

Special Considerations for Virtual Learning Environments

For online and virtual CE programs:
- We implement additional security measures for virtual learning platforms
- Access to online courses is protected by unique login credentials
- Participant interactions and communications within virtual platforms are subject to this privacy policy
- We do not record participants without explicit consent
- If sessions are recorded, participants are notified in advance and given options to:
- Turn off their camera
- Use a virtual background
- Change their display name
- Participate via chat only

International Data Transfers

If personal information is transferred outside the United States:
- We ensure appropriate safeguards are in place to protect the information
- We comply with applicable international data protection laws
- We inform individuals if their data will be transferred internationally

Children's Privacy

Our CE programs are designed for adult professionals. We do not knowingly collect personal information from individuals under the age of 18.

Updates to This Policy

This privacy and security policy will be reviewed annually and updated as needed to reflect:
- Changes in ASHA CEB requirements
- Changes in applicable laws and regulations
- Changes in our CE program operations
- Technological developments

When this policy is updated:
- The revised policy will be posted on our website with an updated effective date
- Current CE program participants will be notified of material changes
- A copy of the updated policy will be available upon request

Contact Information

For questions or concerns about this privacy and security policy, please contact:

ASHA CE Administrator
Kara A. Jones, M.A, CCC-SLP
[email protected]

Compliance Statement

Georgia Speech Language Hearing Association (GSHA) is committed to complying with all ASHA CEB requirements related to privacy and security, as well as applicable federal and state privacy laws. We regularly review and update our practices to ensure ongoing compliance and to implement privacy and security best practices.