An Overview of NPTE Security
Mark Lane, PT
Forum, Volume 20, Number 1
In today’s world, the word, “security” is ubiquitous. Many times a day we hear it on television, we read it in the newspaper, and we use it in everyday conversation. We take steps to provide ourselves with security from credit card fraud or from computer hackers on our personal or work computers. We patiently wait through long lines when we travel in order to go through airport security. We double check to make sure our house and automobiles are locked and secure.
An Important Value
Security is something we all strive for. It is a value we hold dear. In fact in the last presidential election, national security was often cited as the reason that voters selected the incumbent over his opponent. Indeed “homeland security” is a new Federal agency developed to increase national security. Unfortunately security is not an absolute. We cannot speak in terms of “being completely secure,” we can only speak in terms of being “more secure” or as “secure as possible.” And we have to always be aware that there is the potential for a security breach at any moment. The minute we feel secure and let down our guard is the moment we are most vulnerable.
A New Paradigm
The security of the National Physical Therapy Examination has always been of high importance. As we look at the historical documents related to the NPTE, including exam policies, security is often mentioned. Recently, however, we have had to rethink our view of security. Much as 9/11 changed how this country viewed security, the NPTE cheating episodes of 2002 made us review our own paradigms regarding security. As a result we have broadened our definitions and expanded our scope as it relates to security. We have realized that we cannot simply maintain policies related to security. Security must always be in the forefront of our minds and focus.
Security Watch
In light of this focus on security, we have developed this new column in the Forum, “Security Watch.” This column will apprise our members and other readers of critical security issues. We want our members and the exam stakeholders to be aware of the issues surrounding exam security. We want and need partners in maintaining, improving and monitoring exam security. As we impel the FSBPT to become more secure, we ask member boards to also continually review their policies and procedures related to security. You will continue to see articles on cheating and its impact on examinations. We will also provide summaries of actual security breaches related to the NPTE or other examinations in order to make the readership aware. We will provide opportunities for our member boards to discuss security issues.
Detection
A good examination security program comprises three critical aspects: detection, remediation and prevention. Detection involves detecting any security breaches that may occur. This aspect includes analysis of items over time to determine if items have been compromised. In also includes having a “tip” email address. Did you know that candidates or anyone else can send a report of a security breach to security@fsbpt.org? Exam forensics is another aspect of detection. This involves ongoing review of statistics and evidence of significant changes in results over time. It may include reviewing significant increases in exam scores on re-takes or it may be reviewing of significant changes in test scores at one particular testing center. Neither of these changes indicates an actual security breach. They simply provide information that needs to be explored further. Web monitoring is another aspect of security breach detection. Since the cheating episodes of 2002, we have had to monitor internet websites daily. Many mechanisms utilized at our exam test sites such as videotaping all candidates falls into the detection category.
Remediation
Remediation involves having policies in place to not only deal with the causes of the breach but to also recover from the breach. A good security plan includes an emergency plan. The Federation has developed a comprehensive emergency plan. Within the emergency plan is a plan to continually build and increase the item bank. Also within the plan are specific outlines of action to be taken as a result of various security breaches.
Prevention
Prevention is probably the most important aspect of a security plan. As the adage states, “an ounce of prevention is worth a pound of cure.” Prevention in an exam program includes continual warnings to candidates so that they are aware of their obligations when they sit for the exam as well as the consequences of cheating. Prior to seeing the first question, candidates must click on an agreement stating they will not share recalled questions. A good security prevention plan also includes policies related to frequency of item use and strict retake policies. Other aspects of prevention include the security measures implemented at the Prometric testing centers such not allowing candidates to take personal items in the testing room.
Prevention also includes education of stakeholders such as the faculty of physical therapy programs. Students need to know that if they cheat, they may loose the ability to ever practice physical therapy. Licensing boards may be able to educate those candidates from different cultures where values may differ to understand the implications of cheating in this culture.
Many of the recommendations provided by the 2003 NPTE Commission, an external commission that reviewed pass rate fluctuations of the NPTE, are related to prevention. Among these are many of the NPTE changes that are being implemented in March 2005. Included among these changes is increasing the number of forms and assuring that no candidate ever sees the same question twice. Another recommendation is providing the exam in sections.
Review of our Security Program
In 2004, the FSBPT participated in an external security audit of our exam program. This audit, while recognizing many of the things we do well in relation to security, also identified areas for improvement. The Federation is currently working on implementing many of the recommendations provided by this audit.
Physical Security
The Federation goes to great strides to assure physical security which includes security of the building, the servers and the item bank. If the reader visits the Federation offices, this will become readily apparent. The building is only entered via a secure pass code. Guests must sign in and are monitored while in the building. Beyond this, areas in which staff works on the exams have additional security. Great lengths are taken to assure the security of the item bank and the exam questions. Security policies and procedures are carefully followed. In addition to having an audit of the security related to exam development process, an audit is also scheduled to look at the security of the servers and the systems. This audit will include legitimate hackers who will try to breach the security systems to assure that they have sufficient safeguards.
Security Involves You
A comprehensive exam security program involves more then assuring the security of exam development and administration, it also involves our member boards. Since member boards are responsible for approving a candidate to sit for the exam, it is critical that each member board have policies and procedures in place that assure only qualified applicants sit for the exam. This author suspects that policies and procedure vary widely between member boards – some boards being extremely careful, while others may be not so careful. Other stakeholders also need to be involved. Educators including clinical educators are critical for helping instill professional values in students.
Security will continue to be an important term in the world, in this country and in relationship to the National Physical Therapy Examination. We hope to continue to educate ourselves, our members and the stakeholders of the many nuances and issues related to examination security. As we do this, we can work together to continue to maintain the excellence of the NPTE program and assure it will continue to carry out its critical function related to public protection.
Cheating in the News
- Lance Ulanoff, in his article, Bamboozled with Technology of May 27, 2004 in PC Magazine online, states that every step forward in technology provides an opportunity to create new technology to beat the system. Ulanoff cites the dialing software that has been used to override American Idol’s “one vote per person” phone system. His research shows that phone system hacking or “phreaking” has already been around, but has been evolving to overcome new technology designed to thwart the old tricks. He points out that with new opportunities to cheat, contest and test organizers find that they need to be proactive.
- Houston’s School District has created an investigative team and tougher testing practices to decrease the amount of cheating in its schools by teachers who are pressured to make sure their students pass the state’s assessment tests. They have instituted a hotline to report cheating, which goes directly to the Inspector General.