One of the primary missions of the Scientific Registry of Transplant Recipients (SRTR) is to provide information and data to researchers and clinicians who have legitimate needs. SRTR will make every attempt to fulfill this mission.

Limitations on Data Release
Possible reasons for denying a data request in whole or in part include:

1. The data are not collected and/or verified;
2. Release of the data violates the Privacy Act or applicable federal or state laws regarding confidentiality of patient medical records or trade secrets;
3. The purpose of the data use is not sufficiently valuable to warrant a large-scale expenditure of time and effort; or
4. The data and information are an exception from disclosure under the Freedom of Information Act (FOIA).¹

Making a Data Request
Please request data from SRTR in writing at srtr@srtr.org. In your request, please include the following information:

• Your contact information: name, business/organization name, mailing address, telephone number, and e-mail address; and
• Description of data requested.

Once the initial request is received, we will supply any necessary documentation. All data requests requiring a data use agreement (DUA) will require a signed data release agreement, a data security plan, and a research plan.

Types of Data Requests
There are four main types of data requests:  

1. Simple Data Requests
   Data requests that can be fulfilled with existing data and do not require additional programming or analyses can generally be fulfilled quickly (i.e., in less than 4 hours) and do not require a DUA or the approval of the Health Resources and Services Administration (HRSA), the HRSA SRTR Project Officer, or the SRTR Technical Advisory Committee (STAC). Data sets require a DUA and do not fall into the category of simple data requests. Any request requiring more than 4 hours of programming or analysis time will be considered under the fourth category, Data Requests Requiring Additional SRTR Programming.
2. Data Requests for Standard Analysis Files or Simulated Allocation Models
   Data requests that can be fulfilled by releasing a Standard Analysis File (SAF) and/or a Simulated Allocation Model (SAM) require a DUA. The release of an SAF or SAM under a DUA requires the prior approval of the SRTR, but generally does not require the prior approval of the STAC. DUAs must be renewed annually through the duration of the approved use.
3. Data Requests Requiring Linkages
   Data requests that require a linkage to an external data source or use of personal identifiers to link with other public or private data sources can often be accommodated. To protect the private information of individuals in the transplant registry, SRTR will perform the linkages and analyses that require use of personal identifiers; SRTR will release the resulting data as summary data or as individual data with encrypted identifiers. In exceptional circumstances, identifiers may be released to other government agencies or investigators for linkage, but only after authorization by the STAC and the HRSA SRTR Project Officer.
   All data requests requiring linkages must be authorized by the STAC and the HRSA SRTR Project Officer. The STAC currently votes through electronic communications. SRTR sends all relevant documentation and background information to the STAC to assist with voting and approval. The STAC is allowed at least 2 weeks to vote on the request, and the STAC may ask that researchers clarify any unclear aspect of their research plan. After STAC approval and receipt of an acceptable finder file, the linkage will take several months to complete.
4. Data Request for Additional SRTR Programming
   Data requests requiring additional SRTR analyses will be considered depending on resources available, and will be reviewed on a case-by-case basis by SRTR and the HRSA SRTR Project Officer.

Cost
SAFs cost $1000; each additional, updated SAF costs $500.
SAMs cost $1000 per model.

Data requests that are estimated to require less than 4 hours of SRTR personnel time are generally fulfilled without charge and completed within 30 days.
Data requests that require more than 4 hours of SRTR personnel time require payment at an hourly rate, currently $120 per hour. Data sets are associated with a $1000 cost in addition to the hourly rate. The cost of analytical results is based solely on the programming time required to fulfill the request. All patient linkage requests require more than 4 hours of SRTR personnel time. SRTR will provide an estimate of the cost of the data request. Then, an estimated work-effort and payment agreement must be obtained before the programming proceeds.

A student discount is available for current students using SRTR data to fulfill requirements of a degree program. The student discount is available for medical doctors currently in residency or fellowship programs. Documentation is required and the student must be named as the principal investigator. For qualifying students, the cost of a SAF is $200 and the cost of each SAM is $200. No student discount is available for requests requiring additional SRTR programming.

Please contact SRTR for details regarding adding investigators to a DUA, altering the research plan of a current DUA, and other situations not described on this page.

Use of SRTR Data under Contract with HRSA
Before submitting an abstract, manuscript, or other aggregation data to another party for presentation or publication, the recipient must submit it to the SRTR for review. The SRTR will then submit the document to HRSA for final review and approval. If the abstract, manuscript, or data aggregation does not reflect compliance with the terms of the DUA, the recipient will revise and resubmit to the SRTR. Upon publication, the recipient will provide a copy of the final work and a complete citation to the SRTR and PO.

Publications using SRTR data
All publications using the released Data must contain the standard disclaimer: “The data reported here have been supplied by the Minneapolis Medical Research Foundation (MMRF) as the contractor for the Scientific Registry of Transplant Recipients (SRTR). The interpretation and reporting of these data are the responsibility of the author(s) and in no way should be seen as an official policy of or interpretation by the SRTR or the U.S. Government”.

In addition, all publications using the released Data must contain this standard statement within the methods section of the publication: “This study used data from the Scientific Registry of Transplant Recipients (SRTR). The SRTR data system includes data on all donor, wait-listed candidates, and transplant recipients in the US, submitted by the members of the Organ Procurement and Transplantation Network (OPTN), and has been described elsewhere (reference). The Health Resources and Services Administration (HRSA), U.S. Department of Health and Human Services provides oversight to the activities of the OPTN and SRTR contractors.” Optional publication reference: Levine GN, McCullough KP, Rodgers AM, Dickinson DM, Ashby VB, Schaubel DE. Analytical methods and database design: implications for transplant researchers, 2005. Am J Transplant 2006; 6(5 Pt 2): 1228-1242. Other references, may be used if deemed appropriate for the content of the publication.

Authorship on Publications
When individuals have made a substantial contribution to the conduct of the study and the writing or revising of the manuscript, they shall be listed as authors. The assignment of authorship will follow guidelines established by the International Committee of Medical Journal Editors (ICMJE).²

Footnotes

---

¹ http://www.hipaa.com/2009/09/hipaa-protected-health-information-what-does-phi-include/
Relevant information from the website is reproduced below.

HIPAA ‘Protected Health Information’: What Does PHI Include?

HIPAA.com has received from its readers requests for information on topics related to HIPAA Administrative Simplification Privacy and Security Rules and to updates to those rules reflected in the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009. Of particular interest to readers is: what exactly is protected health information (PHI)?

Protected Health Information

Protected health information is defined in two ways in Section 1171 of Part C of Subtitle F of Public Law 104-191 (August 21, 1996): Health Insurance Portability and Accountability Act of 1996: Administrative Simplification. These statutory definitions are of health information and individually identifiable health information.

“Health information means any information, whether oral or recorded in any form or medium, that–
(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
(B) relates to the past, present, or future physical or mental health or condition of any individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.”

“Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:
(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.”

Protected health information is defined in 45 CFR 160.103, where “CFR” means “Code of Federal Regulations,” and, as defined, is referenced in Section 13400 of Subtitle D (Privacy) of the HITECH Act.

“Protected health information means individually identifiable health information (defined above):
(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable health information in:
(i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
(iii) Employment records held by a covered entity in its role as employer.”

The HIPAA Privacy Rule covers protected health information in any medium while the HIPAA Security Rule covers electronic protected health information.

Thus, the question arises as to what elements comprise protected health information such that if they were removed, items (i) and (ii) of (2) in the definition of individually identifiable health information would not obtain. The answer is in the de-identification standard and its two implementation specifications of the HIPAA Privacy Rule [45 CFR 164.514]:

“(a) Standard: de-identification of protected health information. Health information (defined above) that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.

(b) Implementation specifications: requirements for de-identification of protected health information. A covered entity may determine that health information is not individually identifiable health information only if:

(1) A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable:
(i) Applying such principles and methods, determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is subject of the information; and
(ii) Documents the methods and results of the analysis that justify such determination; or

(2)

(i) The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed:

(A) Names;
(B) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census:

(1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and
(2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.

(C) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; all ages over 89 years and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
(D) Telephone numbers;
(E) Fax numbers;
(F) Electronic mail addresses;
(G) Social Security numbers;
(H) Medical record numbers;
(I) Health plan beneficiary numbers;
(J) Account numbers;
(K) Certificate/license numbers;
(L) Vehicle identifiers and serial numbers, including license plate numbers;
(M) Device identifiers and serial numbers;
(N) Web Universal Resource Locators (URLs);
(O) Internet Protocol (IP) address numbers;
(P) Biometric identifiers, including finger and voice prints;
(Q) Full face photographic images and any comparable images; and
(R) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section; and

(ii) The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.

(c) Implementation specifications: re-identification. A covered entity may assign a code or other means of record identification to allow information de-identified under this section to be re-identified by the covered entity, provided that:
(1) Derivation. The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and
(2) Security. The covered entity does not use or disclose the code or other means of record identification for any other purpose, and does not disclose the mechanism for re-identification.”

The release by HHS of the Interim Final Rule, “Breach Notification for Unsecured Protected Health Information,” published in the Federal Register on Monday, August 24, 2009, notes the following: “If information is de-identified in accordance with 45 CFR 164.514(b) [the first implementation specification, defined above], it is not protected health information, and thus, any inadvertent or unauthorized use or disclosure of such information will not be considered a breach for purposes of this subpart.” [74 Federal Register 42743]

Ed Jones, Author & Healthcare Authority

² http://www.icmje.org/ethical_1author.html
Relevant information from the website is reproduced below.

Uniform Requirements for Manuscripts Submitted to Biomedical Journals: Ethical Considerations in the Conduct and Reporting of Research: Authorship and Contributorship
Byline Authors

An “author” is generally considered to be someone who has made substantive intellectual contributions to a published study, and biomedical authorship continues to have important academic, social, and financial implications (1). An author must take responsibility for at least one component of the work, should be able to identify who is responsible for each other component, and should ideally be confident in their co-authors’ ability and integrity. In the past, readers were rarely provided with information about contributions to studies from persons listed as authors and in Acknowledgments (2). Some journals now request and publish information about the contributions of each person named as having participated in a submitted study, at least for original research. Editors are strongly encouraged to develop and implement a contributorship policy, as well as a policy on identifying who is responsible for the integrity of the work as a whole. While contributorship and guarantorship policies obviously remove much of the ambiguity surrounding contributions, they leave unresolved the question of the quantity and quality of contribution that qualify for authorship. The ICJME has recommended the following criteria for authorship; these criteria are still appropriate for journals that distinguish authors from other contributors. Authorship credit should be based on 1) substantial contributions to conception and design, acquisition of data, or analysis and interpretation of data; 2) drafting the article or revising it critically for important intellectual content; and 3) final approval of the version to be published. Authors should meet conditions 1, 2, and 3.

• When a large, multicenter group has conducted the work, the group should identify the individuals who accept direct responsibility for the manuscript (3). These individuals should fully meet the criteria for authorship/contributorship defined above, and editors will ask these individuals to complete journal-specific author and conflict-of-interest disclosure forms. When submitting a manuscript authored by a group, the corresponding author should clearly indicate the preferred citation and identify all individual authors as well as the group name. Journals generally list other members of the group in the Acknowledgments. The NLM indexes the group name and the names of individuals the group has identified as being directly responsible for the manuscript; it also lists the names of collaborators if they are listed in Acknowledgments.
• Acquisition of funding, collection of data, or general supervision of the research group alone does not constitute authorship.
• All persons designated as authors should qualify for authorship, and all those who qualify should be listed.
• Each author should have participated sufficiently in the work to take public responsibility for appropriate portions of the content.

Some journals now also request that one or more authors, referred to as “guarantors,” be identified as the persons who take responsibility for the integrity of the work as a whole, from inception to published article, and publish that information.

Increasingly, authorship of multicenter trials is attributed to a group. All members of the group who are named as authors should fully meet the above criteria for authorship/contributorship.

The group should jointly make decisions about contributors/authors before submitting the manuscript for publication. The corresponding author/guarantor should be prepared to explain the presence and order of these individuals. It is not the role of editors to make authorship/contributorship decisions or to arbitrate conflicts related to authorship.

Contributors Listed in Acknowledgments

All contributors who do not meet the criteria for authorship should be listed in an acknowledgments section. Examples of those who might be acknowledged include a person who provided purely technical help, writing assistance, or a department chairperson who provided only general support. Editors should ask corresponding authors to declare whether they had assistance with study design, data collection, data analysis, or manuscript preparation. If such assistance was available, the authors should disclose the identity of the individuals who provided this assistance and the entity that supported it in the published article. Financial and material support should also be acknowledged.

Groups of persons who have contributed materially to the paper but whose contributions do not justify authorship may be listed under such headings as “clinical investigators” or “participating investigators,” and their function or contribution should be described—for example, “served as scientific advisors,” “critically reviewed the study proposal,” “collected data,” or “provided and cared for study patients.” Because readers may infer their endorsement of the data and conclusions, these persons must give written permission to be acknowledged.

Last updated: 8/29/2012