Home | Contact us    
Scientific Registry of Transplant Recipients Data Use Policy

One of the primary missions of the Scientific Registry of Transplant Recipients (SRTR) is to provide information and data to researchers and clinicians who have legitimate needs, and the SRTR will make every attempt to fulfill this mission. Possible reasons for denying a data request in whole or in part include: 1) the data are not collected and/or verified; 2) release of the data violates the Privacy Act or applicable federal or state laws on confidentiality of patient medical records or trade secrets; 3) the purpose of the data use is not sufficiently valuable to warrant a large-scale expenditure of time and effort; or 4) the data and information are excepted from disclosure under the Freedom of Information Act (FOIA). As a general rule, the SRTR does not release data with personal identifiers.1

The STAC is currently scheduled to meet on:
Thursday, February 23, 2012

There are 4 types of data requests:
  1. Simple Data Requests
    Data requests that can be fulfilled with existing data and do not require additional programming or analyses can generally be fulfilled quickly (i.e., less than 4 hours) and do not require a data use agreement (DUA) or the approval of the Health Resources and Services Administration (HRSA), SRTR Project Officer, or the SRTR Technical Advisory Committee (STAC). Data sets require a DUA and do not fall into the category of simple data requests. Any request requiring more than 4 hours of programming or analysis time will be considered under the fourth category, Data Requests for Additional SRTR Programming.
  2. Data Requests for Standard Analysis Files or Simulated Allocation Models
    Data requests that can be fulfilled by releasing a Standard Analysis File (SAF) and/or a Simulated Allocation Model (SAM) require a DUA. The release of an SAF or SAM under a DUA requires the prior approval of the SRTR, but generally does not require the prior approval of the STAC. DUAs must be renewed annually through the duration of the approved use.
  3. Data Requests Requiring Linkages
    Data requests that require the provision of personal identifiers to link with other public or private data sources can often be accommodated. To protect the private information of individuals in the transplant registry, the SRTR will perform the linkages and analyses that require the use of personal identifiers; the SRTR will release the resulting data as summary data or as individual data with encrypted identifiers. In exceptional circumstances, identifiers may be released to other government agencies or investigators for linkage, but only after authorization by the STAC and the HRSA SRTR Project Officer.
    This type of data request must be authorized by the HRSA SRTR Project Officer and the STAC. The STAC meets every 3 months; the SRTR must receive the data request at least 1 month before the meeting for it to be considered at that meeting. After STAC approval and the receipt on an acceptable finder file, the linkage will take 1-3 months to complete.
  4. Data Request for Additional SRTR Programming
    Data requests for additional SRTR analyses will be considered depending on resources available and reviewed on a case-by-case basis by the SRTR and HRSA SRTR Project Officer.
Cost
Standard Analysis Files cost $1000; each additional, updated SAF costs $500.
Simulated Allocation Models cost $1000 per model.

Requests for data or information that are estimated to require less than 4 hours of SRTR personnel time are generally fulfilled without charge.

Requests for data that require more than 4 hours of SRTR personnel time will require payment at an hourly rate, currently $120 per hour. Data sets are associated with a $1000 cost in addition to the hourly rate, while the cost of analytical results is based solely on the programming time required to fulfill the request. All patient linkage requests require more than 4 hours of SRTR personnel time. The SRTR will provide an estimate of the cost of the data request. Then, an estimated work-effort and payment agreement must be obtained before the programming proceeds.

A student discount is available for current students using SRTR data to fulfill requirements of a degree program. Starting January 1, 2012 the student discount will be available for medical doctors currently in residency or fellowship programs. Documentation is required and the student must be named as the principle investigator. For qualifying students, the cost of a SAF is $200 and the cost of each SAM is $200. No student discount is available for requests requiring additional SRTR programming.

Please contact the SRTR for details regarding adding investigators to a DUA, making an addendum to a current DUA, and other situations not laid out in this document.

Data Use by the SRTR under Contract with the Health Resources and Services Administration
The SRTR contractor and its collaborating institutions and investigators will conduct research and publish the results of research in peer-reviewed journals as contract deliverables. Research conducted under this contract does not require a DUA.

SRTR Publications
Reports and publications required by the contract will state that data and analyses contained in the report or publication have been supplied by the Scientific Registry of Transplant Recipients, that the authors alone are responsible for reporting and interpretation, and that all or part of the data used for these publications was collected pursuant to Contract No. HHSH250201000018C (Department of Health and Human Services, Health Resources and Services Administration, Rockville, Maryland). All manuscripts must be submitted to srtr@srtr.org prior to submission to be reviewed by HRSA as outlined in the DUA.
Authorship on SRTR Publications
When individuals have made a substantial contribution to the conduct of the study and the writing or revising of the manuscript, they shall be listed as authors. The assignment of authorship will follow guidelines established by the International Committee of Medical Journal Editors (ICMJE).2


Footnotes
1 http://www.hipaa.com/2009/09/hipaa-protected-health-information-what-does-phi-include/
HIPAA ‘Protected Health Information’: What Does PHI Include?

HIPAA.com has received from its readers requests for information on topics related to HIPAA Administrative Simplification Privacy and Security Rules and to updates to those rules reflected in the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009. Of particular interest to readers is: what exactly is protected health information (PHI)?

Protected Health Information

Protected health information is defined in two ways in Section 1171 of Part C of Subtitle F of Public Law 104-191 (August 21, 1996): Health Insurance Portability and Accountability Act of 1996: Administrative Simplification. These statutory definitions are of health information and individually identifiable health information.

“Health information means any information, whether oral or recorded in any form or medium, that– (A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of any individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.”

“Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:
(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.”

Protected health information is defined in 45 CFR 160.103, where “CFR” means “Code of Federal Regulations,” and, as defined, is referenced in Section 13400 of Subtitle D (Privacy) of the HITECH Act.
“Protected health information means individually identifiable health information (defined above):
(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable health information in:
(i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
(iii) Employment records held by a covered entity in its role as employer.”


The HIPAA Privacy Rule covers protected health information in any medium while the HIPAA Security Rule covers electronic protected health information.

Thus, the question arises as to what elements comprise protected health information such that if they were removed, items (i) and (ii) of (2) in the definition of individually identifiable health information would not obtain. The answer is in the de-identification standard and its two implementation specifications of the HIPAA Privacy Rule [45 CFR 164.514]:

“(a) Standard: de-identification of protected health information. Health information (defined above) that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.

(b) Implementation specifications: requirements for de-identification of protected health information. A covered entity may determine that health information is not individually identifiable health information only if:

(1) A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable:
(i) Applying such principles and methods, determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is subject of the information; and
(ii) Documents the methods and results of the analysis that justify such determination; or

(2)
(i) The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed:
(A) Names;
(B) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Censue:
(1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and
(2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
(C) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; all ages over 89 years and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
(D) Telephone numbers;
(E) Fax numbers;
(F) Electronic mail addresses;
(G) Social Security numbers;
(H) Medical record numbers;
(I) Health plan beneficiary numbers;
(J) Account numbers;
(K) Certificate/license numbers;
(L) Vehicle identifiers and serial numbers, including license plate numbers;
(M) Device identifiers and serial numbers;
(N) Web Universal Resource Locators (URLs);
(O) Internet Protocol (IP) address numbers;
(P) Biometric identifiers, including finger and voice prints;
(Q) Full face photographic images and any comparable images; and
(R) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section; and


(ii) The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.

(c) Implementation specifications: re-identification. A covered entity may assign a code or other means of record identification to allow information de-identified under this section to be re-identified by the covered entity, provided that:
(1) Derivation. The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and
(2) Security. The covered entity does not use or disclose the code or other means of record identification for any other purpose, and does not disclose the mechanism for re-identification.”

The release by HHS of the Interim Final Rule, “Breach Notification for Unsecured Protected Health Information,” published in the Federal Register on Monday, August 24, 2009, notes the following: “If information is de-identified in accordance with 45 CFR 164.514(b) [the first implementation specification, defined above], it is not protected health information, and thus, any inadvertent or unauthorized use or disclosure of such information will not be considered a breach for purposes of this subpart.” [74 Federal Register 42743]
Ed Jones, Author & Healthcare Authority

2 http://www.icmje.org/ethical_1author.html

Uniform Requirements for Manuscripts Submitted to Biomedical Journals: Ethical Considerations in the Conduct and Reporting of Research: Authorship and Contributorship
Byline Authors

An “author” is generally considered to be someone who has made substantive intellectual contributions to a published study, and biomedical authorship continues to have important academic, social, and financial implications (1). An author must take responsibility for at least one component of the work, should be able to identify who is responsible for each other component, and should ideally be confident in their co-authors’ ability and integrity. In the past, readers were rarely provided with information about contributions to studies from persons listed as authors and in Acknowledgments (2). Some journals now request and publish information about the contributions of each person named as having participated in a submitted study, at least for original research. Editors are strongly encouraged to develop and implement a contributorship policy, as well as a policy on identifying who is responsible for the integrity of the work as a whole. While contributorship and guarantorship policies obviously remove much of the ambiguity surrounding contributions, they leave unresolved the question of the quantity and quality of contribution that qualify for authorship. The ICJME has recommended the following criteria for authorship; these criteria are still appropriate for journals that distinguish authors from other contributors. Authorship credit should be based on 1) substantial contributions to conception and design, acquisition of data, or analysis and interpretation of data; 2) drafting the article or revising it critically for important intellectual content; and 3) final approval of the version to be published. Authors should meet conditions 1, 2, and 3.
  • When a large, multicenter group has conducted the work, the group should identify the individuals who accept direct responsibility for the manuscript (3). These individuals should fully meet the criteria for authorship/contributorship defined above, and editors will ask these individuals to complete journal-specific author and conflict-of-interest disclosure forms. When submitting a manuscript authored by a group, the corresponding author should clearly indicate the preferred citation and identify all individual authors as well as the group name. Journals generally list other members of the group in the Acknowledgments. The NLM indexes the group name and the names of individuals the group has identified as being directly responsible for the manuscript; it also lists the names of collaborators if they are listed in Acknowledgments.
  • Acquisition of funding, collection of data, or general supervision of the research group alone does not constitute authorship.
  • All persons designated as authors should qualify for authorship, and all those who qualify should be listed.
  • Each author should have participated sufficiently in the work to take public responsibility for appropriate portions of the content.

Some journals now also request that one or more authors, referred to as “guarantors,” be identified as the persons who take responsibility for the integrity of the work as a whole, from inception to published article, and publish that information.

Increasingly, authorship of multicenter trials is attributed to a group. All members of the group who are named as authors should fully meet the above criteria for authorship/contributorship.

The group should jointly make decisions about contributors/authors before submitting the manuscript for publication. The corresponding author/guarantor should be prepared to explain the presence and order of these individuals. It is not the role of editors to make authorship/contributorship decisions or to arbitrate conflicts related to authorship.

Contributors Listed in Acknowledgments

All contributors who do not meet the criteria for authorship should be listed in an acknowledgments section. Examples of those who might be acknowledged include a person who provided purely technical help, writing assistance, or a department chairperson who provided only general support. Editors should ask corresponding authors to declare whether they had assistance with study design, data collection, data analysis, or manuscript preparation. If such assistance was available, the authors should disclose the identity of the individuals who provided this assistance and the entity that supported it in the published article. Financial and material support should also be acknowledged.

Groups of persons who have contributed materially to the paper but whose contributions do not justify authorship may be listed under such headings as “clinical investigators” or “participating investigators,” and their function or contribution should be described—for example, “served as scientific advisors,” “critically reviewed the study proposal,” “collected data,” or “provided and cared for study patients.” Because readers may infer their endorsement of the data and conclusions, these persons must give written permission to be acknowledged.
Contact the SRTR
914 South 8th Street Suite S-206 Minneapolis, MN 55404
Tel: (877) 970-SRTR
Fax: (612) 347-5878
Email Us


The SRTR is administered by the Chronic Disease Research Group of the Minneapolis Medical Research Foundation,
with oversight and funding from the Health Resources and Services Administration.
Citation Advice