2 min read

Organ donation registries and HIPAA

Organ donation registries and HIPAA

Registries serve as a centralized database where individuals voluntarily register their consent to donate organs, tissue, or eyes. While organ donation registries maintain information on donor consent, they typically do not handle detailed medical information until accessed by authorized personnel. For this reason, HIPAA generally does not directly apply to organ donation registries. There are however instances where communications with other entities involved with the donation process need to align with HIPAA standards for secure communication. 

 

What is an organ donation registry? 

An organ donation registry is a secure, centralized database where individuals can voluntarily record their decision to donate organs, tissues, or eyes after death. Once donors pass away healthcare providers and organ procurement organizations (OPOs) can access the registry to confirm the donor's wishes. 

These registries are managed on different levels from state to organizational to streamline the donation process. According to an article in the American Journal of Transplantation, “The US organ procurement system comprises 59 OPOs, which provide all of the deceased donor organs for the nation's 287 transplant centers.”

 

Types of organ donation registries 

National registries 

The Donate Life America registry is a national organ donation registry in the US, allowing people from any state to register their intent to donate organs. It works alongside state registries to increase the availability of organs for transplant. 

 

State based registries 

Most U.S. states have their organ donation registries. These registries allow residents to officially register their consent to donate organs after death. Registration is often linked to driver's license applications or renewals making it easier for individuals to indicate their willingness to be donors.

 

Hospital and institutional registries 

Some hospitals, medical centers, or research institutions may maintain internal organ, tissue, or body donation registries. These are used in specialized cases like donations to research or for transplants within the organization. 

 

Living donor registries 

These registries allow individuals who are willing to donate organs while alive (like kidneys or part of a liver) to register their availability. Living donors can specify conditions for donations like whether they wish to donate to a stranger or a specific person. 

 

How organ donation registries work

  1. Individuals can voluntarily sign up for an organ donation registry like those mentioned above. Registration can be done online through the DMV or in healthcare settings. 
  2. When someone registers, they specify their consent to donate organs, tissues, or eyes upon death. The consent includes which organs they wish to donate. 
  3. The individual's information is securely stored in a database managed by the state, hospital, or organization responsible for the registry. The database is only accessible to authorized personnel, like healthcare providers and OPOs. 
  4. After consent is confirmed the OPO coordinates with transplant centers to match donors to waiting recipients. 

Understanding HIPAAs exclusion

HIPAAs exclusion for organ donation applies in specific circumstances allowing covered entities to disclose protected health information (PHI) without patient authorization to OPOs. The Privacy Rule allows for disclosures to OPOs considered necessary for public health purposes. Healthcare providers can share relevant PHI to coordinate the donation process, assess donor suitability, and match recipients with available organs. 

However, this exclusion is limited to activities directly related to organ donation. In the case of organ donation registries, while they maintain information on donor consent, they typically do not handle detailed medical information until accessed by authorized personnel.

Related: Safeguarding PHI in organ donation

 

Why should HIPAA compliant email be used

HIPAA compliant email should be used in communications between registries and those involved in the donation process like healthcare providers, OPOs, and transplant centers because these interactions can involve the sharing of PHI. While registries primarily handle donor consent, once a potential donor is identified, sensitive medical details like health status and medical history must be shared to assess viability and match organs to recipients. 

HIPAA applies to these communications (note it applies to the communications but does not commonly apply to the registries) since they include PHI. HIPAA compliant email makes sure that this information remains encrypted, preventing unauthorized access or breaches. 

 

FAQs

What is the function of an organ procurement organization?

An organ procurement organization's function is to facilitate the recovery and distribution of organs from deceased donors to transplant centers. 

 

How are organ procurement organizations classified by HIPAA?

They are classified as covered entities. 

 

What is encryption? 

The process of converting information into secure code to prevent unauthorized access during transmission and storage.