Document on Scandiatransplant

History and purpose

Scandiatransplant was founded in 1969 supported by the Nordic Council as a cooperation between a group of doctors (Nordic Expert Committee on Transplantation Matters) in the Nordic countries. The purpose was to facilitate the exchange of organs for transplantation between the countries so that retrieved organs could be given to the right patient. The main reasons for organ exchange within a system of cooperating transplant centers is to ensure that each donated organ is transplanted to the optimal recipient in terms of matching, and that patients in urgent need of an organ transplant have a realistic option of getting an organ offer. In order to facilitate these two requirements, a population size far greater than the individual countries is needed. By cooperating through the Scandiatransplant system, the member hospitals can provide:

1. Optimal matching with regards to tissue types (HLA matching) and other physical data (physical size, blood group)
2. Urgent waiting list system

The requirements of this cooperation evolved into an association when the “Articles of the Association Scandiatransplant” (http://www.scandiatransplant.org/about-scandiatransplant/organisation/ArticlesofAssociationforForeningenScandiatransplant.pdf) were adopted in Copenhagen in 1992.

The purposes of the organization are stated in Article 3:

• to serve as a common organ exchange organisation and allocation resource for its member hospitals including kidney, liver, heart, lung, pancreas, pancreatic islet, cellular, intestinal and multivisceral transplantation. This is done transparently, using ethical principles and in full compliance with the national legislation of the members’ countries,
• to maintain and operate a common waiting list for transplantation,
• to ensure complete traceability from organ donors to patients,
• to maintain and operate follow-up registries of transplanted patients,
• to maintain and operate follow-up registries of living donors,
• to serve as a collaborative platform through specialized working groups and advisory groups in order to facilitate best practice recommendations and policies optimizing retrieval, allocation and transplantation of organs, and
• to form a collaborative network for the member hospitals to promote research and development related to organ donation, allocation and transplantation.

Legal regulation and permissions

Scandiatransplant is the organ exchange organization (OEO) of the countries Finland, Sweden, Denmark, Norway, Iceland and Estonia. The association is owned by the hospitals performing organ transplantation in these countries, at the moment 11 hospitals. Each hospital has signed an Agreement of Membership (tegningsdokument).

The supreme authority of the association is the Council of Representatives, who are clinically active professionals appointed by the participating hospitals. The number of Representatives of each hospital depends on the number of organ transplantations carried out in the hospital.

The Board of the Association is responsible for the day to day operations. It consists of one person from each participating country plus a chairman. The office of the organization is placed at Aarhus University Hospital, Denmark.

The office maintains the Scandiatransplant IT-system, which is a clinical registry where transplant relevant data is collected and stored.

The present data system was set into operation late 1994. It has always been located at Aarhus University Hospital and is running according to permission given by the Danish Data Authorities (Datatilsynet) to the Hospitals in Region Midtjylland (RM), (Journalnummer: 2007-58-0008). In the permission (point 4A and 4C) it is stated that RM can have data on patients and donors of the university hospitals within the Scandiatransplant area and (point 5) other university hospitals in the Scandiatransplant region can receive these data.

The data responsible authority has been Region Midtjylland, Skottenborg 26, 8800 Viborg, Denmark. Scandiatransplant is currently working on Data Processor Agreements with all the member hospitals. According to these agreements, the hospitals are the Data Controllers and responsible for their data. All 11 member hospitals have currently signed a Data Processor Agreement with Scandiatransplant.

The servers are located together with the hospital systems in RM and serviced according to agreements with Region Midtjylland-IT and Scandiatransplant.

The implementation of the Scandiatransplant IT-system complies with GDPR the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

The Scandiatransplant IT-system is considered a most critical resource, which is why there is an emphasis on reliability, quality and confidentiality. The IT-system and office provides a quality and safety framework that covers relevant parts of the organ chain from donation to transplantation in compliance with EU directive 2010/53. The Scandiatransplant office recognizes the need for its users and employees to have access to the information they require in order to carry out their work and recognizes the role of information security in enabling this. Scandiatransplant office is the Data Processor, thus carrying out various tasks to make this possible for the users (data controllers).

The information security policy defines the framework within which information security will as an ongoing project be managed in the Scandiatransplant office. The goal is to maintain and continuously enhance information security based on the requirements outlined in GDPR, ISO 27000, 27001, 27002 and 27799 supported by in contact defined security roles and responsibilities.

Technical platform (type of software)

The Scandiatransplant IT-system is today solely based on a system named YASWA (yet another Scandiatransplant web application). The system runs on virtual servers running Ubuntu version 22.04 LTS as operating system (supported until april 2027). The primary server and database software is defined by Mono/C#.NET4.5 on the web-server side, which connects to a PostgreSQL database (version 11) for production data. The following script languages are used in the client: ecmascript/javascript, html, xml, xslt.

The primary web-server software is Nginx (version 1.18) handling SSL and redistributing actual application processing to Mono-threads. With only up to 10 concurrent users no load-balancing has been implemented. Instead surveillance jobs are watching processes for CPU- and memory-usage, where extreme usage are alerted to staff-members, which handles issues manually. Mono-threads are further contained by System V style init scripts, which handles startup, shutdown and revival upon unexpected death.

The Scandiatransplant system supports the following web-browsers:

◦ Microsoft Edge 79+

◦ Firefox 3.6+ (PC, Mac)

◦ Safari 4+

◦ Chrome 10+

◦ Opera 11+ (PC, Mac)

- mainly maintained by the Extjs-framework currently version 4.2.5.

For maintenance various other software is being utilized; e.g. perl, bash-scripting, etc.

Physical Security

SCTP has a Service-level agreement (SLA) with RM-IT, who takes care of the hardware running the virtual servers. Hardware malfunction on the physical servers is detected by Region Midtjylland (RM) personnel maintaining the data-centers.

Corrections are performed in coordinated cooperation with RM-staff whenever necessary.

Procedures for the various areas where encryption and other cryptographic techniques are applied here

Backup details here

Network Security Management is defined here

Auditing is implemented per transaction where userid (when available) and timestamp are always logged:

• login- or other service-attempts successful or not; the former adds ip- and client-information where as the latter causes system-administration-alerts and temporarily or permanently blacklisting depending on the nature of the attempt.
• when a user reads or manipulates information assets the involved data are logged in details;
• ie. UserID, time and full dataset before and after update.
• when a batch-job is performed proper identification and calling parameters are logged.
• extended logging on various extra functionality exists such as SMS- and mail-services.

Log-information are read-only and constrained depending on authorization-level for all users of the system.

Data quality is ensured by technical measures from low-end checking (required values, interval-testing, multiple field dependence; e.g. one date must be before another date, etc.) at time of data-entry to high-end quality control functionality running on demand or automatically at specific hours. XPath- and SQL-injections are prevented by always using Prepared Statements with Parameterized Queries.

Quality assurance on the software functionality is being tested during development more or less manually. But a more elaborate testing harness is regression testing coding changes and new features, so the outcome of core-functionality such as compliance of organ exchange are being examined based on tailor-made data, that targets the organ allocation rules of the Scandiatransplant association. After an update obligatory tests are made to ensure that all crucial functionalities are working.

Information Access Control Management here

The Scandiatransplant database has been created with the purpose only to give users the right to review or update data in relation to relevant management. This to fulfill the goal of exchanging organs between the 11 transplant centers in Scandiatransplant.

Asset management and risk assessment is and should be an ongoing project, which involves all employees at the Scandiatransplant office.