Security Guide

Information that your provide to DONOR

By using DONOR, you will be providing personal information into a number of forms across the DONOR sign-up process, including your name, photos or video, and details about your medical condition. By submitting such forms, you give us permission to contact you with messages that relate to your usage of DONOR. As part of the creating your personal DONOR story, you will also be asked to post this information on Facebook and other social media sites in order to share it with your loved ones, your personal network, and your friends’ networks, and beyond.

All information you enter into DONOR forms is voluntary and you may at any time decide to cease your usage of DONOR and ask that your profile be removed and information deleted from our databases. However, if you have shared any information via social network posts, the information that resides on those social networks is under the control of the operators of those social networks and you must contact them to remove it as DONOR has no ability to do so.

Doctors, Transplant Center Staff, and select Administrators and Contracted Systems Managers may have access to the information that you submit or that we collect regarding your use of the DONOR site and application, on an as-needed basis, for the purpose of performing their respective duties for DONOR or our partners. We use all of this information and data to administer and improve the operations of DONOR.

We maintain logs to record data about visitors who use the DONOR site and application and we will store this information. These logs may contain the IP address, operating system and type of device used to access this site, along with the date and time of any visit. All logs are stored securely and are accessible to a very limited number of employees and contractors, who have to contractually adhere to strict guidelines regarding user data security and privacy.

DONOR is not available to anyone under the age of 18, and if we discover we have collected personal information from a child under 18 we will delete that information. Please do not use DONOR if you are under the age of 18.

Security of the DONOR System

DONOR is comprised of a secure web application plus a secure database storage system that provides a safe environment for patients, doctors, and transplant centers to create online profiles for patients seeking living donors for Liver and Kidney transplants. DONOR stores minimal Patient Health Information (PHI) — patient full name and email and/or phone number, entered by a healthcare provider or research administrator and confirmed by a patient upon accessing the system and creating a profile. DONOR employs industry standard security mechanisms to ensure all PHI is stored safely and securely, and to ensure all transmission of PHI is done via encrypted channels.

Secure HTTP (HTTPS) and Secure Sockets Layer (SSL)

All external communication with DONOR utilizes industry standard SSL encryption. This includes all web browser interaction that doctors and transplant center staff may have with the management interface, Johns Hopkins Medicine may have with the administrative and reporting interface, and patients have with the profile creation and social sharing interface. Additionally, all Application Programming Interface (API) calls made by DONOR to any 3rd Party apps (via APIs) for the purpose of extending DONOR’s functionality are also required to use SSL encrypted connections. Any non-SSL connections are automatically redirected to use SSL-encrypted connections.

Any logins to DONOR servers use Secure Shell (SSH) with secure certificate-based logins (password logins are disabled). Logins to servers and access to databases and backups are controlled so that only those members of the DONOR engineering and operations teams that need to access these services are provided that access.

Internally, connections between all servers and between different services (notably with the DONOR redundant database) also utilize only secure connections, either via SSL-encrypted HTTP connections or SSH connections.

Secure Database Storage

DONOR employs multiple layers of security when storing data in Johns Hopkins Medicine-controlled databases.

All databases utilize operating system-level encrypted disk storage for all files stored to local drives. All database backups are similarly encrypted upon storage and are collected only using secure connections, which provides data-at-rest security.

When connecting to the DONOR database, the DONOR web app software requires use of industry-standard SSL connections, which provides data-in-motion security. This includes the communication between all live and replication-backup databases that Johns Hopkins Medicine runs to ensure data availability.

Access to Information

DONOR utilizes industry-standard permissions and authentication systems for controlling access to information contained in the DONOR system. Web-based logins are protected by secure password storage (with password requirements that exceed industry standard) and permissions are provided only for those users that are allowed to search and view PHI data via the DONOR administrative and management interfaces. Within Johns Hopkins Medicine, only specific individuals have access to the DONOR management portal.

3rd Party Systems

DONOR makes use of certain 3rd Party systems and services to extend the functionality of the core web application. Specifically, the following 3rd Party applications are used:

  1. Google Analytics for tracking site usage
  2. Sentry for collecting errors within the web application and web interface
  3. Mailgun for sending email messages
  4. Twilio for sending text messages
  5. Heroku and Amazon Web Services for operating the DONOR servers and databases

All 3rd Party system usage is performed either through secure web interfaces or via SSL-encrypted API calls to those services by DONOR.


All questions on DONOR’s Privacy Policy should be directed to