Organize awesome events.Our all-in-one event management software keeps organizers sane & attendees happy.

MotorsportReg.com has the optional ability to collect medical information required for club racing. We occasionally get asked whether or not we're compliant with the Health Insurance Portability and Accountability Act (HIPAA) passed in 1996.

Generally these inquiries come from people who work in the medical industry where nearly everyone is subject to HIPAA because either they are a "covered entity" or because they do business with one. Covered entities are defined under HIPAA as:

• a health care provider that conducts certain transactions in electronic form


• a health care clearinghouse


• a health plan

There are a series of handy flow charts that help walk through the process in detail. MotorsportReg.com meets none of these definitions and thus we are not subject to HIPAA.

Whether we are subject to HIPAA or not, we still must comply with PCI DSS and other data security laws and as privacy-minded citizens ourselves, we care a lot about keeping this information secure but accessible for its intended use: saving lives in the case of an emergency. In our system, participant medical information is accessible only in a single report formatted for use by the on-site ambulance or emergency crews. We restrict access to authorized administrators in the same way that paper forms would be protected.

Some organizations like the SCCA have stopped asking for medical information on their registration forms. I think it's a combination of risk management and advances in medicine. ALS crews reportedly don't trust the blood type written on a helmet because they can test it in seconds making collection a moot point. With concerns around identity theft and increased sensitivity towards privacy, we expect to see more clubs drop this requirement.

People ask us all the time if we accept Paypal. We don't. Of course the next question is, "why not?" This article from the Wall Street Journal contains the reason:

You'll Get Weaker Protections. Security is frequently touted as one of the upsides to alternate-payment programs. After all, there is no credit-card number to steal. "But that means you won't have the same protections as if you were paying with a credit card," said Consumer Federation's Ms. Grant. "[Fraud] coverage is extremely limited, and whatever protections the service does give you are voluntary."

I'm not singling out Paypal here; it's simply the most popular example of an unregulated financial institution. They are not bound by the same laws as banks and consumers do not enjoy the protection of FDIC insurance or credit card liability limitations. While the risk is low, it would be a critical condition if you're an event organizer with $10,000 of invoices and a frozen Paypal account.

Here at MotorsportReg.com, we'll continue to accept good old fashioned, guaranteed payment so organizers don't have to worry about their bank account going dry. We pay out every two weeks via direct deposit whether you're due $1 or $100,000. Like clockwork!

Update Jan 24th: Paypal freezes Ron Paul donations. Yikes!

Update 2014: To be clear, we're mostly talking about protections for event organizers who would RECEIVE money.  Paypal is certainly secure in the sense of protecting attendee cardholder data.  However, you have less control on the merchant side.  Here are two examples from the past year that demonstrate this is an ongoing challenge that could be devastating to an event organizer who needs to pay their bills:

Paypal Freezes $45,000 of Mailpile's Crowdfunded dollars (2013)

Paypal Freezes $35,000 donation to fund treatment for a cancer patient (2013)

Our support inbox frequently receives inquiries from driving school instructors asking how to make our system recognize their status. "It says I am only an attendee but I have been instructing for 5 years!"

Since each club (and indeed, even each chapter within a larger club) has differing qualifications for who can instruct at an event, only the event organizer can mark a member as an instructor.

The short answer is you must contact the event registrar and have them update your account. This is a one-time procedure that recognizes your qualification for the club.

Some organizers have expressed interest in being able to search the database of instructors to find additional volunteers if they are short on staff. We agree this would be a useful resource for organizers in a pinch (and discounted or free track time available for the instructor) and are seeing how we can make this work sensibly.