Summary
As defined by the Centers for Disease Control and Prevention (CDC), Immunization Information Systems (IIS) are "confidential, population-based, computerized databases that record all immunization doses administered by participating providers to persons residing within a given geopolitical area." This CRS report provides background on IISs, an overview of the role of IISs in the Coronavirus Disease 2019 (COVID-19) pandemic, an overview of data and technology challenges faced by IISs, a summary of legislative developments related to IISs, and a discussion of further selected policy considerations.
What Are Immunization Information Systems?
There are currently 63 IISs in the United States, including in all 50 states, the District of Columbia, four localities, five territories, and three freely associated states. IISs, commonly referred to as immunization registries, are primarily governed by and operated under laws and policies at the state, local, territorial, and tribal (SLTT) level. IISs are typically housed in SLTT public health departments. The federal government, primarily though the CDC (which is based in the Department of Health and Human Services HHS), supports these systems through grant funding, by developing and promoting common IIS standards, and other activities.
IISs enable authorized users—such as patients and providers—to access consolidated immunization history records containing information on all vaccinations an individual has received from providers that report to the IIS. In addition, public health agencies use aggregate IIS data to monitor and analyze immunization trends in their jurisdictions. IISs can also aid with infectious disease outbreak response, automated vaccine reminders, vaccine supply management, and other public health functions. States and other jurisdictions generally share aggregate de-identified IIS data (i.e., data with personal identifiers such as names removed) with CDC for national monitoring and analysis of immunization trends. Currently, IISs and other data systems collect data on COVID-19 vaccinations from providers, per CDC requirements.
What Challenges Do IISs Face?
Most states and other jurisdictions established their IIS programs in the 1990s and have developed their systems separately from one another. Therefore, IISs have operated under a patchwork of different laws, regulations, and policies at the SLTT level, and have had different functionalities and data practices. In addition, IISs operate on different technology platforms that are, in some cases, outdated or not fully interoperable with other IISs or the health care system. Although various CDC and Centers for Medicare & Medicaid Services programs have encouraged IIS standardization and interoperability with the health care sector, not all IIS programs have consistently implemented changes.
During the COVID-19 pandemic, the large volume of data collection has reportedly overwhelmed the capabilities of some IISs and exacerbated long-standing issues with their technology, staffing, and functioning. Moreover, not all IIS programs share data across state borders, thereby limiting the ability to reconcile information about COVID-19 vaccine doses individuals have received in different jurisdictions. States and other jurisdictions have received CDC COVID-19 grant funding that can be used, in part, to fund IIS technology and operations. Many states and other jurisdictions have made initial IIS improvements for pandemic response but still rely on labor-intensive and outdated technology.
Legislative Developments
In two FY2021 COVID-19 relief laws (P.L. 116-260 and P.L. 117-2), CDC received a total of $16.25 billion for efforts to plan, promote, distribute, administer, monitor, and track COVID-19 vaccines in addition to broader public health funds that can support vaccination efforts. A portion of this funding is designated for SLTT grants. CDC and funded jurisdictions have used some of these funds to support IISs.
Several legislative proposals also address IISs. On November 30, 2021, the House passed the Immunization Infrastructure Modernization Act of 2021 (H.R. 550), which would authorize the HHS Secretary to expand, enhance, and improve IISs administered by SLTT government agencies. H.R. 550 would authorize a grant program for SLTT agencies that would fund myriad activities to improve and standardize IIS technology and data practices. As a condition of funding receipt, the SLTT agencies would need to comply both with new data and technology standards required by the bill to be developed by the HHS Secretary and with existing federal health information technology standards. If enacted, the bill would require the HHS Secretary to develop a strategy and implementation plan, and then to report to Congress on any implementation barriers, among other information. H.R. 550 would authorize a one-time appropriation of $400 million, available until expended.
Selected Policy Considerations
IISs and their current challenges raise several policy considerations for Congress, including the following:
As defined by the Centers for Disease Control and Prevention (CDC), immunization information systems (IISs) are "confidential, population-based, computerized databases that record all immunization doses administered by participating providers to persons residing within a given geopolitical area."1 These systems—based at the state, local, and territorial level—have long recorded information on routine vaccinations, and are now being used for information on Coronavirus Disease 2019 (COVID-19) vaccinations. This CRS report provides background on IISs, an overview of the role of IISs during the COVID-19 pandemic, an overview of data and technology challenges faced by IISs, a summary of legislative developments, and a discussion of further selected policy considerations.
Background: Immunization Information Systems
IISs, commonly referred to as immunization registries, are primarily governed by and operated under laws and policies at the state, local, territorial, and tribal (SLTT) level. IISs are typically housed in SLTT public health departments. There are currently 63 IISs in the United States, including in all 50 states, the District of Columbia (DC), four localities, five territories, and three freely associated states.2 The federal government, primarily though the CDC, which is based in the Department of Health and Human Services (HHS), supports these systems through grant funding, developing and promoting common IIS standards, and other activities.
Although they can serve many public health and policy purposes, IISs share several purposes:
Enabling consolidated immunization history records. People can get recommended vaccines in several locations—at a hospital, pediatrician's office, school, pharmacy, or a public health department. An IIS consolidates their immunization history in one place. Such immunization history records, which contain identifiable patient information, are generally accessible only to individuals with authorized access under the respective jurisdiction's laws and policies, such as the patient (or patient's parents or legal guardian) or a participating health care provider.3 The majority of jurisdictions allow certain other institutions, such as schools, to access IIS records to determine whether an individual has met that jurisdiction's immunization requirements.4
Enabling public health agencies to monitor and study immunizations at a population-level. Public health agencies can use aggregate IIS data to study immunization rates across the population, by demographic groups (e.g., age, sex/gender, or race/ethnicity groups), geographic location, or other variables. These aggregate data can allow public health agencies to target vaccination efforts, such as by targeting education and awareness efforts or by implementing community-based vaccination sites. IISs share de-identified (i.e., data with all identifiers, such as names and addresses, removed) data with CDC for national trend monitoring and studies of immunization rates.5
Enabling public health programs. Public health agencies can use IIS data in many ways. For example, during an outbreak of a vaccine-preventable disease, such as measles, an IIS can aid response by helping determine the immunization status of those exposed to the disease (identified through disease investigation and contact tracing) or by identifying geographic areas with low vaccination rates.6 IIS data can also support immunization program activities, such as reminder/recall programs, whereby public health agencies or health care providers use the IIS to remind individuals (by phone, text message, or mail) of an upcoming or overdue recommended vaccine dose.7
IISs can serve a number of additional purposes, such as supporting clinical decisionmaking and managing vaccine supplies.8 IISs can also aid with vaccine safety monitoring.9 The authorized uses of a given IIS are generally governed by law, regulations, and policy in the respective jurisdiction.
The use of IISs to improve immunization rates is considered a best practice in public health. For example, the Community Preventive Services Task Force—an independent, nonfederal panel of public health and prevention experts that makes evidence-based recommendations for public health programs—has recommended the use of IISs as a tool to increase vaccination rates, based on a review of over 200 studies.10
A U.S. measles epidemic from 1989 to 1991, where half of all cases occurred among unvaccinated preschool children, prompted concerns about whether U.S. immunization policies and programs effectively ensured that children received recommended immunizations on time.11 Many public and private organizations subsequently started programs to improve childhood immunization coverage. Starting in 1991, the Robert Wood Johnson Foundation (RWJF) launched the All Kids Count program, which funded a selected group of state and local jurisdictions to plan and implement population-based immunization registries. This effort initiated a movement to establish population-based IISs in all states—driven initially by philanthropic organizations. These population-based registries, which involved all participating providers in specific geographic areas, contrasted with the more prevalent member-based immunization registries operated by Healthcare Maintenance Organizations (HMO) prior to the All Kids Count effort, which included records on individuals enrolled in the HMO.12
Increased federal support for IISs began in 1992-1993, when CDC began awarding planning grants to develop immunization registries in every state.13 In April 1993, President Bill Clinton submitted the Comprehensive Childhood Immunization Initiative Act, a legislative proposal that would have, among other things, authorized a new state grant program to support immunization registries that fed into a national system.14 Though some provisions of the original bill were enacted in the Omnibus Budget Reconciliation Act of 1993 (P.L. 103-66), the immunization registry-related provisions were not.15 Still, with increases in CDC's general immunization cooperative agreement funding, many of the 64 jurisdictional grantees (see the text box below) began to use the federal immunization grant funding in the 1990s to support their IISs.16 CDC reported total allocations of $181.3 million for the development and implementation of a nationwide network of community- and state-based immunization registries from 1993 to 2001.17 By 2005, almost all states (except New Hampshire) and the District of Columbia had an operational population-based IIS.18 CDC immunization grant funding to support IIS programs has continued through the George W. Bush, Obama, and Trump Administrations and to this day.19
Jurisdictions have developed their IIS programs separately from one another. This approach has allowed IIS programs to experiment with different strategies and identify best practices. As a result, IISs have operated under a patchwork of different laws, regulations, and policies at the SLTT level, and have had different functionalities and data practices. In addition, IISs have operated on different technology platforms that are, in some cases, outdated or not fully interoperable with other IISs or the health care system.20 In the late 1990s, CDC, along with relevant stakeholders such as RWJF, began developing recommended common functional standards for IISs. These standards have been updated over the years and have evolved following major health information technology (HIT) reform pursuant to the Health Information Technology for Economic and Clinical Health Act (HITECH) enacted in 2009.21 Standards development efforts have generally focused on issues such as data quality and sharing, privacy and confidentiality, clinical decision support, and immunization program operations.22 In addition, the federal government has over the years undertaken a number of strategies, policies, and programs related to IISs—such as efforts aimed at improving data quality or informing programmatic uses.23
|
CDC's Immunization and Vaccines for Children Cooperative Agreement CDC's Immunization and Vaccines for Children Cooperative Agreement program (hereinafter "Immunization Cooperative Agreement"), which dates back to the Vaccine Assistance Act enacted in 1962, awards annual cooperative agreements (a type of grant) to 64 awardees that include all 50 states, the District of Columbia, five large cities, five U.S. territories, and three freely associated states. These grants support the infrastructure for immunization programs, including by supporting public health vaccination clinics; education and awareness; vaccine storage and delivery systems; data systems (including IISs); and provider outreach and training, among other uses of funds. Awardees have some flexibility to expend funds based on their priorities; therefore, the amount of annual grant funding that goes toward IIS-related activities varies by jurisdiction. These grants fund all 63 IIS programs, though the IIS jurisdictions differ from the Immunization Cooperative Agreement awardee jurisdictions. Sixty-one of the 64 awardees operate IISs for their jurisdictions; two localities (San Diego and San Joaquin County) that operate IISs receive pass-through funding from their state. Three cities (Chicago, Houston, and San Antonio) that receive Immunization Cooperative Agreements participate in their states' IIS programs. The program is funded by (1) annual appropriations in the Labor, HHS, Education, and Related Agencies Appropriations Act as authorized by PHSA Section 317 (42 U.S.C. §247b) and (2) a portion of mandatory funding from the Vaccines for Children (VFC) program under Social Security Act Section 1928 (42 U.S.C. §1396s). VFC is a CDC-administered and Medicaid-financed program that provides vaccines at no cost to eligible children. The Immunization Cooperative Agreement comprises both the portion of VFC funds for program operations and infrastructure combined with the annual grant funding pursuant to PHSA Section 317. Base annual funding levels for each jurisdiction are determined by a population-based formula. See "Protecting the Public's Health: Critical Functions of the Section 317 Immunization Program—A Report of the National Vaccine Advisory Committee," Public Health Reports, vol. 128 (March 2013). For the latest cooperative agreement guidance, see CDC, "Immunization and Vaccines for Children," CDC-RFA-IP19-1901, https://www.grants.gov/web/grants/view-opportunity.html?oppId=309317. |
IISs were originally developed for childhood immunizations; however, in many jurisdictions IIS programs have expanded to include adolescent and adult immunizations. IISs are also being used to record COVID-19 vaccination data (see the "IISs in the COVID-19 Vaccination Program" section of this report). According to a CDC survey of IISs, the percentage of the population represented in IISs at the national level (excluding territories) in 2020 by age group were24
Many IISs currently link automatically to jurisdictions' birth records to establish and create a consolidated immunization history record in the IIS for individuals born in that jurisdiction.'25
In the years preceding the COVID-19 pandemic, the federal government supported IISs in the following key ways:
Funding. Jurisdictions receive federal funds, such as through CDC's Immunization Cooperative Agreement (see the text box above) and other grants, to support the development and operation of their IISs.26 According to the most recent CDC five-year cooperative agreement guidance starting in 2019, all jurisdictions have received an annual base award to support general immunization activities. Jurisdictions are directed to use these funds to implement CDC IIS Functional Standards (see below) and evaluate IIS performance, among other activities. Some jurisdictions have received additional funding under the cooperative agreement to support specific IIS projects.27 Less than 50% of jurisdictions use local or state funding for IIS maintenance, operations, and enhancements, according to the American Immunization Registry Association (AIRA).28
Standards development and promotion. CDC has played a key role in developing operational and technical standards for IISs (see the "Brief History" section of this report). The Immunization Information System (IIS) Functional Standards (version 4.1, 2019), identify key IIS functions, operations, and practices to ensure consistency and quality across jurisdictions.29 The CDC immunization cooperative agreement guidance directs grantees to conduct activities that meet the functional standards, but it does not require them to meet all the standards as a condition of funding.30 In addition, CDC helps develop and disseminate best practices for specific IIS operations and functions.31
Health IT and electronic health record (EHR)-related efforts. Following enactment of the HITECH Act, several Centers for Medicare & Medicaid Services (CMS) programs have incentivized health care providers and states to adopt EHR systems and IISs that enable interoperability (i.e., automated and secure electronic data sharing) between IISs and health care providers.32 In addition, CDC, with the Office of the National Coordinator for Health Information Technology (ONC) and other HHS operating divisions, has sought, through various efforts, to improve interoperability between IISs in different jurisdictions and with health care providers. IIS program participation is voluntary.33
CDC can receive de-identified, aggregate data from IISs and use that information to analyze and study national immunization trends. CDC also regularly surveys and evaluates the IISs.34 In addition, various CDC and National Vaccine Program Office efforts have set overall strategies and goals related to IISs.35
Selected IIS Laws, Regulations, and Policies
This section provides an overview of selected characteristics of SLTT IIS laws, regulations, and policies, as well as certain federal laws, regulations, and policies that affect IISs. Laws and policies regarding IISs vary widely across jurisdictions and change over time. Moreover, jurisdictions can change IIS data reporting and sharing requirements under emergency authorities and declarations.36
All jurisdictions that operate IISs have laws, regulations, and policies regarding which immunizations must be reported by providers to the respective IIS and what data are to be reported for each of these immunizations. Jurisdiction-level reporting requirements differ in many ways, including37
Furthermore, jurisdictions have different enforcement authorities and approaches for failures to report.
Privacy, Confidentiality, and Security
A complex regime of laws, regulations, and policies at the federal, state, and local levels governs the privacy and confidentiality of data in IISs. These privacy and confidentiality protections can vary by IIS program and jurisdiction. Most states have health privacy laws and IIS-specific laws. These laws generally inform which information may be collected by a given IIS program, how the information must be stored, who may access the information, authorized uses of the information, and how the information can be disclosed. The privacy and confidentiality frameworks for IISs generally reflect a balance between protecting the privacy of patients' personal health information and allowing IISs to function in ways that improve immunization coverage.38
The primary federal regulation that governs the privacy of protected health information (PHI)—the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule39—describes the circumstances under which HIPAA-covered entities, such as health care facilities, are permitted to use or disclose PHI. The Privacy Rule permits covered entities to disclose, without individual authorization, PHI to a public health authority (such as a state health department) authorized by law to collect or receive such information for the purpose of preventing or controlling disease.40 In addition, covered entities are permitted to disclose PHI without individual authorization pursuant to a requirement in law.41 In some cases, the interactions of privacy laws at different levels of government and their application to different entities can create confusion and affect IIS activities. For example, in some instances, misinterpretations of the Privacy Rule have the effect of limiting the data that providers are willing to share with IISs.42
CDC's current functional standards direct IIS programs to "implement written and approved confidentiality policies that protect the privacy of individuals whose data are contained in the system," and ensure that the IIS is "physically and digitally secured in accordance with industry standards for protected health information, security, encryption, uptime, and disaster recovery."43 Nonfederal organizations, such as the American Immunization Registry Association (AIRA), publish more detailed guidance on recommended practices for ensuring IIS privacy, confidentiality, and security.44 Currently, adherence to such standards and guidance is up to each IIS program, though adherence is encouraged by CDC immunization cooperative agreements.
Laws, regulations, and policies at the jurisdictional level inform both how data are shared to IISs and under what permissions, and how IISs can share data with other systems.
Consent to Share Immunization Information
Patient consent models for sharing information vary by jurisdiction. In many jurisdictions, immunization data are shared to an IIS on the basis of implied patient consent, often with a right to opt-out (i.e., to exclude or remove immunization information from the IIS). Some jurisdictions do not allow for or restrict a patient's option to opt-out. A few jurisdictions require explicit patient consent ("opt in") to share data.45
Data Sharing Between IISs in Different Jurisdictions
As of 2012, a portion of jurisdictions (36 of 52)46 had authority to transmit or allow access to IIS data across state borders. For some jurisdictions (15), this authority derived from data-sharing agreements only (rather than from statute or regulation). Of the programs surveyed at that time, 24 did not share data across state borders.
IISs in the COVID-19 Vaccination Program
The COVID-19 vaccination program is an unprecedented effort to rapidly vaccinate a large number of eligible people across the country. As such, the program required planning by public health agencies at different levels of government well before vaccines were authorized for use. IISs are being leveraged to consolidate multidose COVID-19 vaccination records for specific individuals (available only to authorized users), to remind individuals of follow-up doses, and to monitor vaccination rates across the population using aggregate data.47 IISs played similar roles during the 2009 H1N1 influenza pandemic.48
Starting as early as fall 2020, CDC began working with jurisdictions to prepare and improve their IIS programs for COVID-19-related data collection, funded by COVID-19 supplemental funding awards. COVID-19 vaccine providers are generally required to report specified data to their respective jurisdictional IIS (see the text box below). One priority for this vaccination campaign has been to ensure that providers that had not typically administered vaccines or reported to IISs prior to the pandemic—such as pharmacies, long-term care facilities, and mass vaccination sites—were trained and capable of doing so.49 Also, as part of the Trump Administration's Operation Warp Speed, several federal efforts through CDC and the Department of Defense created new data platforms and sharing systems to (1) enable new providers and mass vaccination sites to report vaccination data; (2) facilitate data sharing between federal health care programs (e.g., the Veterans Health Administration), providers, and IISs in different jurisdictions; and (3) create new data analytic functionalities and tools that could aid in monitoring and analyzing vaccination coverage.50
Some of these efforts generated controversy. In late 2020, CDC requested that jurisdictions submit certain personally identifiable information (PII) on vaccine recipients to CDC's data clearinghouse (DCH; see the text box below). The PII was to be automatically secured and encrypted. According to CDC, the identifiable data submission would allow the agency "to assess and verify second-dose vaccination, to assess vaccine safety, and to allow for critical vaccine effectiveness monitoring."51 CDC and HHS generally would not have access to the PII in the system, but they would have access to de-identified aggregate vaccination data generated from the system.52 Several state officials questioned or criticized this data request.53 State associations, such as National Governors Association and the Association of State and Territorial Health Officials, questioned why the federal government needed PII.54 In addition, some states asserted that their laws did not allow them to share PII from IISs with the federal government.55 Accordingly, CDC signed data-sharing agreements specific to each jurisdiction, many of which have limited the PII that jurisdictions share with CDC's DCH.56
Despite efforts to prepare, improve, and invest in IISs for the COVID-19 response, the large volume of data collected during the pandemic has reportedly overwhelmed the capabilities of some IISs and exacerbated long-standing problems with their technology, staffing, and functioning, as explained in the next section.57
|
COVID-19 Vaccination Reporting Requirements Per the CDC COVID-19 Vaccination Program Provider Agreement, providers that administer COVID-19 vaccines must document specified vaccine administration data in their medical record systems within 24 hours of administration and use their best efforts to report vaccine administration data to the relevant system for the jurisdiction (i.e., the IIS) as soon as practicable and no later than 72 hours after administration. (Information current as of December 28, 2021; requirements are subject to change.) These IISs then report vaccine administration data to CDC. Some jurisdictions have their own requirements for reporting COVID-19 vaccination data to an IIS. CDC encourages providers to submit data directly to the respective IIS whenever possible. However, in some instances, providers such as national retail pharmacies (e.g., CVS) submit data to CDC's Immunization Data Clearinghouse (DCH), which encrypts and preserves the privacy of submitted data to enable a secure data exchange between IISs and providers. (CDC and HHS generally do not have access to PII in the system.) For such multistate organizations, submitting to one system can be easier than establishing many connections with each jurisdictional IIS. |
IIS Data and Technology Challenges
Given that many IISs were established in the 1990s, some IISs still rely on legacy software and technology. In addition, because these systems are jurisdiction-based, their technology varies and they are not based on any one platform.58 No policy is in place to require that IISs programs adhere to common technical or operational standards, though CDC encourages IIS programs to meet its functional standards. States and other jurisdictions have implemented different functional standards according to their priorities, and many IISs have not achieved all of CDC's functional standards.59 This may have contributed to the following data and technology challenges, reportedly exacerbated during the COVID-19 pandemic:
Technology. Because IISs have been developed separately at the jurisdictional level, different systems rely on different technology and staffing, with different functionalities and scalability. Not all IISs use up-to-date IT standards to ensure secure and scalable data sharing and storage.60 One 2019 analysis found that a quarter of all IISs were out-of-date and in need of major changes to meet current IT standards. The analysis also found that the other IISs would face increased costs in ensuing years associated with ongoing IT modernization. The analysis noted increasing costs associated with servers, technical support, user onboarding, quality control, and compensation for skilled software developers.61
Connections with health care providers. As noted, many health departments worked to enroll new providers to report to their respective IIS as a part of the COVID-19 vaccination program. Prior to the pandemic, not all vaccine providers were connected to their respective IIS and reporting requirements were not consistently enforced.62 In some cases, providers relied on manual paper-based or online forms to report to their IIS—adding an administrative burden.63 In recent years, with CMS programs that support health IT interoperability efforts and incentives, much of the IIS reporting has been automated through electronic health records (EHRs), though not all.64 Connections between IISs and EHRs also have not been uniformly "bidirectional," meaning that health care providers cannot always readily access complete and accurate records for their patients in their EHR system.65
Data sharing between jurisdictions and federal health care providers (e.g., Veterans Health Administration, VA). Because people may get vaccinated in more than one state, the IIS record on one person in any one state may be incomplete. The COVID-19 pandemic has highlighted this issue, as it has proven difficult in some instances to consolidate and reconcile information on doses received in different jurisdictions. (This issue may have contributed to discrepancies in CDC national vaccine data reported in December 2021.66) Challenges with sharing IIS data across state lines was an issue before the pandemic. For example, a 2015 measles outbreak in California, linked to exposures at Disneyland, involved over 100 cases in 14 different states, challenging health departments and health care providers in determining the immunization status of all potentially exposed and infected individuals. Following this incident, the National Vaccine Advisory Committee recommended that HHS address technical and legal barriers to interjurisdictional data exchange.67
IIS data sharing with federal health care systems, such as with VA and Department of Defense (DOD) facilities, has also been an issue. Although HHS has sought to facilitate interjurisdictional data exchange in recent years, not all IIS programs have participated in these efforts, especially prior to the pandemic.68 (These efforts have focused on facilitating data exchange between different jurisdictions, and between jurisdictions and federal or multistate health care providers, but not with CDC or HHS. For example, the cross-jurisdictional data-sharing system, the IZ Gateway, is housed on a nonfederal platform.69)
Data quality and completeness. Even when IISs collect data, the immunization history and other information collected for an individual may not be complete or may contain errors that affect data quality.70 In addition, not all IIS programs collect or report the same data elements. For example, during the COVID-19 pandemic, not all states have collected data about the race/ethnicity of vaccine recipients or shared such data with CDC. Some stakeholders have argued that this data limitation has affected the ability to understand disparities and equity in vaccination at a national level.71
Although several enacted laws have mentioned IISs, no enacted federal legislation has focused specifically on IISs.72 CDC and other HHS operating divisions have conducted activities related to IISs under general public health authorities, primarily in the Public Health Service Act (PHSA)—the compilation of statutes that authorize many of the activities of the U.S. Public Health Service Agencies in HHS (of which CDC is a component).73
There have been several legislative developments related to IISs in recent years. Several appropriations in the COVID-19 relief laws can support IIS activities of CDC and SLTT agencies, as summarized below.
In the 117th Congress, there are many bills related to IISs and vaccination data more generally.74 Some bills seek to improve data collection and sharing or otherwise strengthen IISs, such as the COVID-19 Delivery Act (H.R. 330/H.R. 936), Section 104 of the Cures 2.0 Act (H.R. 6000), and the Health STATISTICS Act of 2021 (H.R. 831). Other proposals seek to limit the collection and use of identifiable vaccination data and strengthen related federal privacy protections, such as H.R. 449 and the No Vaccine Passports for Americans Act (H.R. 3868 and S. 1932, similar to H.R. 2384). The section below provides more information on the Immunization Infrastructure Modernization Act of 2021 (H.R. 550)—an IIS-related bill that passed the House on November 30, 2021.
Several COVID-19 appropriations can support COVID-19 vaccination program efforts, including IIS-related activities. Earlier in the pandemic, before vaccines were available, CDC had received broad supplemental appropriations for its pandemic-related activities in March 2020 and used some of this funding for vaccination program grants and planning. Since then, CDC has received several appropriations specifically for vaccine-related activities.75
For efforts to "plan, promote, distribute, administer, monitor, and track COVID-19 vaccines," CDC received a total of $16.25 billion in FY2021, including $8.75 billion in the Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA), enacted in December, 2020 (P.L. 116-260, Division M), available until September 30, 2024, and $7.5 billion in the American Rescue Plan Act (ARPA; P.L. 117-2), Section 2301, enacted in March 2021, available until expended. ARPA Section 2301 specifies that CDC must use funds to support SLTT agencies, including for "information technology, standards-based data, and reporting enhancements, including improvements necessary to support standards-based sharing of data related to vaccine distribution and vaccinations and systems that enhance vaccine safety, effectiveness, and uptake, particularly among underserved populations," among other things.
Of the $8.75 billion in CRRSA, at least $4.5 billion is designated for SLTT grants (or cooperative agreements), of which $210 million must be transferred to the Indian Health Service, and a separate amount of not less than $300 million is designated for "high-risk and underserved populations, including racial and ethnic minority populations and rural communities." The ARPA provision directs CDC to award supplemental funding to eligible awardees that received grants under CRRSA based on a specified alternative formula.
Using these funds, CDC has awarded grants to jurisdictions that can be used to support IIS programs and operations.76 For example, under the $3 billion CDC funding allocation in January 2021, funded by CRRSA (P.L. 116-260, Division M), activities to "use immunization information systems to support efficient COVID-19 vaccination" are included among required activities by the grant. Allowable IIS-related activities under the grant include to "develop and enhance health information infrastructure and IIS upgrades to improve data quality and ensure robust reporting at the jurisdiction and federal level," among others.77 Additional related grants may be awarded to jurisdictions in the future with remaining unobligated funds.78
Immunization Infrastructure Modernization Act of 2021 (H.R. 550)
The Immunization Infrastructure Modernization Act of 2021 (H.R. 550) was introduced in the House on January 28, 2021. The bill was subsequently discussed in a House Energy and Commerce Committee hearing on June 15, 2021; marked up and ordered to be reported during a committee meeting on July 21, 2021; and reported to and passed by the House on November 30, 2021.79 The Senate has not considered a similar measure.
As passed by the House on November 30, 2021, H.R. 550 would amend PHSA Title XXVIII, National All-Hazards Preparedness for Public Health Emergencies,80 to add a new Section 2824 to the end of Subtitle C entitled "Immunization Information System Data Modernization and Expansion." H.R. 550 defines an immunization information system as "a confidential, population-based, computerized database that records immunization doses administered by any health care provider to persons within the geographic area covered by that database."81
The language in H.R. 550 is similar to legislation enacted in December, 2020 (P.L. 116-260, Division BB, Title III, Section 314), that similarly authorizes an HHS grant program for public health data modernization as PHSA Section 2823.82 In contrast to the enacted PHSA Section 2823, which addresses public health data modernization broadly, H.R. 550 focuses specifically on modernization of IISs.
The proposed new PHSA Section 2824 would direct the HHS Secretary to83
Expand, enhance, and improve IISs administered by health departments or other SLTT agencies and used by health care providers. Given that HHS agencies, such as CDC, already conduct activities related to IISs under general authorities, this authorization may serve to codify some existing activities.
Award grants or cooperative agreements to the health departments or other SLTT agencies that administer IISs, subject to the data and technology standards below. Among other things, the grants may be used to support IIS programs to (1) assess their technology and data infrastructure gaps; (2) enroll and train health care providers in an IIS; (3) improve secure data collection, exchange, maintenance, and analysis, including by improving data exchange across jurisdictions and simplifying reporting by health care providers; (4) ensure IISs are interoperable according to federal health IT standards; (5) support adoption of CDC functional standards and security standards; (6) procure updated software and technology; and (7) improve IIS functionalities such as outbreak response capabilities, clinical decision support, and vaccine supply management.
Designate data and technology standards that must be followed as a condition of receiving a funding award. The Secretary is required to prioritize standards that are developed by consensus-based organizations with input from the public and voluntary consensus-based standards bodies. The Secretary is also required to support a means of independent verification of the standards. In addition, the awardee must adhere to federal health IT standards reviewed and adopted under PHSA Section 3004 regarding standards for health information. This requirement to adhere to federal health IT standards may be waived if the Secretary determines that grant activities cannot otherwise be carried out within the applicable jurisdiction.
Provide technical assistance, as well as certification and training, related to IIS information exchange across jurisdictions and health care providers. The Secretary may use public-private partnerships for these efforts.
Report to Congress (1) a strategy and implementation plan within 90 days of enactment and (2) a follow-up report not later than a year after enactment. The strategy and implementation plan must identify the measures that the Secretary intends to take to update and improve IISs supported by CDC, and to carry out the activities supporting the expansion, enhancement, and improvement of SLTT IISs. In developing the plan, the Secretary is required to consult with stakeholders, such as health departments, professional medical and health associations, health information technology experts, other health care entities, and other public or private entities, as appropriate. For the follow-up report, the Secretary is required to describe any barriers to (1) reporting, interoperability, and information exchange, or (2) the effective establishment of a network to support immunization reporting and monitoring, and to make recommendations to address such barriers. The follow-up report must also include an assessment of immunization coverage and access to immunizations services, and any disparities and gaps in such coverage and access for medically underserved, rural, and frontier areas.
The section also authorizes a one-time, no-year appropriation of $400 million, to remain available until expended.
Selected Policy Considerations
In considering legislation related to IISs, Congress may consider the following policy considerations:
What is the long-term strategy for funding and financing IISs? As described above, CDC and other HHS operating divisions fund and support IISs in many ways, especially through annual Immunization Cooperative Agreement funding to 64 jurisdictions. Although jurisdictions can use these grants in part to support IIS-related activities, these flexible funds may be used for other competing priorities. One 2019 analysis found that IIS programs reported tighter federal and state budgets, which affected their ability to fund system upgrades and maintenance.84
As noted, funded jurisdictions can use some CDC supplemental COVID-19 grants, in part, to support IIS modernization and improvements. According to AIRA, many jurisdictions are using COVID-19 relief funds primarily to meet immediate programmatic needs during the pandemic.85 Different COVID-19 public health grants are available for different time periods; however, much of the relevant grant funding is available through 2024.86 Comprehensive, publicly available information on how states and other jurisdictions are spending their CDC COVID-19 grants is unavailable at this time. According to AIRA, IIS programs may be reluctant to spend the temporary supplemental funding on long-term investments, such as major software and technology upgrades, without assurance that future funding can sustain such investments.87
If the Immunization Infrastructure Modernization Act of 2021 (H.R. 550) is enacted and the authorized grant funding is later appropriated, jurisdictions may receive additional funding for IIS standardization and modernization under the one-time appropriation. Still, the long-term funding challenges may remain. One of CDC's recent IIS-related strategies is to "Sustain the IIS Community," which includes "diversifying mechanisms of financial support for IISs," and "identifying new ways to reduce costs and use existing resources effectively."88 Congress might consider its role in IIS sustainability. Could Congress consider dedicated annual funding for IISs? Can Congress encourage or incentivize state or private funding for IISs?
To what degree should the federal government support SLTT IIS programs? As noted earlier, fewer than 50% of jurisdictions have local or state funding for their IIS programs, according to AIRA.89 Given that IISs are primarily state- and local-based, to what extent should the federal government support these systems? Congress may consider whether grants under existing or new program authorizations should include a matching funds requirement in which jurisdictions invest in their own systems, and whether such a requirement could deter participation.
To what degree should the federal government standardize or inform SLTT IIS programs? Several legislative proposals, especially the Immunization Infrastructure Modernization Act of 2021 (H.R. 550), seek to standardize IIS programs to enable data quality and sharing. As currently written, H.R. 550 would give the HHS Secretary discretion to determine the required data and technology standards. If enacted, how does Congress provide oversight to ensure that the standards meet intended policy goals?
Separately from H.R. 550, what role should Congress play in informing the policies and activities of SLTT IIS programs? Some current legislative proposals seek to limit their ability to collect or use identifiable data (e.g., H.R. 3868 and S. 1932). Others seek to impose requirements on SLTT vaccination data collection and reporting (e.g., H.R. 330/H.R. 936 and S. 302). In considering any such proposal, Congress may weigh any benefits of national requirements and standards with any benefits of allowing SLTT governments autonomy over their own laws, policies and programs.
| 1. |
Centers for Disease Control and Prevention (CDC), "About Immunization Information Systems," June 2019, https://www.cdc.gov/vaccines/programs/iis/about.html. |
| 2. |
Department of Health and Human Services (HHS), "HHS Awards Funds to Expand Immunization Information Sharing Collaboration," press release, January 19, 2021, https://www.hhs.gov/about/news/2021/01/19/hhs-awards-funds-to-expand-immunization-sharing-collaboration.html and American Immunization Registry Association (AIRA), Literature Review: An Environmental Scan on Progress, Challenges, and Opportunities: Expanding Immunization Information Systems for Adults in the United States, July 2020, https://repository.immregistries.org/files/resources/60830f3e4ce88/iis_information_session_-_final.pdf. |
| 3. |
AIRA, "How IIS Support a Patient's Journey," https://repository.immregistries.org/files/resources/5caf7b197bf77/how_iis_support_a_patient_s_journey_infographic.pdf; and CDC, "Basics of Immunization Information Systems (IISs)," https://www.cdc.gov/vaccines/programs/iis/downloads/basics-immun-info-sys-iis-508.pdf. |
| 4. |
CDC, "Use of Immunization Information Systems for Determining Compliance with State School Entry Vaccination Requirements," April 2017, https://repository.immregistries.org/files/resources/59021ca544d52/aira_2017__6c__compliance_with_school_entry_vaccination_requirements__cdc__l__shaw.pdf. |
| 5. |
CDC, "About Immunization Information Systems," https://www.cdc.gov/vaccines/programs/iis/about.html. |
| 6. |
AIRA, "Using IIS to Support an Outbreak Response," April 14, 2020, https://repository.immregistries.org/files/resources/5e976b84c018b/outbreak_webinar.pdf. |
| 7. |
Adult and Child Consortium for Health Outcomes, University of Colorado, Conducting Centralized Reminder/Recall Using an Immunization Information System, 2019, https://repository.immregistries.org/files/resources/5d43264137042/accords_centralized_reminder-recall_toolkit.pdf. |
| 8. |
Lynn Gibbs Scharf, Rebecca Coyle, Kafayat Adeniyi, et al., "Current Challenges and Future Possibilities for Immunization Information Systems," Academic Pediatrics, vol. 21, no. 4S (May 2021); and National Vaccine Advisory Committee, "Protecting the Public's Health: Critical Functions of the Section 317 Immunization Program—A Report of the National Vaccine Advisory Committee," Public Health Reports, vol. 128 (March 2013). |
| 9. |
Association of State and Territorial Health Officials (ASTHO), "Summary: ASTHO Immunization Registries Summit," October 2010, https://astho.org/Programs/Immunization/Immunization-Registries-Summit-Summary/. |
| 10. |
Holly Groom, David Hopkins, Laura Pabst, et al., "Immunization Information Systems to Increase Vaccination Rates: A Community Guide Systematic Review," Public Health Management and Practice, vol. 21, no. 3 (May 2015), pp. 227-248. |
| 11. |
"The Measles Epidemic. The Problems, Barriers, and Recommendations. The National Vaccine Advisory Committee," Journal of the American Medical Association, vol. 11 (September 18, 1991), pp. 1547-1552, and Victoria A. Freeman and Gordon H. DeFriese, "The Challenge and Potential of Childhood Immunization Registries," Annual Review of Public Health, vol. 24 (2003), pp. 227-246. |
| 12. |
David Wood, Kristin N. Saarlas, and Moira Inkelas, "Immunization Registries in the United States: Implications for the Practice of Public Health in a Changing Health Care System," Annual Review of Public Health, 1999, pp. 231-255. |
| 13. |
CDC, "Initiative on Immunization Registries," Morbidity and Mortality Weekly Report, vol. 50, no. RR17 (October 5, 2001); and Public Health Informatics Institute (PHII), Funding: The Pursuit of Sustainability for IIS, July 2021, https://phii.org/wp-content/uploads/2021/07/iis_history_spotlight-_funding.pdf. |
| 14. |
Chester A. Robinson, Stephen J. Sepe, and Kimi F.Y. Lin, "The President's Child Immunization Initiative: A Summary of the Problem and the Response," Public Health Report, vol. 108, no. 4 (July 1993), pp. 419-425; and H.R. 1640 and S. 732 - Comprehensive Child Immunization Act of 1993 as introduced April 1, 1993, 103rd Congress. |
| 15. |
See Sections 13421 and 13422 in Title XIII of the Omnibus Budget Reconciliation Act of 1993, P.L. 103-66. |
| 16. |
Chester A. Robinson, Willard B. Evans, Joan Atchinson Mahanes, et al., "Progress on the Childhood Immunization Initiative," Public Health Reports, vol. 109, no. 5 (September 1994), and Victoria A. Freeman and Gordon H. DeFriese, "The Challenge and Potential of Childhood Immunization Registries." |
| 17. |
CDC, "Initiative on Immunization Registries." |
| 18. |
See progress reports on CDC, "MMWR Articles on Annual Report Data," October 28, 2013, https://www.cdc.gov/vaccines/programs/iis/annual-report-iisar/mmwr.html and National Vaccine Advisory Committee, Immunization Information Systems: NVAC Progress Report, February 2007, https://www.hhs.gov/sites/default/files/nvpo/nvac/reports/nvaciisreport20070911.pdf. |
| 19. |
For an overview of efforts funded in a given fiscal year, see the Immunization and Respiratory Diseases sections of CDC's Congressional Budget Justifications available at https://www.cdc.gov/budget/congressional-justifications/index.html. |
| 20. |
PHII, Balancing Autonomy and Collaboration: The Evolution of IIS Standards, December 2018, https://phii.org/sites/default/files/iis_s_history_spotlight-_autonomy_and_community.pdf. |
| 21. |
The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009 (P.L. 111-5) on February 17, 2009. |
| 22. |
Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 23. |
See, for example, CDC, "Initiative on Immunization Registries"; National Vaccine Advisory Committee, "Evaluation of the 2010 National Vaccine Plan Mid-course Review: Recommendations From the National Vaccine Advisory Committee: Approved by the National Vaccine Advisory Committee on February 7, 2017," Public Health Reports, vol. 132, no. 4 (July 2017); and The Office of the National Coordinator for Health Information Technology (ONC), Summary of the Public Health Immunization Data and Consumer Access Pilot Projects, September 2018, https://www.healthit.gov/sites/default/files/page/2018-09/IISCongressionalReport.pdf. |
| 24. |
CDC, "2020 IISAR Data Participation Rates," https://www.cdc.gov/vaccines/programs/iis/annual-report-iisar/2020-data.html. |
| 25. |
Daniel W. Martin, Elaine N. Lowery, Bill Brand, et al., "Immunization Information Systems: A Decade of Progress in Law and Policy," Public Health Management and Practice, vol. 21, no. 3 (May 2015); and CDC, "Immunization Information System (IIS) Functional Standards, v4.1," https://www.cdc.gov/vaccines/programs/iis/functional-standards/func-stds-v4-1.html. |
| 26. |
For a list of current funding sources, see National Academy for State Health Policy, Fact Sheet: Using New and Existing Federal Funds to Modernize Immunization Information Systems, November 22, 2021, https://www.nashp.org/using-new-and-existing-federal-funds-to-modernize-immunization-information-systems/#toggle-id-3. |
| 27. |
See CDC, "Immunization and Vaccines for Children," CDC-RFA-IP19-1901, https://www.grants.gov/web/grants/view-opportunity.html?oppId=309317. |
| 28. |
AIRA, Immunization Information System (IIS): Information Session, April 15, 2021, https://repository.immregistries.org/files/resources/60830f3e4ce88/iis_information_session_-_final.pdf. |
| 29. |
CDC, "Immunization Information System (IIS) Functional Standards, v4.1," https://www.cdc.gov/vaccines/programs/iis/functional-standards/func-stds-v4-1.html; and Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 30. |
CDC, "Immunization and Vaccines for Children," CDC-RFA-IP19-1901. |
| 31. |
See, for example, CDC, "MIROW: Modeling of Immunization Registry Operations Workgroup," June 7, 2019, https://www.cdc.gov/vaccines/programs/iis/activities/mirow.html. |
| 32. |
For an overview of related efforts see "Data Modernization-Background" section in CRS Report R46588, Tracking COVID-19: U.S. Public Health Surveillance and Data. See also ASTHO, Medicaid 75/25 Funding Fact Sheet for Immunization Information Systems, 2018, https://www.astho.org/Immunization/Documents/Medicaid-75-25-Funding-Fact-Sheet-for-Immunization-Information-Systems/. |
| 33. |
Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 34. |
Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 35. |
See, for example, CDC, "2018-2020 Immunization Information System (IIS) Strategic Plan," https://www.cdc.gov/vaccines/programs/iis/strategic-plan/iis-2018-2020.html; and National Vaccine Program Office (NVPO), "Vaccines, National Strategic Plan for the United States, 2021-2025," https://www.hhs.gov/sites/default/files/HHS-Vaccines-Report.pdf. |
| 36. |
The Network for Public Health Law, Legal Issues Related to Cross-Jurisdictional Sharing of State Immunization Information System Data, December 1, 2014, https://www.astho.org/Public-Policy/Public-Health-Law/Cross-Jurisdictional-Sharing-IIS-Data/. |
| 37. |
Daniel W. Martin, Elaine N. Lowery, Bill Brand, et al., "Immunization Information Systems: A Decade of Progress in Law and Policy," Public Health Management and Practice, vol. 21, no. 3 (May 2015). |
| 38. |
American Immunization Registry Association (AIRA), Confidentiality and Privacy: Considerations for Immunization Information Systems, September 2016. |
| 39. |
45 C.F.R. Part 164, Subpart E. |
| 40. |
45 C.F.R. §164.512. |
| 41. |
45 C.F.R. §164.512(a). |
| 42. |
Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 43. |
CDC, "Immunization Information System (IIS) Functional Standards, v4.1." |
| 44. |
See AIRA, Confidentiality and Privacy: Considerations for Immunization Information Systems, September 2016, and AIRA, Security Guidance: Considerations for Immunization Information Systems, June 2017, https://repository.immregistries.org/files/resources/595e4e25ab1b1/aira_security_guidance_-_final_new_logo.pdf. |
| 45. |
Daniel W. Martin, Elaine N. Lowery, Bill Brand, et al., "Immunization Information Systems: A Decade of Progress in Law and Policy," Public Health Management and Practice, vol. 21, no. 3 (May 2015); and Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 46. |
The study included 49 state and 3 local jurisdictions. See Daniel W. Martin et al., "Immunization Information Systems: A Decade of Progress in Law and Policy." |
| 47. |
CDC, "Section 11: COVID-19 Requirements for Immunization Information Systems or Other External Systems," Interim Playbook for Jurisdiction Operations, October 2021, pp. 38-41, https://www.cdc.gov/vaccines/imz-managers/downloads/COVID-19-Vaccination-Program-Interim_Playbook.pdf. |
| 48. |
Association of State and Territorial Health Officials (ASTHO), "Summary: ASTHO Immunization Registries Summit," October 2010, https://astho.org/Programs/Immunization/Immunization-Registries-Summit-Summary/. |
| 49. |
CDC, "Preparing IISs for COVID-19 Response," September 21, 2020, https://www.cdc.gov/vaccines/covid-19/reporting/downloads/Master-Awardee-Work-Plan.pdf. |
| 50. |
Operation Warp Speed, "From the Factory to the Front Lines: The Operation Warp Speed Strategy for Distributing a COVID-19 Vaccine," https://www.hhs.gov/sites/default/files/strategy-for-distributing-covid-19-vaccine.pdf, and information provided by CDC to CRS in December, 2020. For an overview of the data systems developed, see CRS Insight IN11584, Tracking COVID-19 Vaccines: U.S. Data Systems and Related Issues. |
| 51. |
CDC, "Data Use and Sharing Agreement to Support the United States Government's COVID-19 Emergency Response Jurisdiction Immunization and Vaccine Administration Data Agreement," p. 2, https://www.cdc.gov/vaccines/covid-19/reporting/downloads/vaccine-administration-data-agreement.pdf. |
| 52. |
CDC, "Data Use and Sharing Agreement to Support the United States Government's COVID-19 Emergency Response Jurisdiction Immunization and Vaccine Administration Data Agreement," https://www.cdc.gov/vaccines/covid-19/reporting/downloads/vaccine-administration-data-agreement.pdf. |
| 53. |
Sheryl Gay Stolberg, "Some States Balk after C.D.C. Asks for Personal Data of Those Vaccinated," The New York Times, December 8, 2020, https://www.nytimes.com/2020/12/08/us/politics/cdc-vaccine-data-privacy.html. |
| 54. |
HHS, "Answers to National Governors Association Questions on Vaccine Distribution and Planning," https://www.hhs.gov/sites/default/files/national-governors-association-questions-on-vaccine-distribution-planning.pdf; and the Association of State and Territorial Health Officials (ASTHO), "COVID-19 Immunization Data Reporting and Technology," February 2021, https://www.astho.org/COVID-19/Data-Reporting-and-Technology-Brief/. |
| 55. |
ASTHO, "COVID-19 Immunization Data Reporting and Technology," and Sheryl Gay Stolberg, "Some States Balk after C.D.C. Asks for Personal Data of Those Vaccinated." |
| 56. |
CRS communication with CDC in January 2021. For versions of the data-sharing agreements obtained by nonprofit groups under state public records laws, see Documenting COVID-19, "The CDC Data Project," https://documentingcovid19.io/cdc. CRS cannot verify the validity of these documents. |
| 57. |
Duke Margolis Center for Health Policy, National Governors Association, and NASHP, Modernizing Immunization Information Systems: Priorities and Considerations for Governors, September 2021, https://healthpolicy.duke.edu/sites/default/files/2021-09/Modernizing%20Immunization%20Information%20Systems.pdf. |
| 58. |
Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." and PHII, "IIS Technology Over Time: Impact and Changing Role," https://phii.org/wp-content/uploads/2021/07/iis_history_spotlight-_technology.pdf. |
| 59. |
Duke Margolis Center for Health Policy, National Governors Association, and NASHP, Modernizing Immunization Information Systems: Priorities and Considerations for Governors, September 2021, https://healthpolicy.duke.edu/sites/default/files/2021-09/Modernizing%20Immunization%20Information%20Systems.pdf. |
| 60. |
PHII, "IIS Technology Over Time: Impact and Changing Role," https://phii.org/wp-content/uploads/2021/07/iis_history_spotlight-_technology.pdf; CDC, "COVID-19 Vaccine IT Overview," https://www.cdc.gov/vaccines/covid-19/reporting/overview/IT-systems.html; and Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 61. |
Michael Popovich, Todd Watkins, and Belinda Baker, "A Model for Sustaining and Investing in Immunization Information Systems," Online Journal of Public Health Informatics, vol. 11, no. 2 (September 19, 2019). |
| 62. |
Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 63. |
Rebecca Cooper, Ariella Levinsohn, and Jill Rosenthal, "States Race to Create COVID-19 Vaccination Distribution Plans" National Academy for State Health Policy, October 12, 2021, https://www.nashp.org/states-race-to-create-covid-19-vaccination-distribution-plans/. |
| 64. |
PHII, "IIS Technology Over Time: Impact and Changing Role," https://phii.org/wp-content/uploads/2021/07/iis_history_spotlight-_technology.pdf. |
| 65. |
AIRA, "EHR and IIS: Their Differences and How They Work Together," https://repository.immregistries.org/files/resources/5caf7b197bf77/ehr_and_iis_infographic-0.pdf, and Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 66. |
Cecelia Smith-Schoenwalder and Sharon Lurye, "Uneven Reporting Raises Doubts About CDC Vaccination Numbers," U.S. News and World Report, December 21, 2021, and CDC, "Reporting COVID-19 Vaccinations in the United States," https://www.cdc.gov/coronavirus/2019-ncov/vaccines/reporting-vaccinations.html. |
| 67. |
National Vaccine Advisory Committee, "NVAC Statement of Support Regarding Efforts to Better Implement IIS-to-IIS Data Exchange Across Jurisdictions," vol. 130, no. 4 (July 2015), pp. 332-335. |
| 68. |
HHS Office of the Chief Technology Officer (CTO), "The Immunization Gateway," August 11, 2020, https://repository.immregistries.org/files/resources/5f3478b27ffc4/iz_gateway_aira_august_2020_final.pdf; and Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 69. |
CDC, "Immunization Gateway Overview," https://www.cdc.gov/vaccines/covid-19/reporting/iz-gateway/overview.html. |
| 70. |
Rebecca L. Weintraub, Laura Subramanian, Ami Karlage, et al., "COVID-19 Vaccine To Vaccination: Why Leaders Must Invest In Delivery Strategies Now," Health Affairs, vol. 40, no. 1 (November 19, 2020), and Lynn Gibbs Scharf et al., "Current Challenges and Future Possibilities for Immunization Information Systems." |
| 71. |
Caitlin Antonios, Mohar Chaterjee, Georgia Gee, et al., "Why Some States Won't Share Race and Ethnicity Data on Vaccinations with the CDC—and Why That's a Problem," The COVID Tracking Project, February 16, 2021. |
| 72. |
Specifically, the Patient Protection and Affordable Care Act (P.L. 111-148, as amended) in Section 4204 amended PHSA Section 317 to authorize a demonstration program for grants to states to improve immunization coverage; supporting IISs is mentioned as a possible use of the funds. In addition, the Pandemic and All-Hazards Preparedness and Advancing Innovation Act of 2019 (P.L. 116-22) amended PHSA Section 319D, the authorization for CDC/HHS's integrated biosurveillance network, to add "immunization information systems" as among the systems to be included in the network. |
| 73. |
42 U.S.C. §201 et seq. |
| 74. |
In a related development, The National Defense Authorization Act for Fiscal Year 2022 (P.L. 117-81) authorized a DOD system for tracking and recording information on vaccines administered by DOD health providers in Section 716. See CRS Insight IN11842, FY2022 NDAA: COVID-19 Vaccination-related Provisions. |
| 75. |
For an overview of public health funding in the COVID-19 relief laws, see CRS Report R46711, U.S. Public Health Service: COVID-19 Supplemental Appropriations in the 116th Congress, and CRS Report R46834, American Rescue Plan Act of 2021 (P.L. 117-2): Public Health, Medical Supply Chain, Health Services, and Related Provisions. |
| 76. |
NASHP, Fact Sheet: Using New and Existing Federal Funds to Modernize Immunization Information Systems, November 22, 2021, https://www.nashp.org/using-new-and-existing-federal-funds-to-modernize-immunization-information-systems/#toggle-id-3. |
| 77. |
CDC, "COVID-19 Vaccination Supplemental Funding: Funding for the Implementation and Expansion of the COVID-19 Vaccination Program," https://www.cdc.gov/vaccines/covid-19/downloads/vaccination-supplemental-funding.pdf. |
| 78. |
CRS In Focus IF11951, Domestic Funding for COVID-19 Vaccines: An Overview. |
| 79. |
See "All Actions" under Congress.gov, "H.R.550 - Immunization Infrastructure Modernization Act of 2021," accessed December 30, 2021, at https://www.congress.gov/bill/117th-congress/house-bill/550/all-actions; and House Energy and Commerce Committee, "Hearing on Booster Shot: Enhancing Public Health Through Vaccine Legislation," June 15, 2021, https://energycommerce.house.gov/committee-activity/hearings/hearing-on-booster-shot-enhancing-public-health-through-vaccine. |
| 80. |
Originally added by the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (P.L. 107-188). |
| 81. |
Subsection (f) of the proposed PHSA Section 2824 that would be established by H.R. 550. |
| 82. |
P.L. 116-260, Division BB, Title III, Section 314, amended the same PHSA subtitle that H.R. 550 would, adding PHSA Section 2823; 42 U.S.C. §300hh-33. |
| 83. |
The header for 2824(a) is "Expanding CDC and Public Health Department Capabilities," but all the provisions of H.R. 550 are directed to the HHS Secretary and do not reference the CDC Director. |
| 84. |
Michael Popovich, Todd Watkins, and Belinda Baker, "A Model for Sustaining and Investing in Immunization Information Systems," Online Journal of Public Health Informatics, vol. 11, no. 2 (September 19, 2019). |
| 85. |
CRS communication with AIRA representatives in January 2022. |
| 86. |
NASHP, Fact Sheet: Using New and Existing Federal Funds to Modernize Immunization Information Systems, November 22, 2021, https://www.nashp.org/using-new-and-existing-federal-funds-to-modernize-immunization-information-systems/#toggle-id-3. |
| 87. |
CRS communication with AIRA representatives in January 2022. |
| 88. |
CDC, "2018-2020 Immunization Information System (IIS) Strategic Plan," https://www.cdc.gov/vaccines/programs/iis/strategic-plan/iis-2018-2020.html#goal3. |
| 89. |
AIRA, Immunization Information System (IIS): Information Session, April 15, 2021, https://repository.immregistries.org/files/resources/60830f3e4ce88/iis_information_session_-_final.pdf. |