There is a growing understanding of the important role that vaccination registries – or immunization information systems (IIS) – can provid in monitoring immunization rates and ensuring that individuals have all recommended vaccinations. The United States does not have a national IIS; instead, most states in the U.S. operate their own IIS, and each state maintains its own set of laws and policies that govern submission of data to the registry, as well as access to the data in registry. In general, personally identifiable data stored in a registry is confidential and may not be disclosed through public records requests. However, many states do permit specified entities to access immunization registry data. HIPAA contains a public health exception that allows providers to share patient data with a public health agency when the information is needed for public health purposes, even if the patient does not consent.
To learn more about state vaccine registries and patient confidentiality, we invite you to read our Fast Facts and Myth Busters on these topics below.
Fast Facts: Overview of State Immunization Registries and Patient Confidentiality
Myth Buster: Patient immunization records are kept in a national vaccine registry
Fast Facts: Sharing and Using Immunization Registry Data
Myth Buster: Health care providers must obtain parent consent under HIPAA to share child vaccination records with a state immunization registry
.png)