SVIS - B:Functional Standards

ATTACHMENT B - IIS Functional Standards
Immunization Information System Functional Standards, 2013-2017
	
December 7, 2012

The purpose of this document is to define and provide supporting references to the Immunization Information
System (IIS) Functional Standards for 2013-2017. These standards have been developed by the Immunization
Information Systems Support Branch, CDC/NCIRD, through a consensus process involving input from a variety of
IIS managers and technical experts from across the U.S (Appendix A). In recognition of the growing importance of
IIS to the broader Health Information Technology landscape, the revised standards are intended to lay a
framework for the development of IIS through 2017. These standards supersede the “Minimum Functional
Standards for Registries” adopted by the National Vaccine Advisory Committee (NVAC) in 2001.
This document is divided into three main sections:




General Considerations delineates key background realities under which the Functional Standards should
be interpreted and implemented;
Programmatic Goals lays out the foundational goals that these Functional Standards are intended to
address; and
Functional Standards by Programmatic Goal, 2013-2017 describes specific standards that address each of
the Programmatic Goals.

General considerations
A.	 These functional standards are intended to identify operational, programmatic, and technical capacities
that all IIS should achieve by the end of 2017.
B.	 Some standards are environmental, and can only be implemented in conjunction with the broader
Department of Health or State/Local infrastructure. The Functional Standards are intended to reflect
necessary functions, whether those functions are implemented by the IIS program or others.
C.	 In some cases, current law or policy may preempt full implementation unless changed. In these
instances, an unmet standard may serve as a suggestion for possible revisions to such law or policy.
D.	 Metrics must capture IIS progress toward achieving the programmatic goals and functional standards in
accurate and meaningful ways. CDC will define the metrics with input from immunization programs.

Programmatic Goals
In the following paragraphs, references to U.S. Code, Healthy People 2020 Objectives, and other supporting
documents are referenced by bulleted, italicized text.
1.	 Support the delivery of clinical immunization services at the point of immunization administration,
regardless of setting.
Ultimately, the purpose of all immunization activities, including the IIS, is to ensure the appropriate
delivery of immunization services to all members of a population. Quality of care in immunization
services requires age-appropriate administration of vaccines to the individual patient in a clinical setting.
To accomplish this end, the IIS must provide access to quality, complete immunization data and clinical
decision support information, in a location and at a time where it can affect patient care.



42 USC 1396s(c)(2)(B)(i) – VFC Provider must comply with vaccine schedule with regard to periodicity,
dosage, and contraindications
Healthy People 2020 Immunization and Infectious Diseases (IID) Objective IID-1 – Reduce, eliminate, or
maintain elimination of cases of vaccine-preventable diseases

1


	
	

	
	
	

Healthy People 2020 Objective IID-7 - Achieve and maintain effective vaccination coverage levels for
universally recommended vaccines among young children
Healthy People 2020 Leading Health Indicator and Objective IID-8 - Increase the proportion of children
aged 19 to 35 months who receive the recommended doses of DTaP, polio, MMR, Hib, hepatitis B, varicella
and PCV vaccines
Healthy People 2020 Leading Health Indicator and Objective IID-11 – Increase routine vaccination coverage
levels for adolescents
Healthy People 2020 Leading Health Indicator and Objective IID-12 – Increase the percentage of children
and adults who are vaccinated annually against seasonal influenza
Healthy People 2020 Leading Health Indicator and Objective IID-13 – Increase the percentage of adults who
are vaccinated against pneumococcal disease

2.	 Support the activities and requirements for publicly-purchased vaccine, including the Vaccines for
Children (VFC) and state purchase programs.
The federal Vaccines for Children (VFC) entitlement program, authorized under §1396s of the U.S. Public
Health and Welfare Code (Title 42), represents a substantial portion of the pediatric vaccine administered
annually in the U.S. Properly configured, an IIS can assist providers and health departments with the
reporting and monitoring requirements of VFC, including:
	 Documenting VFC eligibility as required in 42 USC 1396s(c)(2)(A) (i) and (ii)
	 Providing data support for provider monitoring and site visits as required in Modules 5 and 9 of VFC
Operations Guide

	 Vaccine accountability, inventory, and tracking as required in Module 8 of VFC Operations Guide

3.	 Maintain data quality (accurate, complete, timely data) on all immunization and demographic
information in the IIS.
Ensuring that individuals receive all vaccines due, but no duplicative or unnecessary doses, requires that
complete immunization data be available to the vaccine provider. Likewise complete, non-duplicative
demographic information is vital to several IIS functions, including vaccine accountability and client
follow-up activities. Finally, locating such information in a comprehensive IIS enables the analysis
necessary to achieve population-wide protection against vaccine-preventable diseases.
	

	
	
	

42 USC 1396s(c)(2)(B)(i) – VFC Provider must comply with vaccine schedule with regard to periodicity,
dosage, and contraindications
Healthy People 2020 Objectives IID-7, 10, and 11 – Achieving and maintaining vaccine coverage levels
among young children, kindergarteners, and adolescents.
Healthy People 2020 Objective IID-17 – Increase the percentage of providers who have had vaccination
coverage levels among children in their practice population measured within the past year
Healthy People 2020 Objective IID-18, 19, & 20 – Increasing the proportion of children, kindergarteners, and
adolescents who have immunization records in fully operational, population-based immunization
information systems

4.	 Preserve the integrity, security, availability and privacy of all personally-identifiable health and
demographic data in the IIS.
As more individuals and programs depend on the IIS for critical information, the security and reliability of
the data, and the availability of the system itself, are vital. People who entrust their own information,
2


and that of their children, to an IIS need to be confident that data will be kept secure and private. Both
law and basic ethics mandate the IIS to maintain the highest standards of privacy and accountability
relating to the storage and release of sensitive personal information.
	 The Health Insurance Portability and Accountability Act (HIPAA) provides stringent guidance for the
protection of Personally-Identifiable Information (PII) and Protected Health Information (PHI). Although IIS
are commonly recognized as Public Health entities and may not be strictly covered under HIPAA, the
responsibility for strict confidentiality, privacy and security remain fundamental to IIS operations.

5.	 Provide immunization information to all authorized stakeholders.
IIS provide information to a wide range of stakeholders, including public and private care providers,
public health programs, emergency responders, and many others. The specifics of which entities or
users are authorized vary somewhat from state to state and are regulated in large measure by state and
local law or policy.

6.	 Promote vaccine safety in public and private provider settings
Maintaining the safety of administered vaccine involves two major activities: detailed monitoring of
vaccine administration, and adverse event reporting. Although it is rare, occasionally a problem is
identified with a specific manufacturer or lot of vaccine. Such problems may include the administration
of sub-potent vaccine requiring re-immunization, or association of a specific vaccine with adverse
outcomes. In either case, the detailed administration records in an IIS can greatly facilitate identifying all
recipients of that vaccine so proper follow-up can be initiated.
Additionally, the reporting of adverse events associated with vaccine administration is a crucial
component for the detection of potential issues with a vaccine. The detailed data in the IIS can greatly
streamline the process of adverse event reporting.
	 The National Childhood Vaccine Injury Act of 1986 (Public Law 99-660) created the National Vaccine Injury
Compensation Program (VICP) and the Vaccine Adverse Events Reporting System (VAERS), which require the
monitoring and reporting of adverse events possibly associated with vaccine administration.

3


Functional Standards by Programmatic Goal, 2013-2017
1.	 Support the delivery of clinical immunization services at the point of immunization administration,
regardless of setting.
1.1. The IIS provides individual immunization records accessible to authorized users at the point and time
where immunization services are being delivered.
1.2. The IIS has an automated function that determines vaccines due, past due, or coming due (“vaccine
forecast”) in a manner consistent with current !CIP recommendations; !ny deficiency is visible to the
clinical user each time an individual’s record is viewed;
1.3. The IIS automatically identifies individuals due/past due for immunization(s), to enable the production of
reminder/recall notifications from within the IIS itself or from interoperable systems.
1.4. When the IIS receives queries from other health information systems, it can generate an automatic
response in accordance with interoperability standards endorsed by CDC for message content/format
and transport.
1.5. The IIS can receive submissions in accordance with interoperability standards endorsed by CDC for
message content/format and transport.
2.	 Support the activities and requirements for publicly-purchased vaccine, including the Vaccines For Children
(VFC) and state purchase programs.
2.1. The IIS has a vaccine inventory function that tracks and decrements inventory at the provider site level
according to VFC program requirements.
2.2. The IIS vaccine inventory function is available to direct data entry users and can interoperate with EHR
or other inventory systems.
2.3. The IIS vaccine inventory function automatically decrements as vaccine doses are recorded.
2.4. Eligibility is tracked at the dose level for all doses administered.
2.5. The IIS interfaces with the national vaccine ordering, inventory, and distribution system (currently
VTrckS).
2.6. The IIS can provide data and/or produce management reports for VFC and other public vaccine

programs.

3.	 Maintain data quality (accurate, complete, timely data) on all immunization and demographic information
in the IIS.
3.1. The IIS provides consolidated demographic and immunization records for persons of all ages in its
geopolitical area, except where prohibited by law, regulation, or policy.
3.2. The IIS can regularly evaluate incoming and existing patient records to identify, prevent, and resolve
duplicate and fragmented records.
3.3. The IIS can regularly evaluate incoming and existing immunization information to identify, prevent, and
resolve duplicate vaccination events.
3.4. The IIS can store all IIS Core Data Elements (see Appendix B).
3.5. The IIS can establish a record in a timely manner from sources such as Vital Records for each newborn
child born and residing at the date of birth in its geopolitical area.
3.6. The IIS records and makes available all submitted vaccination and/or demographic information in a
timely manner.
4


3.7. The IIS documents active/inactive status of individuals at both the provider organization/site and
geographic levels.
4.	 Preserve the integrity, security, availability and privacy of all personally-identifiable health and
demographic data in the IIS.
4.1. The IIS program has written confidentiality and privacy practices and policies based on applicable law or
regulation that protect all individuals whose data are contained in the system.
4.2. The IIS has user access controls and logging, including distinct credentials for each user, least-privilege
access, and routine maintenance of access privileges.
4.3. The IIS is operated or hosted on secure hardware and software in accordance with industry standards
for protected health information, including standards for security/encryption, uptime and disaster
recovery.
5.	 Provide immunization information to all authorized stakeholders.
5.1. The IIS can provide immunization data access to healthcare providers, public health, and other
authorized stakeholders (e.g., schools, public programs, payers) according to law, regulation or policy.
5.2. The IIS can generate predefined and/or ad hoc reports (e.g., immunization coverage, vaccine usage, and
other important indicators by geographic, demographic, provider, or provider groups) for authorized
users without assistance from IIS personnel.
5.3. With appropriate levels of authentication, IIS can provide copies of immunization records to individuals
or parents/guardians with custodial rights.
5.4. The IIS can produce an immunization record acceptable for official purposes (e.g., school, child care,
camp).
6.	 Promote vaccine safety in public and private provider settings
6.1. Provide the necessary reports and/or functionality to facilitate vaccine recalls when necessary, including
the identification of recipients by vaccine lot, manufacturer, provider, and/or time frame
6.2. Facilitate reporting and/or investigation of adverse events following immunization.

5


Appendix A – Work Group Participants
2011 Work Group Members
Noam Arzt
HLN Consulting

Lisa Rasmussen
Arizona Department of Health Services

Janet Kelly
CDC Liaison

Emily Emerson
Minnesota Department of Health

Don Blose
Oklahoma State Department of Health

Joni Reynolds
Colorado Dept. of Public Health & Environment

Mary Beth Kurilo
Oregon Immunization ALERT

Michael Flynn
New York State Immunization Program
Bob Swanson
Michigan Dept. of Community Health

Nathan Bunker
Public Health Consultant

Jammie Johnson
North Carolina Immunization Registry

Dan Martin
CDC Liaison

Cecile Town
Indian Health Services

Rebecca Coyle
American Immunization Registry Association
2012 Work Group Members
Noam Arzt
HLN Consulting

Emily Emerson
Minnesota Department of Health

Nathan Bunker
Public Health Consultant

Michael Flynn
New York State Immunization Program

Janet Kelly
CDC/NCIRD/IISSB

Lora Santilli
New York State Immunization Program
President, AIRA

Mary Beth Kurilo
Oregon Immunization ALERT

Cecile Town
CDC, Indian Health Service

Alison Chi
American Immunization Registry Association

Therese Hoyle
Michigan Dept. of Community Health

Rebecca Coyle
American Immunization Registry Association (AIRA)

Jammie Johnson
North Carolina Immunization Registry

Dan Martin
CDC/NCIRD/IISSB

Gary Urquhart
CDC/NCIRD/IISSB

Lisa Rasmussen
Arizona Department of Health Services

Warren Williams
CDC/NCIRD/IISSB
6


Appendix B – IIS Core Data Elements
This appendix lists each of the core data elements that an IIS will be required to store and/or produce per
Functional Requirement 3.4 within the 2013-2017 timeframe. This is not a comprehensive list of all items that
external information systems such as EHRs, vital records, practice management or billing systems are expected to
store and send; that will likely be included in a future work effort. Where appropriate, the IIS may infer or auto
populate distinct values; actual architectural solutions will differ among systems.
* denotes new core data elements since last NVAC review (2007)
Patient ID (previously listed as “Medicaid Number”)

* Patient Telephone Number Type (e.g., home, cell)

* Patient ID: Assigning Authority ID (i.e., owning source)

* Patient E-mail Address

* Patient ID: Type (e.g., medical record number, IIS ID)

Patient status indicator—Provider facility level

Patient Name: First

Patient status indicator—IIS level

Patient Name: Middle

Vaccine Product Type Administered

Patient Name: Last

Vaccination Administration Date

Patient Alias Name: First

Vaccine Manufacture Name

Patient Alias Name: Middle

Vaccine Lot Number

Patient Alias Name: Last

Vaccine Expiration Date

Patient Date of Birth

* Vaccine dose volume and unit

Patient Gender

Vaccine Site of Administration

* Patient Multiple Birth Indicator

* Vaccine Route of Administration

Patient Birth Order

* Vaccine Ordering Provider Name

* Responsible Person Name: First

Vaccine Administering Provider Name


* Responsible Person Name: Middle

Vaccine Administering Provider Suffix (e.g., MD, RN, LPN)


* Responsible Person Name: Last
* Responsible Person Name: Relationship to Patient

Vaccination Event Information Source (i.e., administered

or historical)


Mother’s Name: First

VFC/grantee program vaccine eligibility at dose level


Mother’s Name: Middle

* VIS Type & Publication Date

Mother’s Name: Last

* VIS Date given to patient

Mother’s Name: Maiden Last

* Contraindication(s)/Precaution(s)

Patient Address: Street

* Contraindication(s)/Precaution(s) Observation Date(s)

Patient Address: City

* Exemption(s)/Parent Refusal(s) of Vaccine

Patient Address: State

* Date of Exemption/Parent Refusal of Vaccine

Patient Address: Country

* Vaccine Reaction(s)

Patient Address: Zipcode

History of vaccine preventable disease (e.g., varicella)

* Patient Address: County of Residence

* Date of History of Vaccine Preventable Disease

Race
Ethnicity
Birthing Facility Name
Patient Birth State
Patient Primary Language
Patient Telephone Number

7