Skip directly to search Skip directly to A to Z list Skip directly to navigation Skip directly to page options Skip directly to site content

Immunization Information System (IIS) Functional Standards

In recognition of the growing importance of IIS to the broader Health Information Technology landscape, the 2001 IIS Minimum Functional Standards have been revised. The revised IIS Functional Standards were developed by the Immunization Information Systems Support Branch, CDC/NCIRD, through a consensus process involving input from a variety of IIS managers and technical experts from across the U.S. They are intended to lay a framework for the development of IIS through 2017, and supersede the “Minimum Functional Standards for Registries” adopted by the National Vaccine Advisory Committee (NVAC) in 2001. This document is the final version of the revised IIS Functional Standards for implementation by CDC-funded Immunization programs during the period 2013 to 2017.

IIS Functional Standards, 2013-2017, Printer-friendly version [7 pages], Table only [2 pages], Appendix B - Core Data Elements [1 page]

IIS Minimum Functional Standards, 2001-2012
Original Minimum Functional Standards for Registries, superseded by IIS Functional Standards 2013-2017

IIS Functional Standards, 2013-2017

The purpose of this document is to define and provide supporting references to the Immunization Information System (IIS) Functional Standards for 2013-2017. These standards have been developed by the Immunization Information Systems Support Branch, CDC/NCIRD, through a consensus process involving input from a variety of IIS managers and technical experts from across the U.S (Appendix A). In recognition of the growing importance of IIS to the broader Health Information Technology landscape, the revised standards are intended to lay a framework for the development of IIS through 2017. These standards supersede the “Minimum Functional Standards for Registries” adopted by the National Vaccine Advisory Committee (NVAC) in 2001.

This document is divided into three main sections:

General considerations

  1. These functional standards are intended to identify operational, programmatic, and technical capacities that all IIS should achieve by the end of 2017.
  2. Some standards are environmental, and can only be implemented in conjunction with the broader Department of Health or State/Local infrastructure. The Functional Standards are intended to reflect necessary functions, whether those functions are implemented by the IIS program or others.
  3. In some cases, current law or policy may preempt full implementation unless changed. In these instances, an unmet standard may serve as a suggestion for possible revisions to such law or policy.
  4. Metrics must capture IIS progress toward achieving the programmatic goals and functional standards in accurate and meaningful ways. CDC will define the metrics with input from immunization programs.
 Top of Page

Programmatic Goals

In the following paragraphs, references to U.S. Code, Healthy People 2020 Objectives, and other supporting documents are referenced by bulleted, italicized text.

1. Support the delivery of clinical immunization services at the point of immunization administration, regardless of setting.

Ultimately, the purpose of all immunization activities, including the IIS, is to ensure the appropriate delivery of immunization services to all members of a population. Quality of care in immunization services requires age-appropriate administration of vaccines to the individual patient in a clinical setting. To accomplish this end, the IIS must provide access to quality, complete immunization data and clinical decision support information, in a location and at a time where it can affect patient care.

  • 42 USC 1396s(c)(2)(B)(i) - VFC Provider must comply with vaccine schedule with regard to periodicity, dosage, and contraindications
  • Healthy People 2020 Immunization and Infectious Diseases (IID) Objective IID-1 - Reduce, eliminate, or maintain elimination of cases of vaccine-preventable diseases
  • Healthy People 2020 Objective IID-7 - Achieve and maintain effective vaccination coverage levels for universally recommended vaccines among young children
  • Healthy People 2020 Leading Health Indicator and Objective IID-8 - Increase the proportion of children aged 19 to 35 months who receive the recommended doses of DTaP, polio, MMR, Hib, hepatitis B, varicella and PCV vaccines
  • Healthy People 2020 Leading Health Indicator and Objective IID-11 - Increase routine vaccination coverage levels for adolescents
  • Healthy People 2020 Leading Health Indicator and Objective IID-12 - Increase the percentage of children and adults who are vaccinated annually against seasonal influenza
  • Healthy People 2020 Leading Health Indicator and Objective IID-13 - Increase the percentage of adults who are vaccinated against pneumococcal disease

2. Support the activities and requirements for publicly-purchased vaccine, including the Vaccines for Children (VFC) and state purchase programs.

The federal Vaccines for Children (VFC) entitlement program, authorized under §1396s of the U.S. Public Health and Welfare Code (Title 42), represents a substantial portion of the pediatric vaccine administered annually in the U.S. Properly configured, an IIS can assist providers and health departments with the reporting and monitoring requirements of VFC, including:

  • Documenting VFC eligibility as required in 42 USC 1396s(c)(2)(A) (i) and (ii)
  • Providing data support for provider monitoring and site visits as required in Modules 5 and 9 of VFC Operations Guide
  • Vaccine accountability, inventory, and tracking as required in Module 8 of VFC Operations Guide

3. Maintain data quality (accurate, complete, timely data) on all immunization and demographic information in the IIS.

Ensuring that individuals receive all vaccines due, but no duplicative or unnecessary doses, requires that complete immunization data be available to the vaccine provider. Likewise complete, non-duplicative demographic information is vital to several IIS functions, including vaccine accountability and client follow-up activities. Finally, locating such information in a comprehensive IIS enables the analysis necessary to achieve population-wide protection against vaccine-preventable diseases.

  • 42 USC 1396s(c)(2)(B)(i) - VFC Provider must comply with vaccine schedule with regard to periodicity, dosage, and contraindications
  • Healthy People 2020 Objectives IID-7, 10, and 11 - Achieving and maintaining vaccine coverage levels among young children, kindergarteners, and adolescents.
  • Healthy People 2020 Objective IID-17 - Increase the percentage of providers who have had vaccination coverage levels among children in their practice population measured within the past year
  • Healthy People 2020 Objective IID-18, 19, & 20 - Increasing the proportion of children, kindergarteners, and adolescents who have immunization records in fully operational, population-based immunization information systems

4. Preserve the integrity, security, availability and privacy of all personally-identifiable health and demographic data in the IIS.

As more individuals and programs depend on the IIS for critical information, the security and reliability of the data, and the availability of the system itself, are vital. People who entrust their own information, and that of their children, to an IIS need to be confident that data will be kept secure and private. Both law and basic ethics mandate the IIS to maintain the highest standards of privacy and accountability relating to the storage and release of sensitive personal information.

  • The Health Insurance Portability and Accountability Act (HIPAA) provides stringent guidance for the protection of Personally-Identifiable Information (PII) and Protected Health Information (PHI). Although IIS are commonly recognized as Public Health entities and may not be strictly covered under HIPAA, the responsibility for strict confidentiality, privacy and security remain fundamental to IIS operations.

5. Provide immunization information to all authorized stakeholders.

IIS provide information to a wide range of stakeholders, including public and private care providers, public health programs, emergency responders, and many others. The specifics of which entities or users are authorized vary somewhat from state to state and are regulated in large measure by state and local law or policy.

6. Promote vaccine safety in public and private provider settings

Maintaining the safety of administered vaccine involves two major activities: detailed monitoring of vaccine administration, and adverse event reporting. Although it is rare, occasionally a problem is identified with a specific manufacturer or lot of vaccine. Such problems may include the administration of sub-potent vaccine requiring re-immunization, or association of a specific vaccine with adverse outcomes. In either case, the detailed administration records in an IIS can greatly facilitate identifying all recipients of that vaccine so proper follow-up can be initiated.

Additionally, the reporting of adverse events associated with vaccine administration is a crucial component for the detection of potential issues with a vaccine. The detailed data in the IIS can greatly streamline the process of adverse event reporting.

  • The National Childhood Vaccine Injury Act of 1986 (Public Law 99-660) created the National Vaccine Injury Compensation Program (VICP) and the Vaccine Adverse Events Reporting System (VAERS), which require the monitoring and reporting of adverse events possibly associated with vaccine administration.
 Top of Page

Functional Standards by Programmatic Goal, 2013-2017

Printer Friendly Version of Table only [2 pages]

  1. Support the delivery of clinical immunization services at the point of immunization administration, regardless of setting.

    1.1 The IIS provides individual immunization records accessible to authorized users at the point and time where immunization services are being delivered.

    1.2 The IIS has an automated function that determines vaccines due, past due, or coming due (“vaccine forecast”) in a manner consistent with current ACIP recommendations. Any deficiency is visible to the clinical user each time an individual’s record is viewed.

    1.3 The IIS automatically identifies individuals due/past due for immunization(s), to enable the production of reminder/recall notifications from within the IIS itself or from interoperable systems.

    1.4 When the IIS receives queries from other health information systems, it can generate an automatic response in accordance with interoperability standards endorsed by CDC for message content/format and transport.

    1.5 The IIS can receive submissions in accordance with interoperability standards endorsed by CDC for message content/format and transport.

  2. Support the activities and requirements for publicly-purchased vaccine, including the Vaccines For Children (VFC) and state purchase programs.

    2.1 The IIS has a vaccine inventory function that tracks and decrements inventory at the provider site level according to VFC program requirements.

    2.2 The IIS vaccine inventory function is available to direct data entry users and can interoperate with EHR or other inventory systems.

    2.3 The IIS vaccine inventory function automatically decrements as vaccine doses are recorded.

    2.4 Eligibility is tracked at the dose level for all doses administered.

    2.5 The IIS interfaces with the national vaccine ordering, inventory, and distribution system (currently VTrckS).

    2.6 The IIS can provide data and/or produce management reports for VFC and other public vaccine programs.

  3. Maintain data quality (accurate, complete, timely data) on all immunization and demographic information in the IIS.

    3.1 The IIS provides consolidated demographic and immunization records for persons of all ages in its geopolitical area, except where prohibited by law, regulation, or policy.

    3.2 The IIS can regularly evaluate incoming and existing patient records to identify, prevent, and resolve duplicate and fragmented records.

    3.3 The IIS can regularly evaluate incoming and existing immunization information to identify, prevent, and resolve duplicate vaccination events.

    3.4 The IIS can store all IIS Core Data Elements (see Appendix B).

    3.5 The IIS can establish a record in a timely manner from sources such as Vital Records for each newborn child born and residing at the date of birth in its geopolitical area.

    3.6 The IIS records and makes available all submitted vaccination and/or demographic information in a timely manner.

    3.7 The IIS documents active/inactive status of individuals at both the provider organization/site and geographic levels.

  4. Preserve the integrity, security, availability and privacy of all personally-identifiable health and demographic data in the IIS.

    4.1 The IIS program has written confidentiality and privacy practices and policies based on applicable law or regulation that protect all individuals whose data are contained in the system.

    4.2 The IIS has user access controls and logging, including distinct credentials for each user, least-privilege access, and routine maintenance of access privileges.

    4.3 The IIS is operated or hosted on secure hardware and software in accordance with industry standards for protected health information, including standards for security/encryption, uptime and disaster recovery.

  5. Provide immunization information to all authorized stakeholders.

    5.1 The IIS can provide immunization data access to healthcare providers, public health, and other authorized stakeholders (e.g., schools, public programs, payers) according to law, regulation or policy.

    5.2 The IIS can generate predefined and/or ad hoc reports (e.g., immunization coverage, vaccine usage, and other important indicators by geographic, demographic, provider, or provider groups) for authorized users without assistance from IIS personnel.

    5.3 With appropriate levels of authentication, IIS can provide copies of immunization records to individuals or parents/guardians with custodial rights.

    5.4 The IIS can produce an immunization record acceptable for official purposes (e.g., school, child care, camp).

  6. Promote vaccine safety in public and private provider settings

    6.1 Provide the necessary reports and/or functionality to facilitate vaccine recalls when necessary, including the identification of recipients by vaccine lot, manufacturer, provider, and/or time frame

    6.2 Facilitate reporting and/or investigation of adverse events following immunization.

 Top of Page

Appendix A - Work Group Participants

2011 Work Group Members


Noam Arzt

HLN Consulting

Janet Kelly

CDC Liaison

Don Blose

Oklahoma State Department of Health

Mary Beth Kurilo

Oregon Immunization ALERT

Nathan Bunker

Public Health Consultant

Dan Martin

CDC Liaison

Rebecca Coyle

American Immunization Registry Association

Lisa Rasmussen

Arizona Department of Health Services

Emily Emerson

Minnesota Department of Health

Joni Reynolds

Colorado Dept. of Public Health & Environment

Michael Flynn

New York State Immunization Program

Bob Swanson

Michigan Dept. of Community Health

Jammie Johnson

North Carolina Immunization Registry

Cecile Town

Indian Health Services


2012 Work Group Members


Noam Arzt

HLN Consulting

Nathan Bunker

Public Health Consultant

Janet Kelly

CDC/NCIRD/IISSB

Mary Beth Kurilo

Oregon Immunization ALERT

Alison Chi

American Immunization Registry Association

Rebecca Coyle

American Immunization Registry Association (AIRA)

Dan Martin

CDC/NCIRD/IISSB

Lisa Rasmussen

Arizona Department of Health Services

Emily Emerson

Minnesota Department of Health

Michael Flynn

New York State Immunization Program

Lora Santilli

New York State Immunization Program
President, AIRA

Cecile Town

CDC, Indian Health Service

Therese Hoyle

Michigan Dept. of Community Health

Jammie Johnson

North Carolina Immunization Registry

Gary Urquhart

CDC/NCIRD/IISSB

Warren Williams

CDC/NCIRD/IISSB

 Top of Page

Appendix B - IIS Core Data Elements

Printer Friendly Version of Appendix B [1 page]

This appendix lists each of the core data elements that an IIS will be required to store and/or produce per Functional Requirement 3.4 within the 2013-2017 timeframe. This is not a comprehensive list of all items that external information systems such as EHRs, vital records, practice management or billing systems are expected to store and send; that will likely be included in a future work effort. Where appropriate, the IIS may infer or auto populate distinct values; actual architectural solutions will differ among systems.


Patient ID (previously listed as “Medicaid Number”)

* Patient ID: Assigning Authority ID (i.e., owning source)

* Patient ID: Type (e.g., medical record number, IIS ID)

Patient Name: First

Patient Name: Middle

Patient Name: Last

Patient Alias Name: First

Patient Alias Name: Middle

Patient Alias Name: Last

Patient Date of Birth

Patient Gender

* Patient Multiple Birth Indicator

Patient Birth Order

* Responsible Person Name: First

* Responsible Person Name: Middle

* Responsible Person Name: Last

* Responsible Person Name: Relationship to Patient

Mother’s Name: First

Mother’s Name: Middle

Mother’s Name: Last

Mother’s Name: Maiden Last

Patient Address: Street

Patient Address: City

Patient Address: State

Patient Address: Country

Patient Address: Zipcode

* Patient Address: County of Residence

Race

Ethnicity

Birthing Facility Name

Patient Birth State

Patient Primary Language

Patient Telephone Number

* Patient Telephone Number Type (e.g., home, cell)

* Patient E-mail Address

Patient status indicator—Provider facility level

Patient status indicator—IIS level

Vaccine Product Type Administered

Vaccination Administration Date

Vaccine Manufacture Name

Vaccine Lot Number

Vaccine Expiration Date

* Vaccine dose volume and unit

Vaccine Site of Administration

* Vaccine Route of Administration

* Vaccine Ordering Provider Name

Vaccine Administering Provider Name

Vaccine Administering Provider Suffix (e.g., MD, RN, LPN)

Vaccination Event Information Source (i.e., administered or historical)

VFC/grantee program vaccine eligibility at dose level

* VIS Type & Publication Date

* VIS Date given to patient

* Contraindication(s)/Precaution(s)

* Contraindication(s)/Precaution(s) Observation Date(s)

* Exemption(s)/Parent Refusal(s) of Vaccine

* Date of Exemption/Parent Refusal of Vaccine

* Vaccine Reaction(s)

History of vaccine preventable disease (e.g., varicella)

* Date of History of Vaccine Preventable Disease


Footnotes

* denotes new core data elements since last NVAC review (2007)

 Top of Page
Top