Countermeasure Tracking Systems
The Need for the Countermeasure and Response Administration
During a public health emergency, there is a need to manage information about the event, check availability of countermeasures, and know who has received them. Countermeasures may include pharmaceuticals such as vaccines, medical materials, and non-medical interventions such as community mitigation measures. Once countermeasures are received, there is a need to monitor their effectiveness or identify resulting adverse events. Post event, there is a need to analyze the information to better prepare for future emergencies.
What is the CRA system?
CDC’s Countermeasure and Response Administration (CRA) system is one tool public health partners may choose to manage administration and tracking activities within their jurisdictions to support a full range of all-hazards events. CRA tracks vaccine administration, medical and non-medical countermeasure dispensing at both the individual and aggregate levels during a public health event. The primary objective of the system is to increase the capacity of all levels of public health to track and manage countermeasures. In addition, CRA supports CDC’s cross-jurisdictional reporting needs by providing flexible methods for accepting data from other systems or by extracting summarized data.
CRA has its origins in the Pre-event Vaccination System (PVS) that was implemented nationwide to track and monitor the administration of smallpox vaccine as part of the National Smallpox Preparedness Program. Building from this success and with local, state, and CDC input, CRA has been expanded for national, state, and local use. CRA was utilized to track vaccine doses administered during the initial weeks of the 2009 H1N1 Vaccination Campaign.
CRA’s advanced capabilities helps ensure individuals receive recommended countermeasures by tracking and managing information on vaccinations, dispensing of pharmaceuticals or medical equipment, treatments and community mitigation measures. Key system capabilities include:
- Management of multiple simultaneous events and countermeasures
- Custom event creation and configuration
- Flexible data entry screens for doses administered/dispensed information
- Individual or aggregate level data collection
- Data extracts for jurisdictional reporting
- Synchronization of data from off-line deployments
The CRA system is a Web-based application deployed centrally at CDC via the secure data access method. It is Internet accessible, using any standard Web browser, and is available free of charge. In addition, CRA may be deployed offline, on a stand-alone basis, to support jurisdictional operations.
Current CRA Functionality
CRA version 1.11 was released in March 2010. This version includes the following enhancements:
- Import of Organizational Data
- Offline Installer Enhancements
- Generic Vaccine Type Enhancement
- Unique Patient CRA ID
What is the CRA system and what does it do?
The CRA system is an emergency preparedness and response asset useful for any event involving vaccine doses administered tracking, pharmaceuticals and medical materiel dispensing, or implementation of social distancing measures. CRA supports analysis of pharmaceutical safety, coverage, and effectiveness during an event which improves patient outcomes. CRA is a flexible all-hazards system that reduces the need for development of new applications each time there is a new event.
What if I have my own CRA system; how does it relate to CDC’s CRA application?
CDC is extremely supportive of partner’s using their own systems. During a national event, such as pandemic influenza, the need to provide information to CDC is likely to arise. To help provide such information, the CRA system offers ways for Project Areas to send data to CDC. The methods include file transfer (XML, pipe delimited) for the aggregate reporting anticipated for pandemic influenza and smallpox uploads. HL7 messaging for data exchange will be included in future versions.
How do I get started with CRA?
For those interested in adopting CDC’s CRA application, the CRA team is available to work with you to develop a plan. For additional assistance, contact the help desk at 800-532-9929 or e-mail PHINTech@cdc.gov.
Because of security requirements based on the sensitive nature of the information accessed, users are required to apply for digital certificates to use CRA. Digital certificates are assigned to individual people and reside on each machine that the individual uses to access CRA. However, certificates can be exported and moved to other machines as necessary. Administrator rights are required to install the digital certificates.
If users currently have a digital certificate for accessing another CDC application, they do not need to reapply for a digital certificate. They can apply for the CRA activity by visiting the SDN home page at https://sdn.cdc.gov, and by clicking on the "Request Additional Activities" link in the left pane of the Web page. A request for the Countermeasure and Response Administration Activity can be selected from a drop down menu on that page.
How does CRA help me meet my organization’s preparedness needs for events such as pandemic influenza or anthrax?
CRA offers several ways for users to meet their preparedness needs:
- For any event—CRA will allow partners to create their own events and add related countermeasures. The system will allow partners to track different countermeasures including vaccinations, treatments, and quarantine activities. In addition, CRA flexible treatment screens will be able to support a range of data collection requirements based on event-specific or local user needs.
- For pandemic influenza— Aggregate reporting has been added to report vaccine doses administered during a pandemic. An aggregate reporting capability has also been added for partners and Project Areas to report vaccine doses administered during an actual pandemic. Aggregate reporting can be accomplished either with the CRA application or via upload for those using their own state-based systems.
- Centralized versus decentralized deployment—CRA is a Web-based application deployed centrally at CDC via the Secure Data Network (SDN). It is Internet accessible using any standard Web browser and a CDC-issued digital certificate. CRA may be deployed offline on a stand-alone basis within a point of dispensing (POD) or during situations where the Internet is inaccessible. This capability will continue to be improved with simplified installation, automatic application updates, and the ability to synchronize collected data with the central database.
How do you account for the Health Insurance Portability and Accountability Act of 1996 (HIPAA) policy requirements for personal information privacy and ensure compliance?
The HIPAA privacy rule permits disclosure to public health authorities without further authorization. Covered entities are permitted to disclose Protected Health Information to public health authorities without patients’ authorization as defined at 45 C.F.R § 164.501 and as used in 45 C.F.R. § 164.512(b), Standards for Privacy of Individuality Identifiable Health Information, promulgated under HIPAA.
However, access to identifying data is tightly controlled within the CRA application. The level of access is determined by the requirements of the specific event. For instance, with the National Smallpox Preparedness Program and the monkeypox outbreaks, patient-identifying information was captured in the CRA application, then referred to Pre-Event Vaccination System (PVS) and made available only to jurisdictional users. Identifying data were not shared for national reporting. Data are transported, maintained, and stored using federal security methods which are consistent with the HIPAA security rule. Refer to www.cdc.gov/phin for more detail.
How is CRA meeting the requirements for PAHPA and HSPD-21?
In December 2006, Congress passed and the President signed the Pandemic and All-Hazards Preparedness Act (PAHPA). This Act provided new authorities for a number of programs, including the advanced development and acquisition of medical countermeasures; and called for the establishment of a quadrennial National Health Security Strategy. On October 18, 2007, the White House released Homeland Security Presidential Directive 21 (HSPD-21) establishing a “National Strategy for Public Health and Medical Preparedness.” This directive is an important and commendable development in national bio-defense policy. It offers clear strategic direction and is in keeping with the best professional judgments of many medical, public health, disaster response, and community engagement experts in and out of government. HSPD 21 establishes a Public Health and Medical Preparedness Task Force that comprises: The Secretaries of HHS, Homeland Security, Defense, State, Agriculture, Commerce, Labor, Transportation, and Veterans Affairs; the Directors of the Office of Management and Budget and National Intelligence; and the Attorney General. CRA is working on meeting the requirements set forth in both PAHPA and HSPD-21 by creating the framework and policies for sharing information on best practices and mechanisms for state and local governments to meet countermeasure dispensing time requirements. Additionally, the CRA application can be leveraged by non-federal stakeholders to increase their own capabilities for countermeasure administration. CRA has worked with multiple state and local jurisdictions on countermeasure administration exercises.
For more information, e-mail CRAHelp@cdc.gov.