CDC IIS All Awardee Forum: IZ Gateway Deep Dive Q&As

The IZ Gateway is expected to be in place beyond the COVID-19 response and will be used to support future immunization tracking efforts.

Immunization program awardees are not required to participate in the IZ Gateway. However, the IZ Gateway will serve as an important tool for exchanging vaccine administration data for COVID-19 response and beyond. Connecting to the IZ Gateway will enable IISs to receive data from VAMS and from national providers, such as the Federal Bureau of Prisons and Department of Defense (DoD), as well as share data with CDC. CDC strongly encourages each jurisdiction to onboard to the IZ Gateway to experience its benefits.

We anticipate that most providers who are already connected to an IIS will not onboard to or query through the IZ Gateway. For national vaccination provider organizations and other vaccinators that are not currently sharing data with IISs (e.g., skilled nursing facilities, Federal Bureau of Prisons, and DoD), there are multiple benefits to participating in the IZ Gateway, including reporting and querying capabilities for vaccination history and recommendations. The IZ Gateway allows national vaccination providers a single point for exchanging data with participating IISs instead of multiple, individual, point-to-point IIS connections. IZ Gateway’s onboarding concierge services help provider organizations navigate local policy and technology variations per IIS jurisdiction. Functionality is currently being developed that will enable national providers onboarding to the IZ Gateway to query data from IISs in multiple jurisdictions.

Navigating interjurisdictional data sharing involves analyzing the jurisdiction’s unique laws and legal authority. The Network for Public Law (NPHL) team is available to answer policy questions, discuss legal concerns, and assist in identifying potential approaches to support immunization information exchange. Contact the IIS Info Mailbox at iisinfo@cdc.gov if your jurisdiction needs assistance.

Yes, the IIS-CDC agreement is distinct from the IIS-APHL DUA that is used when participating in the IZ Gateway. The IIS-CDC agreement is still being finalized and will be shared as soon as it is ready. The IIS-APHL DUA is between APHL and the jurisdiction and facilitates data sharing between the IIS and IZ Gateway.

Jurisdictions will need to have the IIS-CDC DUA for reporting in place by the time COVID-19 vaccine is available. CDC recognizes the timing for getting the IIS-CDC DUA in place is driven by the availability of the DUA to the IIS. CDC is working to make the agreement available as soon as possible.

No, jurisdictions will need to complete both the IIS-CDC DUA and the IIS-APHL DUA. One DUA cannot cover all aspects of data sharing and exchange for several reasons, including:

• The parties involved in the agreements differ. For example, the IIS-CDC DUA is between CDC and the jurisdiction. The IIS-APHL DUA is between the jurisdiction and APHL.
• The terms of the agreements differ, including:
  • What data will be shared between the parties
  • How data will be routed between the parties
  • Whether and how data will be stored and used by the parties

The interjurisdictional MOU allows for multijurisdictional data exchange through IZ Gateway Share. The current version of the MOU (dated July 2020) no longer has an Appendix A. While prior versions included this information, it is no longer required. The current version can be found on the ISD Awardees SharePoint in the IZ Gateway Agreement Templates folder.

No, jurisdictions must sign both the IIS-CDC DUA and the IIS-APHL DUA.

If an IIS is participating in IZ Gateway Connect, currently enrolled VFC and 317 providers need to sign the jurisdiction’s IIS-specific policy agreement(s) (e.g., provider site agreements, confidentiality agreements). If the provider is currently enrolled in the IIS, these agreements are likely already in place.

If a national provider organization opts to connect and send data through the IZ Gateway, the provider organization will need to sign a Business Associate Agreement (BAA) with APHL. Additional agreements may be required depending on the needs of the national provider organization.

No, jurisdictions are not responsible for collecting the IZ Gateway BAA with either the provider organizations or their EHR vendors. Provider organizations not onboarded to an IISs that want to participate in the IZ Gateway will coordinate directly with APHL to complete the BAA.

Dose-level eligibility is a CDC-endorsed data element that applies to identifying and documenting a patient’s VFC eligibility to receive publicly supplied vaccine.

The IZ Gateway routes identified data from the sender to the receiver using HL7 Version 2.5.1 Release 1.5 messaging.

In the Share component, the IZ Gateway will recognize when a patient is vaccinated outside of the jurisdiction in which he or she resides and will automatically push the patient’s record to the relevant IIS. By opting into IZ Gateway Share, a jurisdiction is automatically choosing to share data, when relevant, with all participating IISs.

Yes, in the Connect component of IZ Gateway, participating IISs will receive data from VAMS for patients in their jurisdictions. Participating IISs will also receive data for patients in their jurisdictions from non-traditional vaccination providers that are onboarded to IZ Gateway Connect and not already connected to IISs.

The Provider-Initiated Multijurisdictional Data Exchange component of IZ Gateway allows providers to initiate a query for immunization information from multiple jurisdictions.

The IZ Gateway enables consumers to access their vaccination records through an online application that is connected directly to an IIS or through the IZ Gateway. Consumers can access their and their families’ vaccination records and forecasts through the online application.

Consumer authentication processes vary by jurisdiction and product used for the IZ Gateway Access interface. However, all products will require the consumer to enter personal information, such as telephone number or email, that is matched to data in the IIS and then verified by contact with the device or email. The HHS Office of the Chief Technology Officer (HHS-CTO) is piloting a variety of authentication approaches. The pilot will allow HHS-CTO to evaluate customer experience, match rates, and related quality metrics.