IIS Policy and Legislation

Privacy, Confidentiality, and HIPAA

Privacy, confidentiality, and security of information are important components of immunization information systems. The following links and documents provide information on HIPAA as well as legislation related to IIS within states. Review the Functional Standards to better understand how IIS address these areas.

State IIS Legislation

A survey of state immunization information system-related legislation was conducted by the CDC. This Survey of State IIS Legislation summarizes for each state:

  • if a state has law authorizing IIS; and if so, if it mandates reporting
  • if state has law addressing sharing of immunization information
  • if state has law addressing sharing of healthcare information
  • type of consent: required, implied, or not yet addressed
  • if implied consent, whether there are provisions to opt out or limit access
  • whether notice is given of inclusion in the IIS

A peer-reviewed paper on this study, including more detailed data, has been published at the Journal of Public Health Management and Practice. This publication is available in several formats from the following link: Immunization Information Systems: A Decade of Progress in Law and Policyexternal icon. A link to the supplemental content dataexternal icon is also provided.

Page last reviewed: June 7, 2019