Lane: CIIS pits profit against children’s privacy
Author: Rebecca Lane - March 23, 2017 - Updated: March 21, 2017
Recently, several Colorado newspapers have published articles regarding Colorado childhood immunization rates and fears surrounding the de-funding of the Colorado Immunization Information System (CIIS), a $3.3 million per year, tax payer funded, inaccurate, opt-out only tracking system that contains private medical information accessible to health care providers, governmental agencies and school personnel across the state.
In two Denver Post articles, the Colorado Children’s Immunization Coalition (CCIC) was referenced as the expert in immunization information for Colorado. CCIC is a nonprofit organization that works to increase immunization rates in the state. But according to the state auditor’s 2016 performance audit of the Colorado Department of Public Health and Environment (CDPHE), CCIC was implicated in a conflict of interest with the CDPHE. The audit reports that CDPHE awarded $1.8 million in contracts to CCIC from November 2008 through July 2015. The audit also reported that during that time, various CDPHE staff served on the board of directors of CCIC. Since CDPHE is the agency that runs CIIS, how can Coloradans rely on this type of reporting when biased sources such as CCIC are used to make the case for CIIS funding? Sourcing CCIC when asking about CIIS funding is akin to asking the fox if the henhouse should be left unlocked.
It has been reported that CIIS helps doctors and parents track vaccinations electronically and that before CIIS was created, vaccinations were tracked by paper records. This is true, but since the creation of CIIS, new electronic health information exchange networks such as the Colorado Regional Health Information Organization (CORHIO) have been created. These networks electronically track all patient health information which can be shared with health care providers across the state. Before the creation of these massive network databases CIIS was a more valuable tool. But now, doctors, clinics, hospitals, CDPHE and other medical providers use networks such as CORHIO to track the medical records of their patients. Vaccination records are input into the electronic health chart just like any other medical procedure and thus, immunization records are already available in the networks. CIIS has been made redundant.
A quote from the August 2016 CORHIO newsletter illustrates the point: CDPHE and CORHIO “have partnered to help community providers and hospitals submit immunization reports using existing health information exchange technology. Since June 2013, CORHIO participants have reported 494,695 immunizations to CIIS through the secure CORHIO network. This includes data from 69 individual sites, including office-based providers and hospitals or health systems.”
The CORHIO network partners with CDPHE and CDPHE runs CIIS. What’s more, the current head of CDPHE was the chief executive officer of CORHIO before his position at CDPHE, and he now sits on the board of directors of CORHIO.
Is CIIS really dedicated to public health or is it dedicated to data collection?
Besides being redundant, CIIS is not necessarily accurate. The CDPHE website immunization-records (CIIS) page states that, “the registry may not contain all records.” Not all providers participate in CIIS and if children have had immunizations out-of-state, these records will not be recorded in CIIS.
Additionally, this database is opt-out only. To opt-out, parents must be made aware that their children are being tracked in this database in the first place. Although, according to Colorado statute, they should be notified, most providers fail to tell parents their children’s immunization data will be shared with CIIS. If the parent does find out about CIIS and chooses to opt their child out of this tracking system, only the child’s immunization records are purged. The children opted out will then have their personally identifiable information moved to another database within CIIS for those who choose to opt-out; hardly a true opt-out.
Given the issues, is CIIS really worth $3.3 million per year of tax payer money? Do parents really want or need their children’s potentially inaccurate medical information stored redundantly in several databases across the state with each one vulnerable to security breaches and accessible by hundreds or thousands of people across the state? I would say defunding CIIS is a no brainer.