Medical Surveillance from Womb to Tomb: Colorado Immunization Information System (CIIS)

In 2016, when questioned regarding HB16-1164 why CIIS is an “opt-out” database, Rep. Dan Pabon responded, “Because no one would opt-in.”

The Colorado Immunization Information System (CIIS) tracks vaccine uptake on individuals. It is promoted as a service to public health. In the pattern of growing government in incremental ways that ultimately threaten freedom, CIIS has expanded over the years from a grant program to track infants up to age 24 months in rural and remote areas for vaccine accessibility (1992 HB1208), to a federally funded system that tracks all children (2001 HB1134) and adults (2007 HB1347) from birth to death, with a 2030 goal to link vaccine compliance verification to REAL ID. This essay summarizes ten alarming details in CIIS that require consumer protections. Even if a person receives every recommended vaccine and booster, this tracking system will soon have the capability of blocking access to work, school, travel, and medical facilities for those inaccurately reported in non-compliance.

1: Opt-out system instead of opt-in

Doctors and nurses are not required to tell parents that their child’s immunization records are added to the state immunization registry named CIIS. Records are added to the registry at creation of the birth certificate, when vaccines are given, and at schools and daycares when records are collected. It is an opt-out system, meaning a parent must have knowledge that the registry exists and of their opt-out rights.

When consent is required prior to government access, people usually choose privacy when given a choice. According to Patient Privacy and Public Trust: How Health Surveillance Systems Are Undermining Both, research indicates that most parents reject inclusion in health databases. For example, EUROCAT, a network of population-based registries of congenital anomalies (birth defects) in Europe, conducted a survey on registries implementation of informed consent. One registry reported a drop in its participation rate, noting that it had received “less than 10 written consents in the entire year in which opt-in consent was instituted.” This compared with 249 people added to the registry the year before it integrated consent. As a result, the registry eventually dropped the consent requirement (opt-in) and offered a dissent option (opt-out). In short, when people refused to cooperate of their own volition, the registry forced them in.

Currently, there is no true opt-out for CIIS. Lynn Trefren at CDPHE explained the secondary database that retains records of those who opt-out, “All information about an opted-out individual is purged from the CIIS database except first name, last name, gender, date of birth, city, county, state and zip code.”

2: Data security audit concerns

A 2017 audit of CDPHE’s three information systems reported five security concerns in their findings. First, the three CDPHE information systems did not comply with multiple Colorado Information Security Policy (CISP) and Office of Information Technology (OIT) Cyber Policy requirements and did not comply with several best practice recommendations. Second, security controls implemented for these three systems did not comply with all state policy requirements. Security controls need to be remediated to ensure the protection of the confidentiality, integrity, and availability of these systems and the data they maintain. Third, the audit identified data control weaknesses indicating OIT was not fully compliant with some requirements. Fourth, CDPHE IT policies were out of date. Twenty two of the sample of twenty four CDPHE agency-wide IT policies examined had not been reviewed or updated by CDPHE management in over one year and did not include current CISP and OIT Cyber Policy requirements. Fifth, the audit identified Information System Security Software control weaknesses indicating OIT was not fully compliant with some requirements related to system security plans.

3: Inaccuracy costs taxpayers millions of dollars

The CIIS system has a primary function as an inventory and product re-ordering system for vaccine providers. CIIS costs Coloradans $1.5 million per year. Taxpayers are supporting a highly profitable vaccine industry database. No other for-profit industry has a state funded record keeping system.

Colorado could reduce the CIIS expense by utilizing the more accurate Electronic Health Records (EHRs) data. First, the accuracy of CIIS is negatively impacted by duplicate and fragmented records. Second, there is no process in CIIS to inactivate people who have moved on, gone elsewhere (MOGE). Third, according to CDPHE on CIIS accuracy, “Most counties do not have all providers reporting to CIIS, so it is likely that the immunization rates generated out of CIIS underestimate the actual county rates.” The national standard for validity is 85% of state providers reporting to IIS systems, and Colorado reported to the CDC (2012) only 41% of private providers, 66% of public providers, and 76% of government providers reported to CIIS.

Finally, schools and daycares are required to report more accurate infectious disease data with currently enrolled students in accordance with Colorado regulations. In 2013 the Citizens’ Council for Health Freedom noted, “Data in the vaccination registry only agreed with the child’s medical record data in 59 percent of cases examined.”

4: Data sharing for profit

Public health officials often deflect privacy concerns using terms such as “HIPAA compliant” and “confidential” when referring to databases like CIIS. HIPAA notice is a permission slip for the government to disclose medical information without transparency. CIIS allows sharing of data without knowledge or consent of individuals. Furthermore, CIIS is not capable of maintaining “confidentiality” when defined as privacy between the doctor and patient.

CIIS shares vaccine records to paid subscribers in CORHIO, Colorado’s Health Information Exchange. According to CDPHE, CIIS also shares data with the following agencies:  Medicaid, HCPF, WIC, Refugee Health, Child Fatality Prevention System, and Vaccines for Children. Additionally, CDPHE shares CIIS data with a long list of undisclosed persons with no requirements in law which prohibit sharing Personally Identifying Information (PII) or limit records for people granted full access:

• The individual’s healthcare provider
• A school, childcare center or university where the individual is enrolled
• A managed care organization or health insurer where the individual is enrolled
• Hospitals
• Persons or entities who have an agreement or research contract with the state for immunizations
• To the extent necessary for the treatment, control, investigation, and prevention of vaccine preventable diseases in the minimum amount necessary

Furthermore, HB14-1288 required in section 25-4-910. “The Department of Public Health and Environment, in consultation with other state departments, shall establish a joint policy on immunization data collection and sharing.” However, this requirement in statute has never been completed by CDPHE.

5: Recall & reaction functions never utilized for public safety

CIIS has underutilized functions to identify patients and providers who received a recalled vaccine. Public Safety notifications have never been utilized for the Rotavirus vaccine recall (1999) or other identified hot lots, contaminated vials, or vaccines demonstrating vaccine failure. CIIS also has functions for training, access, and support for investigating reactions within the Vaccine Adverse Reactions System (VAERS). It is likely that financial incentives for providers to upload records of product sales to CIIS are in direct conflict with reporting product recalls or reactions to the public.

Contrary to public perception, the FDA is not a watchdog of the health and hygiene products. As reported in 2019 Special Report: Powder Keg – FDA bowed to industry for decades as alarms were sounded over talc, “Over the past 50 years, the FDA has relied upon – and often deferred to – industry even as outside experts and consumers repeatedly raised serious health concerns about talc powders and cosmetics, a Reuters investigation found.” A criminal investigation and $5 billion in jury verdicts against Johnson & Johnson (J&J) found carcinogenic asbestos in 11 talc-based products, including Johnson’s Baby Powder, first detected in 1971. J&J recalled 33,000 bottles, voluntarily. The FDA’s written report stated it has no power to ensure product safety nor can it force companies to recall products when potential hazards are discovered. “We are dependent on manufacturers to take steps to ensure the safety of their products,” the FDA said.

Likewise, the judicial system is not a watchdog of the vaccine industry, as the US shields vaccine manufacturers from liability. According to Big Pharma and Big Profits: The Multibillion Dollar Vaccine Market, “Vaccines are the only products in the U.S. that do not have liability. You cannot sue for injuries or death. But that is only in the U.S. Around the world, there are lawsuits because of serious injuries and deaths from vaccines. In Spain over Gardasil. In Japan over Gardasil. The flu shot was taken off the market for under five in Australia after deaths and injury. Prevnar was banned in China. Pfizer’s vaccination program was kicked out of the country. France just pulled Rotavirus off their schedule after infant deaths and injuries.”

6: Coercion

CIIS uses the data to activate reminder-recall-home visit programs to increase vaccine uptake. If a parent opts a child out of a vaccine, such as the controversial HPV vaccine for a sexually transmitted disease, the parent could be harassed by the state for their choice for their child, to include a home visit.

According to Vaccination Programs: Home Visits to Increase Vaccination Rates, home visitors assess clients’ vaccination status, discuss the importance of recommended vaccinations, and either provide vaccinations to clients in their homes or refer them to other services. Home visits may be conducted by vaccination providers (e.g., nurses) or others (e.g., social workers, community health workers). Interventions may be directed to everyone in a designated population (e.g., low-income single mothers), or to those who have not responded to other intervention efforts, such as client reminder and recall systems.

When does medical surveillance become coercion? According to Citizens’ Council for Health Freedom, “Concerns have included: the collection and use of the data by health officials; the creation of lists of those who refuse vaccinations; the use of clinic vaccination rates to score the performance of doctors; the use of such scores to financially penalize doctors; and the potential refusal of health plans to cover an unvaccinated or under-vaccinated individual.”

7: Data mining for targeting populations

According to a 2019 CDPHE briefing titled “Immunizations, exemptions, and vaccine hesitancy,” CIIS contains the records of 6.1 million people, 91% of Coloradans, from 1468 medical practices. The primary use of the data is to calculate immunization rates for each vaccine to meet the CDC’s 95% goals which result in federal funds for CDPHE. The data fields also include insurance source, medical home information, school enrollment, language, and employment information (despite employment information not authorized in statute).

The data is utilized in “targeting interventions.” Populations targeted for vaccine uptake are Latinos, Medicaid clients, and pregnant women. Infants ages 9-35 months are targeted for vaccine uptake reminders. Anyone eligible for the HPV vaccine is also targeted.

It is noteworthy that all eight brands of influenza vaccines have a similarly worded warning that vaccine safety has not been studied in pregnant populations. For example, “Available data with Fluzone Quadrivalent use in pregnant women is insufficient to inform vaccine-associated risk of adverse developmental outcomes.” These product warnings do not stop public health from using CIIS to target pregnant women for vaccine uptake, nor does the provided mailer information include the product contraindications. The entire system is based on increasing customers.

8: Circumventing FERPA since SB163 in 2020

Schools are required to protect the privacy of vaccine records as part of all student records under the federal law of FERPA, so an automated system like CIIS to collect immunization records from the schools was postured to violate federal law by phishing for private medical information. FERPA requires that schools and daycares can only release student records if parents have given prior written consent for the specific record and to the specific agency.

In 2016, CDPHE implemented a new online vaccine exemption form for schools that feeds PII directly into CIIS. However, Colorado statute only required a parent to submit a “statement of exemption” to the school. Statute did not require that a parent submit a form to the state for inclusion in a registry. CDPHE did not have authority in statute, nor did it follow the public rule making process to implement the new state exemption form. CDPHE spent years trying to implement the illegal state forms before finally introducing legislation during the pandemic lockdowns.

In 2020, during an unprecedented Sunday hearing at the Capitol, thousands of people protested SB20-163, a bill that included many controversial provisions. It created a Colorado vaccine exemption form that uploads to CIIS and a re-education module for any person who chooses a medical, religious, or personal belief exemption to any vaccine. Doctors who sign these medical exemption forms uploaded in CIIS are scrutinized and often subject to investigation for using their medical judgment.

9: CDC interface for future federal registry

CIIS creates a targeted population registry at the state level that interfaces with the CDC’s Vaccine and Tracking System at the federal level. According to the IIS Strategic Plan Executive Summary from the CDC, the end goal is “Real time, consolidated immunization data and services for all ages are available for authorized clinical, administrative, and public health users, and consumers, anytime and anywhere.” CIIS records are the source data for any proposed form of a vaccine passport.

The CDC uses financial incentives to recruit providers to report records electronically to CIIS and CORHIO, and each entry results in reward points which are cashed in for undisclosed dollar amounts. The CDC’s $1.5 Billion EHR Incentive Program renamed “Promoting Interoperability” to hide the financial incentives and portray the benefits of electronic records pays the Colorado AAP and Colorado AAFP providers.

10: Lack of evidence of public health benefit

The state is required to implement evidence-based programs. Research does NOT support that CIIS improves public health for its million-dollar annual expense. A 2015 Economic Review of IIS (Patel et al) found no actual benefit to public health measured by reduced morbidity and mortality, at the cost of $7 million over five years to the state. A 2015 Systematic Review of IIS (Groom et al) found that IIS had no performance measures or deliverables for public health, and practices using IIS did not have significantly higher vaccination rates than those practices not using an IIS.

In conclusion, the strength of CIIS is that it serves vaccine providers with highly individualized data for targeted sales, inventory, reordering. It is supported by vaccine providers and 80 medical association lobbyists in Colorado. However, CIIS has no consumer protections for the public. The weakness of CIIS is that it costs millions of dollars annually for redundant data collected in EHRs and at schools with better accuracy and privacy. CIIS is a security threat to sensitive data as ransomware targets centralized healthcare databases for millions of dollars. CIIS is also a threat to freedom with interventions for targeting people and coercion for vaccine uptake.