HomeMy WebLinkAboutWA State Department of Health 615 Sheridan Street
Port Townsend, WA 98368
Au Olson www.JeffersonCountyPublicHealth.org
Consent Agenda
Public HeePat
JEFFERSON COUNTY
BOARD OF COUNTY COMMISSIONERS
AGENDA REQUEST
TO: Board of County Commissioners
Mark McCauley, County Administrator
FROM: ocean mason, Communicable Disease Team Lead
Apple Martine, Jefferson County Public Health Director
DATE: � �; �, �" 2 ri 2 oZ y
SUBJECT: Agenda item — WA Department of Health — Immunization Information System
Information Sharing Agreement, valid upon signature - 11/2027 (3 years)
STATEMENT OF ISSUE:
Jefferson County Public Health (JCPH) requests Board approval Washington Immunization Information
System (IIS) Information Sharing Agreement (ISA) between the Washington State Department of Health
(DOH) and JCPH.
ANALYSIS/STRATEGIC GOALS/PROS and CONS:
The Washington State Immunization Information System (IIS) is a lifetime registry that keeps track of
immunization records for people of all ages. The system is a secure, web-based tool for healthcare providers
and schools. The IIS connects people who receive, administer, record, and order vaccines in Washington.
JCPH uses the IIS to upload and update and review vaccination records for patients receiving care at JCPH,
as well as those who need their records updated for other reasons (e.g. immigration from another country or
state). JCPH also supports schools with vaccination information from the IIS for school vaccination
requirements and to increase childhood immunization rates. This is a renewal of a prior ISA that expired
7/2023 and is past due for update. This ISA will be valid until 11/2027 (3 years).
FISCAL IMPACT/COST BENEFIT ANALYSIS:
There is no charge for this service. $0
RECOMMENDATION:
JCPH management requests approval of the IIS ISA between DOH and JCPH.
REVIEWED BY:
,74 c /40,149/1"
Mark McCauley unty Administrator Date
Community Health Environmental Public Health
Developmental Disabilities 360-385-9444
360-385-9400 (f) 360-379-4487
360-385-9401 (f) Always working for a safer and healthier community
AD-24-054
CONTRACT REVIEW FORM Clear Form
(INSTRUCTIONS ARE ON THE NEXT PAGE)
CONTRACT WITH: WA Dept of Health Contract No: AD-24-054
Contract For: Data Share - Exchange of Immunization Data Term: upon signing - Nov. 2027
COUNTY DEPARTMENT: Public Health
Contact Person: ocean mason
Contact Phone: x 480
Contact email: omason@co.jefferson.wa.us
AMOUNT: -- PROCESS: , Exempt from Bid Process
Revenue: Cooperative Purchase
Expenditure: Competitive Sealed Bid
Matching Funds Required: Small Works Roster
Sources(s) of Matching Funds :Vendor List Bid
Fund # RFP or RFQ
Munis Org/Obj Other:
APPROVAL STEPS:
STEP 1: DEPARTMENT CERTIFIES COMP ZWIT .080 AND CHAPTER 42.23 RCW.
CERTIFIED: r N/A:F— Oct. 10, 2024
Signatur7 Date
STEP 2: DEPARTMENT CERTIFIES THE PERSON PROPOSED FOR CONTRACTING WITH THE
COUNTY (CONTRACTOR) HAS NOT BEEN DEBAR ED BY ANY FEDERAL, STATE, OR LOCAL
AGENCY.
CERTIFIED: N/A: I Oct. 10, 2024
Signature Date
STEP 3: RISK MANAGEMENT REVIEW(will be added electronically through Laserfiche):
Electronically approved by Risk Management on 10/17/2024.
STEP 4: PROSECUTING ATTORNEY REVIEW(will be added electronically through Laserfiche):
Electronically approved as to form by PAO on 10/17/2024.
State language -- cannot change.
STEP 5: DEPARTMENT MAKES REVISIONS & RESUBMITS TO RISK MANAGEMENT AND
PROSECUTING ATTORNEY(IF REQUIRED).
STEP 6: CONTRACTOR SIGNS
STEP 7: SUBMIT TO BOCC FOR APPROVAL
1
DOH Contract#: 29999:
Washington State Department of WASHINGTON STATE...••
1, , pIMMUNIZATION
„ izq ii '� -.INFORMATION SYSTEM
Every age. Every vaccination
Washington State Immunization Information System
Information Sharing Agreement for
EXCHANGE OF IMMUNIZATION DATA
This agreement("Agreement") is between the Washington State Department of Health ("DOH") and
("Organization") for the exchange of immunization data.
Cowrvff
Pv& C- (-{�- L1(A BACKGROUND
• DOH is the public health agency that maintains the Washington State Immunization Information
System ("IIS" or "the IIS"). IIS serves as a communications link, repository, and retrieval tool for data
on the immunization status of individuals ("immunization data"). The IIS allows health care providers
and health plans to exchange immunization data with other health care providers and health plans as
authorized under Chapter 70.02 RCW.
• Provider/Plan is: (check one):
.µ A public agency, corporation, or other entity with individual shareholders, members, officers,
employees, contractors, or other personnel who are authorized under Washington law to provide
health care or public health services to individuals.
❑ A health care service contractor authorized by the Washington Insurance Commissioner to sell
health insurance to, and/or administer health insurance plans in Washington State.
❑ A school, school district, childcare program, Head Start organization, and/or ECEAP grantee
authorized to provide or coordinate health care services for students through personnel who are
authorized under Washington law to provide such services.
❑ An individual authorized under Washington law to provide health care services to individuals.
❑ A federal or state government agency that is authorized by law to provide health care or public
health services.
• Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Chapter 70.02 RCW,
Washington's Health Care Information Act (HCIA) require health care providers to keep personal
health care information confidential. Immunization records are personal health care data. Health care
providers.may disclose immunization records to DOH under 45 Code of Federal Regulations (CFR) §
164,512(b)(1)(i) and RCW 70.02.050(2) because DOH is a public health agency authorized to collect
immunization data.
• Chapter 42.48 RCW governs the release for research of confidential personal records obtained or
maintained by DOH. Individually identifiable immunization records obtained by the IIS are as such
Page 1 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022
AD-24-054
ATTACHMENT A
personal records. Therefore, release of individually identifiable immunization data for research is
subject to the requirements of Chapter 42.48 RCW and may not be used without Washington State
Institutional Review Board and DOH approval.
Subject to the terms and conditions of this agreement, Provider/Plan and DOH may exchange
immunization records for patients cared for by Provider/Plan. The purpose of the data exchange is to
improve patient care and to protect public health.
THEREFORE, the Parties agree on the following terms and conditions,
1. DEFINITIONS
"Agreement" means this Agreement.
"De-identified immunization data" means any immunization data that neither identifies nor
provides a reasonable or ready basis to identify an individual.
"Immunization data" means demographic information and immunization status of individual
persons collected in the IIS regardless of whether in the form of raw data or appearing in
other IIS features and functions as described in Paragraph 7. Once an immunization record is
entered into IIS, the record stored in the IIS database is IIS Immunization Data.
"IIS patient record" means the immunization data for an individual.
"Immunization record" means any record regardless of source documenting the status of
individual persons.
"Party" or collectively "Parties" means either DOH, the Provider/Plan, or both.
"Provider-verified immunization record" means a valid record produced or verified by a health
care professional or facility documenting the immunization status of an individual. For the
purpose of this definition "valid" means that the record is in writing, dated, and indicates either
the name of the health care provider responsible for administering or reviewing each
immunization or a unique stamp of the provider or facility at which the provider practices.
2. DATA TRANSMISSION
a. Provider/Plan shall transmit to DOH all immunization records in the IIS for patients who
obtain health care services from Provider/Plan. Provider/Plan shall complete all IIS data
fields for which Provider/Plan has data. Provider/Plan must attempt to collect data for all
IIS data fields.
b. DOH shall transmit or make available to Provider/Plan all immunization data for patients
receiving health care services from Provider/Plan.
3. DATA FORMAT
DOH may require Provider/Plan to submit data in a specified format. Unless DOH specifies, the
Parties may exchange the immunization records using any of the following formats:
a. Current version of the CDC's HL7 "Implementation Guide for Immunization Messaging."
b. Web-based access, which is direct entry of data into the IIS.
c. Flat file exchange through secure file transfer protocol (SFTP) - available on a case-by-
case basis and requires prior approval of the Data Exchange Manager
Page 2 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022
ATTACHMENT A
4. DATA QUALITY
a. Both Parties shall make best efforts to provide true, accurate, and complete information
including initiating entries for new patients, updating data for existing patients, and editing
records that are incorrect or inaccurate.
b. Provider/Plan shall not enter immunization records for immunizations that Provider/Plan
did not provide, except that Provider/Plan may enter(1) Provider-verified immunization
records and (2) a patient's self-report of influenza vaccine and pneumococcal
polysaccharide vaccine (PPSV) as necessary to complete IIS patient records.
c. If at any time, Provider has reason to believe that the data transmitted by Provider is not
true, accurate, or complete, Provider shall promptly notify DOH of the error and provide
DOH with updated accurate and complete information.
d. Provider/Plan understands that DOH does not guarantee the accuracy of information in
the IIS that DOH receives from other Providers/Plans.
e. Knowingly or intentionally providing false, materially inaccurate, or materially incomplete
immunization data is a material breach of this Agreement subject to termination for cause
under Paragraph 10.
5. USE OF DATA
a. Provider/Plan may use individually identifiable immunization data solely to assist
Provider/Plan in providing direct patient health care. Permitted usage of immunization
data includes linking immunization to patient's other health care information and disclosing
patient information to the patient or, as applicable, the patient's parent or guardian.
b. Provider/Plan shall not access any Provider/Plan employee's immunization data for
employment purposes without written authorization of the employee.
c. DOH may use both individually identifiable and de-identified immunization data for public
health purposes, which includes, but is not limited to, disclosing patient information to (1)
the patient or, as applicable, the patient's parent or guardian; (2) other health care
providers who need the information for direct patient health care and have entered into an
Information Sharing Agreement with DOH; (3) a health plan if the purpose is for treatment
and the health plan has entered into an Information Sharing Agreement with DOH; and (4)
research, if the release conforms to the requirements of Chapter 42.48 RCW.
d. Provider/Plan agrees to undertake disciplinary action against an employee for misuse of
immunization data.
6. DISCLOSURE OF DATA
a. Provider/Plan shall not disclose in any manner any part of the immunization data except
as permitted in this Agreement, as the law requires, this Agreement permits, or with
specific prior written permission by the Secretary of the Department of Health.
b, Either Party may release or disclose an individual's immunization record received from the
other Party if such release or disclosure is authorized in writing by the individual and the
authorization conforms to applicable law.
c. If Provider/Plan receives a third-party request for disclosure of immunization data and
determines the law requires such disclosure, Provider/Plan shall notify DOH privacy
officer of the request ten (10) business days prior to disclosing to the requestor. DOH may
seek an injunction to prevent disclosure.
Page
3of10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022
ATTACHMENT A
7. SECURITY OF DATA
a. This Agreement shall be construed to provide maximum protection to immunization data.
b. The obligations set forth in this Section 7 of this agreement shall survive completion,
cancellation, expiration, or termination of this Agreement.
c. The Parties shall strictly limit use of immunization data to uses specified by the
Agreement. Provider/Plan shall not link IIS Immunization Data with any other information
or use immunization data to identify or contact individuals except as authorized under this
Agreement.
d. The permission to access immunization data is limited to Provider/Plan's principals or
employees'for whom Provider/plan:
i. Authorized such access;
ii. Trained in the disclosure and security requirements under this Agreement;
iii. Maintains on file a confidentiality agreement signed by the principal or employee,
Provider/Plan may use its own confidentiality agreement, but it must contain
substantially the same information as the confidentiality agreement in Attachment
B; and
iv. Secured a user account with an IIS login and password.
e. Provider/Plan shall specify one or more principals or employees as IIS System
Administrators using Attachment C
f. The System Administrator(s) shall work with the 1IS Help Desk to establish and manage
user accounts for authorized individuals in their organization. The Provider/plan shall:
i. Assure that no one assigned an IIS user account shares their login ID or password
with others or allows others to access IIS using their login ID.
ii. Limit access and use of immunization data to the fewest number of people, and in
such a manner so that persons can see only the smallest amount of data
necessary for the least amount of time necessary to complete required work.
iii. Assure that all people with access to immunization data understand their
responsibilities regarding it under this agreement.
iv. Retain a copy of all confidentiality agreements specified in Paragraph 7.d.iii for at
least six (6) years following termination of this Agreement.
g. Provider/Plan warrants that Provider's privacy and security practices meet or exceed the
standards set by state and federal law for the security of protected health information and
as commensurate with Provider's obligations under the law. The information Recipient
assures that its security practices and safeguards meet Washington State Office of the
Chief Information Officer(OCIO) security standard 141.10 Securing Information Technology
Assets. For the purposes of this Agreement, compliance with the HIPAA Security Standard
and all subsequent updates meets OCIO standard 141.10 "Securing Information
Technology Assets." Provider/Plan understands that it must maintain these standards so
long as it has access to immunization data shared or accessed pursuant to this
Agreement
h. Provider/Plan shall take all steps necessary to prevent unauthorized access, use, or
modifications of IIS Immunization Data.
i. Provider/Plan shall notify DOH Privacy Officer of any suspected or actual security breach
of IIS Immunization Data within two (2) business days of discovery.
8. OTHER FUNCTIONS AVAILABLE IN IIS.
Plan/Provider may utilize without charge such other IIS functions as DOH specifically authorizes
Plan/Provider to utilize. Attachment A describes IIS features and functions.
Page 4 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022
ATTACHMENT A
9. HOLD HARMLESS.
DOH is not liable for any general, special, consequential, or other damages that may arise or
claim to arise from any use of IIS Immunization Data by Provider/Plan, its employees,
contractors, officers, agents, or affiliated persons. Provider/Plan shall indemnify and hold DOH
harmless from any claim for damages that may arise or be claimed to arise from Provider/Plan's
transmission to the IIS of immunization data that is knowingly or intentionally false, materially
inaccurate, or materially incomplete. DOH and the Information Recipient shall cooperate in the
defense of tort lawsuits, when possible.
10. PERIOD OF PERFORMANCE.
The Period of Performance is 3 Years from Date of Execution unless earlier terminated as
provided by this Agreement.
11.TERMINATION.
a. Either Party may terminate this Agreement effective as of the end of any calendar quarter,
provided the terminating Party gives written notice of termination to the other Party at least
30 days before the end of the quarter.
b. Either Party may terminate this Agreement for cause after the other Party has failed to
cure a material breach, provided the terminating Party gives the other Party written notice
of breach and provides at least 14 days for the other Party to cure the breach.
12. CAUSE FOR IMMEDIATE TERMINATION
a. The Information Recipient acknowledges that unauthorized use or disclosure of the
data/information or any other violation of sections II or III, and appendices A or B, may
result in the immediate termination of this Agreement.
13. SAVINGS.
If funding from state, federal, or other sources is withdrawn, reduced, or limited in any way during
the Period of Performance, DOH may, in whole or in part, suspend or terminate the Agreement,
upon immediate notice. DOH may elect to renegotiate this agreement at DOH's discretion under
the new funding limitations or conditions.
14.AMENDMENT.
The Parties may amend this Agreement by mutual agreement. Such amendments are not
binding unless in writing and signed by the persons authorized to bind each of the Parties.
15.APPLICABLE LAW AND VENUE.
This Agreement is governed by the laws of the State of Washington. Venue is in the Superior
Court of Thurston County.
16. CONTACT INFORMATION.
The following persons are the contact for all communications about this Agreement.
Page 5 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022
ATTACHMENT A
Provider/Plan:
Contact Person and Title: OCecty\ r+1.4s bn.
Organization: de- .(Son Co. AI, h(•��...�a',(-� __—
Mailing Address: lol5" �>, -f
City/State/Zip: be/ Te:),cc e !_._111A_-.�t�''
Phone: 3be -38"57-9100 Fax: _ Email: Oi+l;tsM Q Co j ell#-t.S+ •41,zK
DOH: n
Organization: Washington State Department of Health Office of Immunization
Mailing Address: PO Box 47843
City/State/Zip: Olympia,WA 98504-7905
Phone: 1-360-236-3595 or 1-866-397-0337 w._.... .__. _
AGREED on this day of , 20
By execution of this agreement, the parties so signing acknowledge they have full power and authority to
enter into and perform this agreement on behalf of the signatory as well as the business entity
referenced within the body of the agreement.
Agency Signatory: Jefferson County Washington State Department of Health:
Signature Contracts Office Authorized Signature
Kate Dean, Chair
Board of County Commissioners
Name, Title Please Print Name, Title Please Print
Provider Signatory: (The Agency's licensed health care provider, school nurse, childcare health
consultant, or other authorized health care provider, licensed in Washington State, and responsible for
the operation and management of Agency's health care services. Provider must be licensed in
Washington State unless the provider is part of the military and providing services at military clinics or the
provider is part of a tribal baIth-ea stem and providing services at a tribal clinic)
Signature
Name, Title P/e e Print Approv d as%t f m only:
P1O‘0oC Oi 41. for 10/17/2024
Credential Number hilip C. Hunsucker, Date
Chief Civil Deputy Prosecuting Attorney
Jefferson County Washington
Credentialing State if not Washington
Page 6of10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022
ATTACHMENT A
Services Available in the IIS
DOH is solely responsible for the operation and management of the IIS, which benefits patients, their
care providers, health plans, public health agencies, and other entities that are concerned with assuring
the effective immunization of Washington State's population.
The IIS is available 24 hours a day, 7 days a week, with the exception of scheduled and unexpected
outages. DOH schedules system maintenance outside of regular business hours and with prior notice if
possible.
Available Functions
The IIS has several role-based access levels. DOH will grant to users only those functions necessary to
conduct the user's work. The available functions in the system include, but are not limited to, the following:
• Patient record demographic data query and update
• Patient record vaccination data query and update
• A vaccination forecast displaying vaccines due for each patient. The vaccination forecast is based
on the recommended immunization schedule published by the Centers for Disease Control and
Prevention (CDC) with the advice of the Advisory Committee on Immunization Practices. The
vaccination forecast is subject to change if/when the CDC establishes new guidelines. DOH will
incorporate such changes in IIS as soon as possible.
• Vaccine ordering by providers enrolled in the State Childhood Vaccine program
• Vaccine order status tracking
• Vaccine management and accountability including:
> Ability to complete the annual provider agreement to enroll or re-enroll in the State
Childhood Vaccine program
➢ Ability to complete vaccine accountability report(s) and electronically submit them to the
local health jurisdiction
• Generation of reminder/recall to contact patients due for vaccination
• Record contraindication(s)for specific vaccines for each patient with specification of the reason for
the contraindication or precaution
• Record of adverse reactions for specific vaccine for each patient
• Generation of reports including:
> Patient specific vaccination reports showing detailed vaccination history and forecast
> Detailed practice-based reports such as practice immunization coverage data, vaccines
administered data, and vaccine lot data
DOH may, in its sole discretion, modify or remove available functions at any time.
Page 7 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127 (711-TTY relay).
DOH 348-576 September 2022
ATTACHMENT B
IIS Confidentiality Agreement
This attachment is provided as sample language to include in Confidentiality Agreements. You-do not need to
complete and return this form with your agreement.
I understand that my employer, , (insert name of Employer) has entered into an Information
Sharing Agreement with th',Washington Department of Health to view and/or exchange data in the Washington
State Immunization Informatiors,System ("IIS"). My employer has made a copy of the Agreement available to me.
I understand that I am responsible for,maintaining the confidentiality of any immunization data that I have access to
during the course of my employment. Immunization data means demographics and immunization status of
individual persons collected by the IIS, regardless of whether in the form of raw data or appearing in other IIS
features and functions made available to my'employer.
I will not share my unique IIS login code with anyone nor allow anyone to access IIS using my login code.
I will not at any time, nor in any manner, either directly carindirectly divulge, disclose, release, or communicate any
immunization data to any third party unless specifically necessary to perform my assigned job duties, required by
law or authorized by the person,or parent or guardian of the\`person,to whom the immunization data applies. I
recognize that maintaining confidentiality includes not discussing.immunization data outside of the workplace. I will
limit my own access to person-specific data in the IIS to that whichcis necessary to perform my job duties.
I understand that if I discuss, release, or otherwise disclose confidential"data/information outside of the scope of
this policy through any means, I may be subject to disciplinary action, which,may include termination of
employment.
Employee Signature: Date:
Employee name (please print):
Received on (date): By(supervisor's signature):
A signed copy of this form must be on file with the Employer before employee may access IIS.
Page 8 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127(71 l-TTY relay).
DOII 348-576 September 2022
ATTACHMENT C
Washington State Immunization Information System
Establishing IIS System Administrator Accounts
Each organization that completes an Information Sharing Agreement must designate at least one person as a System
Administrator who can set up user accounts for each principal or employee who needs access to the IIS.The System
Administrator has a permission added to their user account which allows them to authorize or discontinue access to
the IIS for others in their organization, including:creating new user accounts, inactivating accounts when employees
leave the organization, and running reports to see all users associated with the organization. The organization is
responsible for notifying DOH on any changes to the primary contact.
Primary Contact Name: 6(eci.AA '
Phone: 3 O- -_'L f oo
Title: t1.01 ft r n/il.,sf_ . ` f 1 i+' t oevip
Email Address: emetS3 ( vet t.
Page 9 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022
ATTACHMENT C
DEFINITIONS
Authorized user means a recipient's employees, agents, assigns, representatives, independent
contractors, or other persons or entities authorized by the data recipient to access, use or disclose
information through this agreement.
Authorized user agreement means the confidentiality agreement a recipient requires each of its
Authorized Users to sign prior to gaining access to Public Health Information.
Breach of confidentiality means unauthorized access, use or disclosure of information received under this
agreement. Disclosure may be oral or written, in any form or medium.
Breach of security means an action (either intentional or unintentional)that bypasses security controls or
violates security policies, practices, or procedures.
Confidential information means information that is protected frompublic disclosure bylaw. There are
many state and federal laws that make different kinds of information confidential. In Washington State,
the two most common are the Public Records Act RCW 42.56, and the Healthcare Information Act, RCW
70.02.
Disclosure means to permit access to or release, transfer, or other communication of confidential
information by any means including oral, written, or electronic means, to any party except the party
identified or the party that provided or created the record.
Health information is any information that pertains to health behaviors, human exposure to
environmental contaminants, health status, and health care. Health information includes health care
information as defined by RCW 70.02.010 and health related data as defined in RCW 43.70.050.
Page 10 of 10
If you have a disability and need this document in another format,please call 1-800-525-0127(711-TTY relay).
DOH 348-576 September 2022