September 8, 1998
Mr. Robert D. Crider, Jr.
Dear Mr. Crider:
I wrote previously about the then proposed rules which later were withdrawn by the Texas Department of Health to implement establishment of a state-wide immunization tracking system as provided for by HB 3054. It seems there still is a lack of understanding being demonstrated by the department in its latest version of the proposed rules as to the intent of the legislation or thc will of the legislators on this matter. Specifically, we---the Legislature---wanted to limit the amount of information being gathered, believed there should be tight restrictions as to who would bc given access to and be able to use the information, and were clear that meaningful parental consent be required prior to compiling or using the immunization records and other data.
While I can understand including a childs Social Security number in the vaccination registry, why do we have to ask for a childs gender, address, parentage or who is their legal guardian, thc mothers maiden name or evidence of imrnunity to vaccine preventable diseases? I concede that the imrnunization providers phone number may have validity to verify accuracy of the information or reconnect with the child if there are vaccine problems, and be able to hear about/advise of possible
reactions to certain vaccines (a medical research data function). Otherwise, I sense there are attempts being made to gather more data than is necessary, especially when it comes to the "optional information" category, and I would like a clear differentiation made in the rules between "required" and "optional" data, and that providers not be solicited for information "if available," since it most likely would be available though a parent would have no way of knowing what is being disclosed.
I am unalterably opposed to the open-ended authorization of data release which "the Commissioner of Health or designee" loophole in the proposed rules provides. I believe the aforementioned entities may be granted access to the information, but are not to have the data released to them. No health plan insurers presently lack the necessary data release authority to process immunization claims (can solicit needed information from the provider), and any providers who participate in a Department of Human Services public health immunization program already have access to the registry for their public assistance clients. DHS is not currently allowed release privileges by statute, so that agencys and the other unacceptable release authorization instances cited above must be removed from your proposed rules.
I really am floored by provisions for the unrestricted re-release of data on a child to "administrators and promoters" of vaccines and other state registries in your proposed rules. I am sure the intentions of TDH are pure, but what is there to safeguard how the information is handled by these "entities and individuals who both administer and promote immunizations and the immunization registries of other states," especially where the recipient is beyond the reach of Texas law and TDH rules? Lets focus on where the immediate crisis is----insuring that any unvaccinated child in Texas whose parent(s) consents(consent) is provided scheduled immunization awareness and opportunities for service by using "home"-based strategies and "family"-sensitive avenues of support, not recruiting for this TDH mission any number of outside forces, for-profit ventures, etc.
While I think it would not be overly taxing on a parent (though not in such close proximity to the birth that either mother or father fail to fully comprehend the choices being presented to them) to decide whether or not to have appropriate immunizations administered to their child, immunization consent and registry consent at birth must be clearly differentiated. These are separate actions and should require separate signatures. I dont accept the position that all parents whose children were prematurely (prior to September 1, 1997) inputted into the registry---whether they expressly gave informed consent or unwittingly were incorporated into the database---are simply to be considered grand fathered under your proposed rules. I believe all parents with data on their children inputted before the legal enforcement date of the law should be sent consent forms and all data deleted if the consent form is not returned signed. This is the only way you can exhibit good faith in upholding what your own rules imply or dictate.----respect for due process protection of privacy, conscientious stewardship of the public trust, etc.
On the subject of confidentiality, I wouldnt think you would want any registry user to be exempted from restrictions or penalties on how the records they access are to be handled and/or updated, modified, screened, etc. How do we insure the integrity of the data or the respect for confidentiality if we are lax in enforcing proper controls/management of either or dont sanction behavior which compromises these areas? This subject needs to be addressed with much more emphasis and clarity in your rules. I believe we also need to limit both the extent and frequency of notification because with the options listed being "by mail, telephone, personal contact, or other means" for "overdue" immunizations, nothing prohibits employing all of them plus undisclosed/unknown systems for "reaching out and touching someone which might amount to intrusion, harassment or coercion in the final analysis. Getting the message across is one thing, having a messenger appear or leave their calling card at ones doorstep is sort of borderline, and sending out someone to administer the Dose (s) uninvited is carrying things a little bit too far.
I am likewise troubled by the prospects of "suspect" treatment by various registry users of those parents who decline to participate in the registry, possibly refuse to comply, or simply are negligent in complying with the recommended time-schedules for vaccinations for religious, medical (allergic to certain substances, etc.) or other reasons. Given no means of encoding legitimately-recognized exemptions for children who do not stay current on their immunizations or entirely avoid certain vaccinations, and being reasons for not participating in the registry are untraceable, no leap to judgment should be made by outside or in-agency personnel that something is wrong with these families or their children, that they somehow dont rate, or should be rated as "at-risk" or some other inferior class. To help downplay that tendency, it should be emphatically stated that non-participating families or what may appear to be vaccine-deficient/delinquent children are to not be penalized, retaliated against, or in any way harassed by registry operators or collaborators. The immunization status of a person is correctable---where and when that is a requirement of admission to a program, enrollment in a facility, perquisite to a further service, etc.---but to unduly stigmatize someone for what is not a blatant disregard for the public health or intentional failure to comply (barring medical factors, dictates of conscience, etc.) with a recommended schedule of vaccinations should be categorized as unlawful discrimination or strongly denounced as a misapplication of public data.
The recommended system format (HL7) in your proposed rules for the immunization registry is predicated on the fact that we in Texas arc looking to be sure what we collect data-wise will interface with similar systems that are coming online nationally and internationally. What we hopefully are preparing to do is have the capability of transferring our information or permitting an exchange of information on an individual child when they either are leaving or coming to our state or doing something here on a temporary basis (studying, engaging in military or job training, etc.). Will this technology not prompt or at least increase the potential for sharing of information that doesnt fit the above criteria, and if so, what safeguards are needing to be erected to prevent the wholesale release of information to another entity which never was envisioned by parents who were told they only were surrendering the data to the state of Texas for use while their child(ren) resides(reside) here up to the age of 21? I likewise am suspicious of what led to designation of providers as agents of TDH for registry purposes in your proposed rules, since the potential ramifications of this also are unclear to me.
Any feedback that you deem appropriate in response to one or all of my observations, recommendations, or questions would be welcome. Thanks for giving consideration to my comments which are hopefully received in a like spirit of openness and genuine interest, since it was with those thoughts in mind that this letter was crafted.