D. Permitted Uses and Disclosures of
Immunization Registry Information.
1.
Information in the immunization registry is confidential and shall be made
available only to registered immunization providers through their authorized
users. Immunizations providers who have registered for access to the registry
may obtain information from the registry pertaining only to their own
patients.
2. Immunization providers
may use registry information for the following purposes:
a. To provide care and treatment to their
patients;
b. To determine
appropriate and needed immunizations for their patients;
c. To generate reports to review their
practice's coverage;
d. To generate
reminder and recall notices;
e. To
review their practice's immunizations for quality improvement
purposes;
f. To print a patient's
immunization record;
g. To print a
South Carolina Certificate of Immunization for a patient for school and daycare
attendance; and for
h. Other uses
specifically authorized by the Department.
3. Immunization providers and authorized
users may not disclose identifying information obtained from the registry
except as allowed or required by applicable law.
4. The Department may use registry
information for public health purposes, including, but not limited to, the
following:
a. To determine appropriate and
needed immunizations for patients;
b. To print a patient's immunization record
at the request or with permission of an immunization provider;
c. To print a copy of an immunization record
or a South Carolina Certificate of Immunization for a patient and at the
written request of the patient, or a parent or legal guardian of the patient if
the patient is under eighteen (18) years of age;
d. To allow a patient, or a parent or legal
guardian of the patient if the patient is under eighteen (18) years of age, to
obtain a copy of the patient's immunization record through a Department
authorized electronic Patient Portal;
e. To investigate vaccine fraud;
f. To prevent, investigate, and control
outbreaks of vaccine preventable communicable diseases;
g. To conduct epidemiological
studies;
h. To provide data that
does not identify an individual either directly or indirectly for research and
only if the researcher submits a research protocol describing, at a minimum:
the intended use of the data, the methodology of the research project; why
access to the information is necessary, and approval by an official
Institutional Review Board;
i. To
assure the quality of the data entered into the registry;
j. To review the quality of the immunization
practices of immunization providers;
k. To publish aggregate data that does not
identify an individual either directly or indirectly;
l. When deemed necessary by the Director in
the event of a disaster, state of emergency, or public health
emergency;
m. To perform repairs,
maintenance, and updates of the Immunization registry;
n. To provide information needed by law
enforcement officers and agencies in the investigation or prosecution of a
crime;
o. To implement this
regulation, including compliance assistance and enforcement activities;
and
p. To provide immunization
records to the Revenue and Fiscal Affairs Office so that it may provide these
records to health plans of members and enrollees of the health plan who
received immunizations during the time in which they were enrolled in the
health plan. Each immunization record may only be used by health plans for
public health and Healthcare Effectiveness Data and Information Set (HEDIS)
purposes. Health plans shall enter into a data sharing agreement with the
Department and the Revenue and Fiscal Affairs Office prior to receiving
immunization records.
5.
Uses and disclosures by immunization providers or authorized users of registry
information not authorized by this section are prohibited. Nothing in this
regulation authorizes an immunization provider or authorized user to make any
use or disclosure of registry information that is otherwise prohibited by
law.