An immunization registry is a component of an electronic health record (EHR) system that supports the centralized storage and retrieval of immunization events and patient immunization profiles. Within the EHR Solution (EHR) blueprint, immunization registry services are considered to be part of the collection of services provided by the shared health record.
The Infoway pre-implementation immunization registry certification is relevant to health information technology solutions involved in immunization registries at the national, jurisdictional, regional or local level, providing comprehensive and unambiguous immunization information.
The immunization registry pre-implementation certification allows for assessment of an immunization registry application alone, or as an application-based service offering.
The pre-implementation assessment criteria include:
- Generic Criteria, applying to all classes of health information technology application or application-based service (for example, certain requirements having to do with privacy and security.
- Interoperability Criteria, which specifically apply to an immunization registry.
The criteria have been developed in consideration of an immunization registry being available in one of two ways:
- As an application component to be integrated into an EHR system, and operated by the implementing jurisdiction
- As an application-based service to be hosted by a vendor, and integrated with a jurisdiction’s EHR systems.
When the criterion states: “Organizations providing applications or services must…” or “Applications or services must…” then the criterion applies whether the application is hosted (ASP model) or operated by the end-user.
When the criterion states: “Organizations providing services must…” then the criterion only applies when the organization is providing an ASP model service, and the criterion applies to the organization itself, rather than the application.
The key factor, which in most cases determines the applicability of a criterion, is whether or not the organization seeking certification will become a custodian of personal information. If not, then many of the organization-related generic criteria are not applicable.
These criteria use the phrase “personal information” to mean any personal information maintained by the application or service about the subjects of health care. Therefore, even basic demographic information falls into the category of “personal information” and is therefore subject to the requirements of these criteria.
The framework for the assessment criteria is shown in the table below. It consists of two classes of criteria:
Solution – Refers to the aspects of privacy, security and interoperability that need to be assessed.
Management – Refers to how the organization providing the product manages risk, data, system security, as well as third party solutions and services.
|Immunization Registry Assessment Criteria|
Identifying purposes & limiting collection
Limiting use, disclosure & retention
User identity management
Third party services