Tracking COVID-19 Vaccines: U.S. Data Systems and Related Issues




INSIGHTi

Tracking COVID-19 Vaccines: U.S. Data
Systems and Related Issues

January 28, 2021
The U.S. Food and Drug Administration (FDA) has granted Emergency Use Authorizations (EUAs) for
two Coronavirus Disease 2019 (COVID-19) vaccines, sponsored by Pfizer-BioNTech and Moderna, and
millions of vaccine doses are being distributed nationwide. Both vaccines require two doses, which are
generally not interchangeable. Key to this effort, several existing and new data systems are in use to track,
specifically,
where the vaccines supply is: for example, whether vaccines are in a storage center or at
a provider site, through the Vaccine Tracking System (VTrckS);
who has received a vaccine: that is, recipients who have received one or both doses of
which vaccine, through jurisdiction-based Immunization Information Systems (IIS); and
if any new safety issues occur: several monitoring systems aim to identify new safety
issues and inform public health recommendations or FDA actions.
The federal government has long supported data capabilities for vaccines, primarily through the Centers
for Disease Control and Prevention (CDC). As with public health data generally, vaccine data systems use
both federal and nonfederal (e.g., state-based) systems. For a number of years, 64 state, territorial, and
local jurisdictions have received Immunization Cooperative Agreements (commonly referred to as
“Section 317 grants”) administered by CDC. Among other functions, this flexible grant program has
supported implementation of VTrckS for vaccine supply tracking and IISs for vaccine recipient tracking.
IISs (commonly referred to as immunization registries) enable both (1) consolidated immunization
histories for a given individual, and (2) tracking of administered vaccines across the population. IISs also
aid with vaccine reminders, including second-dose reminders. Most, but not all, jurisdictions have had
IISs. New Hampshire created one for the COVID-19 vaccination program.
Recent reports indicate gaps in vaccine recipient data. Policy issues related to vaccine data have been
highlighted for many years. Inadequate immunization history data and limitations with cross-
jurisdictional data sharing have hindered prior public health emergency response efforts. In addition,
existing vaccine data systems, like other public health data systems, sometimes use outdated technology
or processes.
Congressional Research Service
https://crsreports.congress.gov
IN11584
CRS INSIGHT
Prepared for Members and
Committees of Congress




Congressional Research Service
2
To mitigate these and other issues for COVID-19 vaccine distribution, several federal efforts have aimed
to create, improve, and integrate vaccine data systems, including the following:
 the Vaccine Administration Management System (VAMS) for managing vaccine clinics
and allowing providers without existing capabilities to report to CDC and IISs,
 an IZ Data Clearinghouse to encrypt and store data shared by IISs with CDC,
 an Immunization Data Lake to enable data summaries and analytics of both supply and
recipient data, and
Tiberius, a platform to integrate all types of vaccine data for use by federal agencies and
the 64 jurisdictions to manage their vaccine programs.
This Insight presents data systems in use at the time of publication that may be subject to change. They
represent a mix of systems that predate the COVID-19 pandemic and systems developed specifically for
pandemic response. The Biden Administration has identified improving vaccine data systems a part of its
pandemic strategy; goals are broad at this time.
Implementation
State and territorial public health officials have voiced concerns about inadequate pilot testing of new
systems. Other new data systems implemented during the pandemic, such as those for hospital data, have
also faced implementation challenges.
CDC requires COVID-19 vaccine providers to report several types of data, including daily supply to
VaccineFinder and daily recipient data (including demographic information) to IIS, which then report to
CDC within 72 hours of vaccine receipt. Resource constraints may have hindered jurisdictional public
health programs’ ability to implement new systems and reporting procedures. New funding—both broad
immunization and data-sharing specific grants—may help address this, though it is unclear if funding can
be leveraged in time for wider vaccine availability. Surges in COVID-19 hospitalizations may also affect
public health and health care resources available to implement new systems and report new data types.
Privacy, Data Sharing, and Integration
Limitations with cross-jurisdictional immunization data sharing have affected prior public health
emergency responses.
To address this, some personally identifiable information (PII) on recipients is to be
collected, encrypted, and secured in CDC’s IZ Data Clearinghouse to enable data sharing between
jurisdictions and federal agencies through the IZ Gateway. (CDC typically collects de-identified data. PII
held by CDC and other federal agencies is generally subject to the Privacy Act of 1974 [5 U.S.C. §552a]).
Submitted data are encrypted with “privacy-preserving record linkage (PPRL),” where PII is redacted and
replaced with unique tokens that allow for records sharing without PII.
State and territorial public health officials have expressed concern that “many states have laws prohibiting
or limiting data sharing with other entities, including the federal government.” As communicated to CRS
by CDC, all 64 jurisdictions have signed data-sharing agreements with CDC that respond to jurisdictions’
unique concerns; CDC is still in the process of rolling out PPRL, and it has not been implemented in
jurisdictions at this time.
Combining different data types (e.g., both supply and recipient data) through the Immunization Data Lake
and Tiberius can enable program monitoring and decisionmaking at the federal and subfederal levels.
Given that these systems are new, their implementation and usefulness for jurisdictions remains to be
seen.


Congressional Research Service
3

Availability and Communication
CDC publishes aggregate vaccine data in its Data Tracker. HealthData.gov maintains datasets for
Moderna and Pfizer vaccine allocations by jurisdiction. It is unclear what additional vaccine data may be
made available to the public; the Biden Administration has made expanding publicly available datasets a
key goal.
For safety data, commentators have noted that timely and accurate public information on newly identified
safety issues linked to the vaccines is important. CDC’s recent press briefing on severe allergic reactions
linked to the vaccines highlighted this.
Locating Providers and Vaccination Sites
There is no one federal system for patients to access information on where to get vaccinated. The
VaccineFinder is intended to help patients locate providers when vaccines are more widely available,
though providers are not required to make their information publicly available. Some jurisdictions use
VAMS to manage vaccine appointments. For mass distribution events, some states have turned to
unofficial platforms for promotion; some fraudulent event listings have been posted on these sites. The
Biden Administration pandemic response plan mentions vaccination appointment scheduling technology
as a part of its data improvement goals.


Author Information

Kavya Sekar

Analyst in Health Policy




Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff
to congressional committees and Members of Congress. It operates solely at the behest of and under the direction of
Congress. Information in a CRS Report should not be relied upon for purposes other than public understanding of
information that has been provided by CRS to Members of Congress in connection with CRS’s institutional role.
CRS Reports, as a work of the United States Government, are not subject to copyright protection in the United
States. Any CRS Report may be reproduced and distributed in its entirety without permission from CRS. However,
as a CRS Report may include copyrighted images or material from a third party, you may need to obtain the
permission of the copyright holder if you wish to copy or otherwise use copyrighted material.

IN11584 · VERSION 1 · NEW