10-144 C.M.R. ch. 274, § 10 - Collection And Release Of Information

A. The Department may require Immunization Providers to provide and report certain information from Patients' Immunization Records. The Department shall determine, from time to time, what information must be provided to the IIS, and shall determine the means by which such information must be provided. The Department may require all Immunization Providers to submit such information in an electronic format compatible to the IIS.

B. The Department may require Immunization Providers to provide information from a Patient's demographic information. Information provided must include, without limitation, such information necessary to send reminder calls to, place telephone calls to, or personally contact a Patient. The Department shall determine, from time to time, what contact information must be provided to the IIS, and shall determine the means by which such information must be provided. The Department may require all Immunization Providers to submit such information in an electronic format.

C. The Department may exchange information with other immunization registries and/or immunization databases maintained by health maintenance organizations and health insurance companies. The Department may share information with other entities only if the Commissioner or his designee determines that each other specific registry or database has confidentiality protections equal to or surpassing the standards set forth in these Rules.

D. The Department may release and publish information from the IIS only in an aggregate form that does not identify an individual either directly or indirectly.

E. The Commissioner, or his designee, may provide analyses and compilations of Demographic Information and Immunization Records to any interested party upon request, when such information does not identify a Patient, either directly or indirectly. Such requests must be made in accordance with procedures adopted by the Department.

F. The Commissioner, or his designee, may provide analyses and compilations of Demographic Information and Immunization Records to a researcher, when such information does not identify a Patient, either directly or indirectly. The researcher must submit a research protocol describing, at a minimum:

(1) the intended use of the data;

(2) the methodology of the research project;

(3) why access to the information is necessary, and

(4) approval by an official Institutional Review Board.

11. Liability, Penalties, And Protections

A. Intentional or knowing violation of any of these rules by an Immunization Provider may result in a request for disciplinary action by the appropriate licensing and regulatory board which has regulatory authority over the Immunization Provider.

B. Whoever violates any of these rules or fails, neglects or refuses to perform any duties imposed upon that person by these rules is subject to criminal prosecution under Title 22 M.R.S.A. Section47.

C. Nothing in these rules shall be construed to authorize the imposition of civil penalties upon any Immunization Provider which in good faith engages in an unauthorized disclosure of Immunization Information System information.

Notes

10-144 C.M.R. ch. 274, § 10