Madison Area Lyme Support Group

HR 550 is a Wolf in Sheep’s Clothing

We’ve heard the term disinformation before. The Immunization Infrastructure Modernization Act, HR 550 is swimming in it. After sending out our last campaign to make people aware and activated about this bad bill, we received a ton of feedback from Advocates hearing back from lawmakers who supported the bill. The talking points were eerily the same. They also claim the opposite of plain language in this bill, like Orwellian Newspeak.

Before we dig into myth-busting this bill, it’s important to understand what the Immunization Infrastructure is. In short, it is the bones upon which a vaccine mandate could rest. An infrastructure ties together physical or digital components to create a framework and support system for an end goal. A common example would be a highway system—individual roads across states would be strengthened or built to combine into a seamless system for travel through the entire country. An infrastructure creates relationships between separate systems, like the Constitution did for our Colonies. When stakeholders like politicians and corporate philanthropists or contractors discuss the “immunization infrastructure,” as this bill is titled, they are talking about strengthening the systems already in place to get people vaccinated.

HR 550, is aiming to “modernize” already-in-place individual immunization registries, or Immunization Information Systems (IIS), as the databases are called. In this digital age, modernization calls from a federal (central) government mean standardization of tech and expansion of storage capabilities to get up to speed with the amount of data there is, how fast we want it to travel, and to where. This is why the bill explicitly states the $400 million for grants are to be given out only on the condition local IISs adopt CDC standards, including “interoperability” and “bidirectional” data transfer. This is the way the federal government makes its way into local policy and lawmaking—by conditioning federal handouts on compliance with federal policy. It’s passive aggressive bullying with our tax dollars. “Everyone gets this nice thing, except for the people who don’t do what I say.” To illustrate, the drinking age is 21 in every state, despite it being state law, because that age was tied to federal funding for highways. The federal government doesn’t have to make a law about local rules (that would be fought as overreach) if they simply give out money conditioned on compliance.

IISs are older than HIPAA. They sprung up when EHR (electronic health records) were being developed in the 70s were adopted faster. IIS and EHR are separate systems, but they intertwine. IIS are “local” to a geographic area like a state, but they were an initiative of the CDC, along with funding from the Robert Wood Johnson Foundation, to address concern that children weren’t getting all the ACIP vaccinations. So, in essence, one could say, the first health metric the government worked on tracking digitally was vaccine use. The technology for a large, multi-jurisdictional centralized database wasn’t yet available, so the CDC funded states to set up their own.

Here is the CDC’s strategic plan for “local” IISs, as laid out in 2017:

IIS Vision: Real-time, consolidated immunization data and services for all ages are available for authorized clinical, administrative, and public health users and consumers, anytime and anywhere.

IISSB Mission: Maximize protection against vaccine-preventable diseases by leading the advancement of immunization information systems (IISs).[i]

Very clearly, the IISs are the data arm (infrastructure) of a federal plan to vaccinate as many people as possible.

Myth #1: This Act would NOT create a federal vaccine database or tracking system.

It doesn’t have to. That infrastructure is already in place and under development. (In fact, one would wonder if instead of a centralized database, the technology might be pointing in the direction of a decentralized blockchain data system.) There is no need for a bill to create a central federal database. Instead, this bill would link everything together under CDC oversight. From the horse’s mouth: “IISs have matured individually…However, IISs are increasingly viewed as one national network of systems.”[ii]

What this bill would create is more access for CDC for your immunization data, and the need for states to follow CDC recommendations or get cut off from federal funding. Does data access have to be centralized to be an invasion of privacy and federal overreach? No. “The present pandemic is the first time near real-time vaccination data has been shared with the CDC to provide comprehensive surveillance at the federal level. These data are primarily coming from IIS.” This statement was testimony by Rebecca Coyle, Executive Director of the American Immunization Registry Association (AIRA), which promotes development and implementation of IIS around the country along with close collaboration with the CDC. She continued, “The Immunization Infrastructure Modernization Act, HR 550, legislation by Representatives Annie Kuster and Larry Bucshon will provide the needed national framework for IIS operations.”

The bill itself states the HHS Secretary shall support adoption of the IIS standards of the CDC. The Secretary shall enhance capabilities of IIS “to evaluate, forecast, and operationalize clinical decision support tools in alignment with the recommendations” of the ACIP, a federal advisory committee with no public accountability, which states are not mandated to follow, but would be required to “operationalize” if they receive grant money under this bill. Does this language mean if a state does not follow the ACIP childhood or adult immunization schedules, the state would be disqualified from grant money from the federal government? That isn’t explicitly stated in the bill, but it wouldn’t be prohibited either. The language of the bill as passed by the House begs that question. Since the $400M can go to either localities with IIS, or public-private contracts for implementation, for argument’s sake, let’s say that money is divided equally and 50 states could apply for $200M. That approximates $4M per state to “modernize” their IIS. (Federal grants never work this cleanly, but this is a thought exercise.) What state will turn down $4M in federal money to update health data technology, especially during a “pandemic”?

The National Adult Immunization Plan notes that “IIS have the potential to act as a centralized repository of adult vaccination records.” NAIP strategy includes “expand[ing] IIS and EHR functionality to facilitate interstate immunization data exchange through a centralized hub.” The Plan also tells us the Office of the National Coordinator for Health Information Technology in HHS is working on a national “data hub” to enable “state and local IIS to exchange data with each other through a centralized model…By connecting to the central hub, jurisdictions can then connect to any other jurisdiction also connected to the centralized hub.”

HR 550 does not mention this centralized data hub. But Plans and documentation from the agencies charged with carrying out HR 550, along with stakeholders like AIRA, have been talking about it for a long time.

“Public health agencies have been using IIS for more than twenty years to consolidate a complete immunization record for the people within their jurisdictions, and to provide that data to authorized users through standardized, electronic means.”[iii]

Myth #2: This bill increases privacy of immunization records.

The main sponsor of the bill, Democrat Annie Kuster from New Hampshire, introduced the bill by noting the IIS system is used “to remind patients when they are due for a recommended vaccine.”[iv] This is also a stated goal of the National Adult Immunization Plan. What kind of privacy is that?

Rebecca Coyle, Executive Director of the American Immunization Registry Association, testified in front of the House Energy & Commerce Health Subcommittee in June 2021 that “At the point of clinical care, an IIS can provide consolidated immunization histories to determine appropriate patient vaccinations for use by a vaccination provider.” There is no way that can happen with deidentified data. The data must be linked to the individual in a multi-jurisdictional way, for the immunization history to be displayed in an electronic record for an individual who may go to different providers, move to different states, change names through things like marriage, etc. Remember, the CDC encouraged states to adopt their own IISs because they wanted more children vaccinated. How can you vaccinate more children based on collected data if you don’t know who is vaccinated (and when, and how many times) and who is not? The point of the system is to collect individualized data so government can get individuals vaccinated at the “point of clinical care,” meaning when an individual is in a doctor’s office. You don’t get much more private than that. The data collected by IIS is not simply “population level.” It is individually identifiable information. The federal government can claim they can’t or won’t access that information. Do you trust that? Why would the sponsor of the bill crow about the individualized capabilities of the system if the federal government isn’t going to have access to that?

Section (a)(1)(B)(vi) of the bill states the HHS Secretary shall support adoption of the IIS functional standards of the CDC “and the maintenance of security standards to protect individually identifiable health information as defined in section 160.103 of title 45 CFR.” States have their own privacy provisions for their own IISs, but this section tells the HHS Secretary to support adoption of federal security standards for PHI as explained in the Public Welfare Code. There, PHI is defined as “individually identifiable health information” except that which is covered by FERPA, the Family Educational Rights and Privacy Act, and “in employment records held by a covered entity in its role as employer.” So the security standards to be adopted exempt certain educational and employer records from HIPAA entities from privacy law.

Myth #3: This bill reigns in reckless Democrat spending.

There are claims that this bill will reign in the distribution of $500M from the Democrat-backed American Rescue Plan allocated for upgrades to IIS, “without guardrails.” However, this bill allocates $400M for the HHS Secretary to give out at his discretion for localities to modernize (or initiate) their IIS structure, or for public-private contracts to facilitate the same. There is nothing in this bill that modifies the American Rescue Plan.

Myth #4: This bill was Republican-led.

The bill was introduced by Democrat Annie Kuster from New Hampshire on January 28, 2021. Republican Larry Buschon signed on as an original cosponsor. There are 13 other cosponsors, 3 Republican. All House Democrats voted for this bill along with 80 Republicans; 130 Republicans voted against and 3 abstained. This bill is bipartisan at best. To say it is Republican-led is misleading.

It would be more accurate to say the opposition is Republican-led.

Based on a reading of the bill, and a knowledge of the history of the federal efforts for an immunization infrastructure, the Republicans who voted yes on this bill are either recklessly uninformed, or knew exactly what they were doing and are now selling the public an Orwellian bill of goods. Neither is good.

Myth #5: This bill has nothing to do with unconstitutional federal vaccine mandates or a digital health pass.

This bill has everything to do with mandates and digital health passes. It is the legal infrastructure, so to speak, for the digital infrastructure. At this point, most of the immunization data collection is local. The federal government is not collecting it directly and needs to rely on localities to pass it along. The technology for mass health data collection and transfer of that information is still evolving and was certainly not in place in the 70s when the digital groundwork was being laid for IIS. Vaccine passports are still in development and one of the hurdles is access to information. At this moment, the Biden Administration is asserting they would not support digital passports, but president-Elect Biden also stated he did not think the federal government should mandate vaccines until he changed his tune in office. And if the White House changes their mind on passports as well, HR 550 is exactly the bill they would need to make it legit through the legislative process, rather than facing legal challenges for federal overreach as they are now with mask and vaccine mandates through arms like OSHA and CDC.

The CDC has been exploring “Smart Health Cards” along with AIRA and private organizations for years. Here’s an excerpt from a recent Discovery Session:

“AIRA, as well as several member and partner organizations, have signed on as VCI with the belief that IIS can and should play a significant role as issuers of digital or paper vaccine credentials, and that broader consumer access to immunization information supports health equity and empowers individuals to share their health information as they choose.”[iv]

Additional Resources

Below is a great summary of H.R.550 from Dawn Richardson’s perspective. Dawn is the Director of State Advocacy for National Vaccine Information Center (NVIC) and has a show “Advocacy Lifeline,” on CHD TV, every Monday at 2:30pm. Tune in to hear her perspective of the bill starting at the 3 minute and 30 second mark.