Wyo. Code R. 048-0071-5
Effective Date: 02/07/2018 to Current
Rule Type: Current Rules & Regulations
Reference Number: 048.0071.5.02072018
The Wyoming Department of Health (Department) promulgates this chapter under the authority granted by Wyo. Stat. Ann. §§ 35-1-240 and 35-4-101.
This chapter establishes the Wyoming Immunization Information System (IIS).
This chapter applies to the IIS established by the Department, its administrators, public health care organizations, enrolled organizations and their staff, schools, child caring facilities and authorized users.
(a) The IIS shall meet the Centers for Disease Control and Prevention (CDC) Immunization Information System Functional Standards, 2013-2017, effective December 14, 2012, and updated February 2016, which have been incorporated by reference under Chapter 1 of these rules.
(a) An organization shall enroll with the IIS as determined by the Department if the organization:
(i) Employs, is owned or controlled by a primary health care provider that administers vaccines; or
(ii) Contracts with an organization that employs a primary health care provider that administers vaccines.
(b) An organization may enroll with the IIS if the organization:
(i) Is not included on the Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE); and
(ii) Displays an ongoing need to access data from the IIS for the purpose of treatment, payment, or operations.
(c) To enroll with the IIS, a responsible authority or the responsible authority's designee for the organization shall:
(i) Submit a request for organizational enrollment using the form and process established the Department;
(ii) Identify an individual as the organizational contact for the IIS;
(iii) Identify facilities under the jurisdiction of the organization that are requesting access to the IIS; and
(iv) Identify an individual to serve as the facility contact for each facility under the jurisdiction of the enrolled organization.
(d) The Department shall approve a request for organizational enrollment with the IIS if the Department finds that the organization is able to satisfy the conditions imposed under this chapter.
(e) If the organization has been approved for enrollment with the IIS, a responsible authority for the organization shall complete an enrollment agreement prior to being granted access to the IIS.
(a) An organization contact for an enrolled organization shall facilitate the completion of the IIS enrollment agreement.
(a) A facility contact shall complete the following for their facility using the forms and process established by the Department:
(i) Requests for authorized users;
(ii) Change request to authorized user access levels; and
(iii) Report authorized users no longer employed by the organization within 24 hours.
(a) A facility contact may request for an individual to become an authorized user using the form and process established by the Department.
(b) An individual is eligible to become an authorized user if the individual:
(i) Is not included on the OIG LEIE; and
(ii) Is a current employee of the enrolled organization.
(c) If the Department approves an individual to become an authorized user following verification of eligibility and the source of the request, the Department shall assign the authorized user an access level in accordance with the IIS Authorized User Policy (IMM-003), which has been incorporated by reference under Chapter 1 of these rules.
(a) An authorized user shall:
(i) Agree to the End User License Agreement according to the frequency and method established by the Department; and
(ii) Act in accordance with:
(A) The IIS Authorized User Policy (IMM-003); and
(B) The standards required by applicable law for the security of protected health information.
(b) An authorized user may only access the IIS for the following purposes:
(i) To enter immunization information;
(ii) To determine appropriate immunization;
(iii) To confirm compliance with mandatory immunization requirements;
(iv) To control disease outbreaks;
(v) For treatment purposes; or
(vi) For program oversight.
(a) To achieve interoperability between the IIS and the electronic health record (EHR) system utilized by the organization or its facilities, a responsible authority or his designee for the organization shall:
(i) Submit a request for interoperability with the IIS using the form and process established the Department; and (ii) Identify an individual to serve as the project lead for each facility. (b) The facility project lead shall: (i) Identify a project team for the facility; (ii) Demonstrate the EHR system's ability to comply with the Health Level Seven (HL7) protocol specifications established by the Department; and (iii) Ensure compliance with the interoperability processes and procedures established by the Department.
(a) A primary health care provider that administers immunizations shall: (i) Report immunization information to the IIS within thirty (30) days of administration using one of the following methods: (A) Direct online entry into the IIS; (B) Secure transmission of electronic files from an EHR using HL7 messaging in accordance with the specifications established by the Department; or (C) Submission of a data file in the format established by the Department; and (ii) Ensure that submitted immunization information is accurate and meets the data quality threshold established by the Department.
(a) The Department may suspend or terminate an organization's or facility's enrollment with the IIS if the organization or facility is unable to satisfy the conditions imposed under this chapter or the enrollment agreement. (b) The Department may suspend or terminate an authorized user's access to the IIS if the authorized user violates the following: (i) IIS Authorized User Policy (IMM-003); (ii) End User License Agreement; or (iii) Any other Department policy.
(a) A patient or parent, may request an exclusion of his or his child’s immunization information from the IIS by completing the Use and Disclosure Restriction (F-12) form available at https://health.wyo.gov/admin/privacy/and and made available by the Department upon request.
(i) The Department may not retain individually identifiable information in the IIS for a patient listed on an approved Use and Disclosure Restriction (F-12) form.
(ii) Immunization information shall be maintained in aggregate format.
(a) A school or child caring facility may enroll with the IIS for the purpose of meeting the requirements established in Chapter 4 of these rules.
(b) A school or child caring facility administrator may request for an individual to become an authorized user in accordance with Section 8 of this chapter.
(c) A school or child caring facility administrator is responsible for ensuring that authorized users act in accordance with Chapter 4, Sections 8 and 9 of these rules.
The Department may designate an authorized user to enter immunization information into the IIS from an immunization record in accordance with the Department’s policy for Creating/Editing IIS Records from an Official Immunization Record Policy (IMM-004), which has been incorporated by reference under Chapter 1 of these rules.
When the State Health Officer authorizes the ordering of vaccines in response to a public health emergency, a primary health care provider who receives or administers such vaccines shall enter immunization information into the IIS within the time frame designated by the State Health Officer.