2020-2021 PhilaVax Registration
User Confidentiality Agreement

ALL users must complete this version of the PhilaVax Confidentiality Agreement for annual re-enrollment by September 30, 2020

If you are an existing user completing the annual re-enrollment for PhilaVax, your account will automatically be updated as your paperwork is processed.
1. Background
Pursuant to its public health authority under section 6-210 of the Philadelphia Health Code, the Philadelphia Board of Health has issued Regulations that mandate reporting of immunization data for children 0-18 years of age and adults over 18 years of age to a citywide immunization registry. The Philadelphia Department of Public Health (PDPH), Immunization Program maintains the PhilaVax Immunization Information System (PhilaVax), heretofore referred to as the PhilaVax Immunization Information System (IIS) or PhilaVax, to record all immunization data.

PhilaVax is a secure web-based application that offers medical providers consolidated immunization records for their patients as well as recommendations based on the most recent immunization schedule. PhilaVax can be accessed via the internet (http:///vax.phila.gov). All healthcare providers who administer immunizations in Philadelphia are required to report all vaccine doses, whether supplied by Vaccines for Children (VFC), Vaccines for Adults at Risk (VFAAR) programs or privately purchased.

PhilaVax is available to the employees of Philadelphia health care entities, schools, social service agencies, as well as, PDPH employees and their select representatives. With few exceptions, access is limited to those who serve children and adults within the city of Philadelphia. Employees of any health care entity, authorized agency, or school who will be given access to PhilaVax must complete and sign PhilaVax User Confidentiality Agreement.
2. Confidentiality
Protecting the privacy of patients and the security of information contained in PhilaVax is an important priority for the Philadelphia Department of Public Health.

PhilaVax data are confidential. Breach of confidentiality requirements (See Section V. Access to and Disclosure of PhilaVax Information) will subject the user, health care entity, authorized agency, or school to termination of electronic access to PhilaVax and may result in civil or criminal penalties for improper disclosure of health information. Access to PhilaVax is password-protected with Secure Sockets Layer (SSL) encryption, and the database is protected by firewall from unauthorized access.

PhilaVax is HIPAA compliant. HIPAA regulations do not prohibit covered entities or their business associates from reporting notifiable diseases/conditions or events, such as immunizations, to public health authorities. Submitting data on reportable diseases/conditions or events does not require covered entities to seek patient authorization for release of information, nor to document that information will be disclosed to public health authorities.

The PhilaVax Disclosure Form is available to provide an explanation to patients, parents and/or guardians that information about their immunizations or their child’s immunizations will be recorded in PhilaVax. This disclosure form can be found on the PhilaVax website or by contacting the PDPH Immunization Program. Patients, parents, guardians or legal custodians may opt-out of participation in PhilaVax.
3. Notification
Providers are not required to obtain a release or authorization from patients, parents, or guardians to report immunizations to PhilaVax. Pursuant to its public health authority under section 6-210 of the Philadelphia Health Code, the Philadelphia Board of Health has issued Regulations stating that PDPH “…has the authority to obtain and store medical information, including photocopies of medical records and medical summaries, regarding immunizations governed by this Regulation without a signed authorization from the patient or patient’s representative.”

In addition, HIPAA Section 164.512 (b)(1)(i) allows disclosure for public health activities to “a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability…the conduct of public health surveillance, public health investigations, and public health interventions…”
4. Patient Participation
Every person receiving immunizations in Philadelphia is enrolled into PhilaVax using information derived from the birth record or health care provider.

A patient, parent, guardian or legal custodian can refuse to participate in PhilaVax and may have their record or their child’s record locked by completing the PhilaVax Participation Request Form and submitting the completed form to PhilaVax personnel. PhilaVax personnel will then update the patient’s record to indicate that data is not to be shared. If a PhilaVax user subsequently tries to access that patient record, the user will be unable to view the patient’s immunization history and personal information. Only PhilaVax personnel have the ability to view or unlock a locked patient record.
5. Access to and Disclosure of PhilaVax Information
The patient-level information contained in PhilaVax shall only be used for the following purposes:

• Assist providers and social service agencies in keeping a patient’s immunization status up-to-date including historical validations and recommendations based on a pre-determined schedule.

• Prevent the administration of duplicate immunizations.

• Provide documentation of a patient’s immunizations (as reported to PhilaVax) to the patient, child’s parent, guardian or legal custodian.

• Permit schools to determine the immunization status of students enrolled at that specific school.

• Provide or facilitate third party payments for immunizations (e.g. MCO).

• By PDPH employees or its authorized agents for planning and/or evaluation related to PDPH’s public health functions.

• For PDPH authorized activities limited to matching PhilaVax data to other sources of PDPH data for the advancement of immunization related activities.

PhilaVax data that identifies individual patients will not be disclosed to unauthorized individuals, including law enforcement, without the approval of the Director of the Division of Disease Control. Any request for PhilaVax data (including subpoenas, court orders, and other legal demands) must be brought to the attention of the PhilaVax Manager, who will consult PDPH legal counsel and the originating data source before any data can be released.

IMPORTANT NOTE: Any unauthorized use of PhilaVax data is prohibited, including but not limited to the following:

• Accessing and/or distributing PhilaVax records for any activity other than those outlined above, including (but not limited to) research, presentations, publications, sharing with unauthorized individuals.

• Sharing your PhilaVax login and password with others (even within your organization).

• Integrating PhilaVax data or subsets of PhilaVax data into databases, applications, or other systems.

• Using another person’s PhilaVax login and password.
6. User Participation
Users are defined as anyone with access to PhilaVax, and each user must read, complete and sign the PhilaVax User Confidentiality Agreement prior to gaining access to PhilaVax data. The following table outlines the different types of PhilaVax users and access allowed for each user group type:
• View Demographics & Immunizations indicates the user has permission to view information about the patient, including the patient’s name, date of birth, parent/guardian name, address, telephone number, the entire immunization history and status (i.e., whether or not the child is up-to-date with recommended immunizations).

• Add/Edit Information indicates the user can add new demographic and immunization data to a patient’s record; edit demographic and immunization data previously recorded in a patient’s record; and add a new patient to PhilaVax.

• Clinic and Provider level reports indicates select users have access to run two levels of reports:

1) Clinic Level Reports – includes coverage rate assessments and reminder/recall reports for a specific clinic.

2) Provider Level Reports – includes coverage rate assessments and reminder/recall reports. A ‘Provider’ in PhilaVax includes multiple related clinics (e.g. physician at multiple clinics, health system, etc).

• VFC/VFAAR Vaccine Ordering & Inventory indicates the user can track vaccine inventory and/or order VFC and/or VFAAR vaccines through PhilaVax.

• VFC/VFAAR Annual Online Enrollment indicates the user can submit annual VFC and VFAAR enrollment forms through PhilaVax.

Only those whose assigned work duties include functions associated with the immunization of patients will be given access to PhilaVax information. All personnel including permanent and temporary employees, volunteers, contractors, and consultants will be required to complete and sign a PhilaVax User Confidentiality Agreement before gaining access as a PhilaVax user. Any user that violates this agreement will be subject to revocation of their access privileges and may result in civil or criminal penalties for improper use and/or disclosure of health information.

In order to maintain the security and confidentiality of PhilaVax data, new agreements are to be signed annually by all users.

• The PhilaVax User Confidentiality Agreement must be completed and signed prior to gaining access to PhilaVax data. Once PhilaVax personnel receive the signed agreement and user eligibility is verified, a password will be created and the new user can access PhilaVax via the internet.

• Each person granted access to PhilaVax must have a unique login ID and password.

• Shared login IDs and passwords are not permitted. Users are prohibited from disclosing PhilaVax access codes or protocol to unauthorized persons.

• Users who fail to access PhilaVax for more than 90 consecutive days will have their accounts inactivated by PhilaVax personnel.
PhilaVax: User Confidentiality Agreement *
PhilaVax Username (if a current or previous user)
Last Name *
First Name *
Middle Name
Job Title *
Email Address *
Phone Number *
Fax Number
Organization Name *
VFC/VFAAR Pin (if applicable)
Organization Mailing Address *
National Provider Identification Number (NPI)
Medicaid Provider ID
PA Medical License Number
License Issue Date
License Expiration Date
I am the VFC Ordering/Inventory Contact
I, the undersigned, have read & agree to abide by the PhilaVax Confidentiality Agreement. *
Date of signing *
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy