ALL users must complete this version of the PhilaVax Confidentiality Agreement for annual re-enrollment by September 30, 2019..
If you are an existing user completing the annual re-enrollment for PhilaVax, your account will automatically be updated as your paperwork is processed.
PhilaVax is a secure web-based application that offers medical providers consolidated immunization records for their patients as well as recommendations based on the most recent immunization schedule. PhilaVax can be accessed via the internet (http:///vax.phila.gov). All healthcare providers who administer immunizations in Philadelphia are required to report all vaccine doses, whether supplied by Vaccines for Children (VFC), Vaccines for Adults at Risk (VFAAR) programs or privately purchased.
PhilaVax is available to the employees of Philadelphia health care entities, schools, social service agencies, as well as, PDPH employees and their select representatives. With few exceptions, access is limited to those who serve children and adults within the city of Philadelphia. Employees of any health care entity, authorized agency, or school who will be given access to PhilaVax must complete and sign PhilaVax User Confidentiality Agreement.
PhilaVax data are confidential. Breach of confidentiality requirements (See Section V. Access to and Disclosure of PhilaVax Information) will subject the user, health care entity, authorized agency, or school to termination of electronic access to PhilaVax and may result in civil or criminal penalties for improper disclosure of health information. Access to PhilaVax is password-protected with Secure Sockets Layer (SSL) encryption, and the database is protected by firewall from unauthorized access.
PhilaVax is HIPAA compliant. HIPAA regulations do not prohibit covered entities or their business associates from reporting notifiable diseases/conditions or events, such as immunizations, to public health authorities. Submitting data on reportable diseases/conditions or events does not require covered entities to seek patient authorization for release of information, nor to document that information will be disclosed to public health authorities.
The PhilaVax Disclosure Form is available to provide an explanation to patients, parents and/or guardians that information about their immunizations or their child’s immunizations will be recorded in PhilaVax. This disclosure form can be found on the PhilaVax website or by contacting the PDPH Immunization Program. Patients, parents, guardians or legal custodians may opt-out of participation in PhilaVax.
In addition, HIPAA Section 164.512 (b)(1)(i) allows disclosure for public health activities to “a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability…the conduct of public health surveillance, public health investigations, and public health interventions…”
A patient, parent, guardian or legal custodian can refuse to participate in PhilaVax and may have their record or their child’s record locked by completing the PhilaVax Participation Request Form and submitting the completed form to PhilaVax personnel. PhilaVax personnel will then update the patient’s record to indicate that data is not to be shared. If a PhilaVax user subsequently tries to access that patient record, the user will be unable to view the patient’s immunization history and personal information. Only PhilaVax personnel have the ability to view or unlock a locked patient record.
• Assist providers and social service agencies in keeping a patient’s immunization status up-to-date including historical validations and recommendations based on a pre-determined schedule.
• Prevent the administration of duplicate immunizations.
• Provide documentation of a patient’s immunizations (as reported to PhilaVax) to the patient, child’s parent, guardian or legal custodian.
• Permit schools to determine the immunization status of students enrolled at that specific school.
• Provide or facilitate third party payments for immunizations (e.g. MCO).
• By PDPH employees or its authorized agents for planning and/or evaluation related to PDPH’s public health functions.
• For PDPH authorized activities limited to matching PhilaVax data to other sources of PDPH data for the advancement of immunization related activities.
PhilaVax data that identifies individual patients will not be disclosed to unauthorized individuals, including law enforcement, without the approval of the Director of the Division of Disease Control. Any request for PhilaVax data (including subpoenas, court orders, and other legal demands) must be brought to the attention of the PhilaVax Manager, who will consult PDPH legal counsel and the originating data source before any data can be released.
IMPORTANT NOTE: Any unauthorized use of PhilaVax data is prohibited, including but not limited to the following:
• Accessing and/or distributing PhilaVax records for any activity other than those outlined above, including (but not limited to) research, presentations, publications, sharing with unauthorized individuals.
• Sharing your PhilaVax login and password with others (even within your organization).
• Integrating PhilaVax data or subsets of PhilaVax data into databases, applications, or other systems.
• Using another person’s PhilaVax login and password.
• Add/Edit Information indicates the user can add new demographic and immunization data to a patient’s record; edit demographic and immunization data previously recorded in a patient’s record; and add a new patient to PhilaVax.
• Clinic and Provider level reports indicates select users have access to run two levels of reports:
1) Clinic Level Reports – includes coverage rate assessments and reminder/recall reports for a specific clinic.
2) Provider Level Reports – includes coverage rate assessments and reminder/recall reports. A ‘Provider’ in PhilaVax includes multiple related clinics (e.g. physician at multiple clinics, health system, etc).
• VFC/VFAAR Vaccine Ordering & Inventory indicates the user can track vaccine inventory and/or order VFC and/or VFAAR vaccines through PhilaVax.
• VFC/VFAAR Annual Online Enrollment indicates the user can submit annual VFC and VFAAR enrollment forms through PhilaVax.
Only those whose assigned work duties include functions associated with the immunization of patients will be given access to PhilaVax information. All personnel including permanent and temporary employees, volunteers, contractors, and consultants will be required to complete and sign a PhilaVax User Confidentiality Agreement before gaining access as a PhilaVax user. Any user that violates this agreement will be subject to revocation of their access privileges and may result in civil or criminal penalties for improper use and/or disclosure of health information.
In order to maintain the security and confidentiality of PhilaVax data, new agreements are to be signed annually by all users.
• The PhilaVax User Confidentiality Agreement must be completed and signed prior to gaining access to PhilaVax data. Once PhilaVax personnel receive the signed agreement and user eligibility is verified, a password will be created and the new user can access PhilaVax via the internet.
• Each person granted access to PhilaVax must have a unique login ID and password.
• Shared login IDs and passwords are not permitted. Users are prohibited from disclosing PhilaVax access codes or protocol to unauthorized persons.
• Users who fail to access PhilaVax for more than 90 consecutive days will have their accounts inactivated by PhilaVax personnel.