WPF supports CDC guidance prohibiting use of vaccine recipients’ data for commercial marketing purposes, urges that protections are extended to proof of vaccination systems

WPF’s Executive Director spoke today before the US Center For Disease Control’s ACIP Committee regarding privacy protections for vaccine recipients’ data.

WPF supported the CDC’s prohibition on the use of vaccine recipient data for commercial marketing purposes. The CDC’s Vaccination Program Provider Requirements, published in May 18, 2021, specifically prohibits the commercial marketing use of COVID-19 vaccination registration information, and the vaccine administration data. These prohibitions were warranted, and are important for ensuring patient trust in the public health data ecosystem.

Standard HIPAA rules already prohibit providers from using patient data for commercial purposes. There is now, after many years of HIPAA implementation, a reasonable expectation of privacy regarding in COVID-19 data ecosystems. But very few individuals understand the labyrinthine rules regarding protections in HIPAA-covered ecosystems and those for public health ecosystems. 

WPF urged the ACIP committee to ensure that the same requirements it has already  put in place prohibiting commercial marketing uses of vaccine recipient data will also be required when the data is utilized in vaccine credentialing systems (proof of vaccination). WPF sees significant potential risks for the commercial use of patient registration and vaccination data due to the sheer number of credentialing systems in development across complex public-private pathways.

In addition to oral comments, WPF filed written comments with the committee, which are available on the CDC ACIP docket, and here.

Related Documents: