Section 40. Patient confidentiality  

A. Access to VIIS information is authorized only under the condition that access to individual immunization information is required to perform the participant's job function.

B. Participants shall not conduct any activity that jeopardizes the proper function or security of VIIS. They shall use patient data only as authorized by law and this chapter and must immediately notify the patient and VDH of any breach of personal privacy or confidentiality.

C. Patients shall have the opportunity to opt-out of VIIS by doing one of the following:

1. Contacting their health care provider to allow the viewing of their immunizations only by that provider who administered them; or

2. Contacting VDH in writing requesting to be taken out of VIIS and have their record no longer viewable.

D. Patient immunization records shall not be copied except for authorized use. These copies shall not be left where they are visible by unauthorized personnel and shall be shredded before disposal.

E. VIIS records shall be treated with the same confidentiality and privacy as any other health record. Any inappropriate use of VIIS records shall result in immediate suspension of participant privileges and an investigation conducted by VDH. Additional actions may be taken pursuant to § 32.1-27 of the Code of Virginia. The VIIS program manager may reinstate privileges.

F. Nothing in this chapter alters the provision in 45 CFR Part 164 that permits covered health care entities to disclose protected health information to a public health authority without individual authorization.