The CIIS Privacy and Confidentiality Policy applies to all individually identifiable information in all formats, including paper-based and electronic records. Information in CIIS can be released only to:
- The individual or parent/guardian.
- The individual’s health care provider.
- A school, child care center or university where the individual is enrolled.
- A managed care organization or health insurer where the individual is enrolled.
- Hospitals.
- People or entities who have an agreement with the state of Colorado for immunizations.
- The Colorado Department of Health Care Policy and Financing, for individuals enrolled in Medicaid.
Authorized individuals can access immunization information in CIIS only for clinical (including data entry), quality assurance, public health or school entry law purposes. All individuals accessing CIIS are required to treat all information in CIIS as confidential. Any person who releases or makes confidential immunization records public in any unauthorized manner commits a class 1 misdemeanor and upon conviction thereof shall be punished by six to 18 months in jail or a fine of $500 to $5,000, or both. The unauthorized release of each record shall constitute a separate offense.