States balk & authorities dissemble as CDC demands personal info on Covid-19 vaccine recipients

US states looking to obtain Covid-19 vaccines are being asked to give extensive details on jab recipients to the Centers for Disease Control – data many worry is ripe for abuse – according to the contract they’re required to sign.

Several states have balked when confronted with the CDC’s Data Use and Sharing Agreement (DUA), which they are asked to sign in order to receive their allotment of any Covid-19 vaccine approved by the Food and Drug Administration. The agreement requires the state or territory to turn over the names, addresses, birthdates, and ethnic profiles of jab recipients – and gives the CDC a disturbingly free hand to do what it wishes with that information.

The agency has tried to downplay the volume of information it is demanding from states, explaining in the DUA that it “has sought minimally necessary data elements for the public health purposes,” forgoing such juicy bits as “social security numbers, driver’s license numbers, or passport numbers.” While admitting that further information could be collected from jab recipients in the future, the CDC insists “any changes to the data elements will be in consultation with” local governments.

While the data-sharing agreement seeks to reassure states that all personally identifying information will be protected en route to the centralized government database that will store the data, the CDC reportedly has not yet adopted an encryption system capable of securing that data, and the possibility of breaches is very real. The CDC has pledged to notify affected jurisdictions within an hour if personally identifiable information is stolen, and within 24 hours if a breach involves “non-personally identifying information.” Both possibilities look disturbing to those who recall stories about March’s mega-hack into the CDC, National Institutes of Health, and World Health Organization.

Even if security measures function as intended, some privacy-conscious local governments are worried by the sheer number of health officials, private contractors, tech support people, and “other agents” who will receive “authorized user” status and access to states’ supposedly private information. Even the former head of the CDC’s immunization program, Dr. Walter Orenstein, told the New York Times he didn’t understand why the agency needed access to states’ personally identifiable health data.

The CDC has promised not to use vaccination data to “market commercial services to individual patients or non-patients, to assist in bill collection services, or for any civil or criminal prosecution,” including immigration enforcement, an issue New York Governor Andrew Cuomo specifically cited last month in explaining why he had not signed over New York’s vaccination data. 

Other states, like Pennsylvania, have laws on the books that would normally prohibit them from sharing patient health information, even with federal authorities.

Warp Speed personnel revealed last week that 17 of the 68 US “jurisdictions” had not returned their signed DUAs to the CDC, and while program officials acknowledged during a Monday presser that “a handful” of jurisdictions remain outstanding, they claimed the holdouts would sign and return their agreements by the end of the week.

Those agreements might be missing data the CDC has demanded – Minnesota, for example, has pledged it will not submit patients’ “name, ZIP code, race, ethnicity or address.” Instead, the state will submit “de-identified doses-administered data,” according to a spokesman for the Minnesota Department of Health.

The dispute remains academic for now, as the Food and Drug Administration has not yet given emergency authorization to any of the leading Covid-19 vaccine candidates. However, frontrunner Pfizer, whose vaccine has already been approved by the UK, has “pre-positioned” shipments of its formula across the US. Operation Warp Speed military director Army General Gustave Perna confirmed that the administration hopes to begin vaccinating people within 24 hours of the jab’s approval, putting further pressure on the FDA to green light the drug.

Previous efforts to create a federal vaccination database have been spiked for violating Americans’ privacy. Warp Speed officials have attempted to frame the unprecedented medical tracking of Americans as a “whole of America approach” to vaccination, and the Department of Health and Human Services has – somewhat belatedly – announced it is “exploring solutions” to protect privacy. However, the National Governors Association has warned that mass data collection will only increase vaccine hesitancy and distrust of medical authorities, a major issue given that fewer than half of Americans are willing to be among the first group to take a jab that has been rushed to market in under a year.

Via https://www.rt.com/usa/509053-cdc-vaccine-data-privacy-states/