Immunization Information Systems: Policy Trends and Opportunities
April 27, 2026 | Shalini Nair, Andy Baker-White
Immunization Information Systems (IIS) play a central role in the nation’s vaccination infrastructure, serving as the backbone for understanding coverage, identifying gaps, and supporting coordinated provider and public health action. While recent changes at the federal level present a challenge, it also gives states the opportunity to enhance their IIS infrastructure to ensure data-driven decisions remain at the center of immunization programs.
Balancing Policy, Privacy, and Public Health
IIS are governed through a combination of federal guidance, state laws, and local policies. While CDC outlines standards and provides some funding to support IIS operations, each state or territory determines its own participation rules, reporting requirements, and data-use policies. Some jurisdictions mandate reporting for all providers, others allow opt-in or opt-out participation, and rules around data access, privacy, and sharing differ. Together, these frameworks shape the completeness, representativeness, and utility of IIS data, ultimately helping jurisdictions understand vaccination rates, identify needs, and improve clinical decision-making.
During the 2026 session, at least six states introduced legislation aiming to modify IIS policies, participation, and reporting practices, highlighting both challenges and opportunities to maximize the value of these systems.
Consent to Enroll
Opt-in and opt-out policies determine how individuals are enrolled in IIS and directly influence the completeness and utility of vaccination data. According to recent data on IIS policies, 43 jurisdictions operate under opt-out policies for children and at least 42 do so for adults, while a smaller number require participation and do not permit opt outs.
Several states recently proposed legislation that illustrate the spectrum of approaches to modifying IIS enrollment policies. In New Jersey, S 2987 would require automatic registration in the IIS when a vaccine is administered unless the individual explicitly opts out. Additionally, the bill would give the Commissioner of Health the authority to deny nonparticipation in the registry during declared public health emergencies and outbreaks — strengthening public health’s ability to track and administer vaccinations. In contrast, New Jersey’s S 2434 takes the opposite approach and would remove the automatic enrollment of newborns into the IIS. In Mississippi, SB 2533, which failed in committee, sought to strengthen opt-out protections by requiring written notice of rights before inclusion in the IIS and introduced civil and licensing penalties for providers failing to provide such notice to patients.
Opt-in policies emphasize informed participation by requiring individuals to actively consent to their data being included in IIS. However, because enrollment of an individual in an IIS depends on this additional step, these policies can also limit the completeness of IIS records and effectiveness of public health planning and response. Automatic enrollment maximizes IIS participation, enhancing data quality and the system’s value for evidence-based decision-making.
Provider Reporting and Data Access
Similarly, provider reporting and data access policies also play a key role in improving the completeness and accuracy of IIS data. At least 34 jurisdictions require providers to report vaccinations to the IIS, with varied specifications based on age, provider, type of vaccine, or specific circumstance. High-quality data allow clinicians and others to make informed vaccination decisions at the point of care, prevent missed or duplicate doses, and support broader public health monitoring.
At least three states have introduced bills that would broaden the scope of available data in IIS. In Arizona, SB 1769 would expand reporting requirements to include vaccines administered to adults, increasing the comprehensiveness of IIS records across age groups. In New York, S 4536 would require that an IIS include data on vaccine exemptions reported by health care providers. While this bill is intended to help identify medical exemption patterns, it would also support a more complete picture of immunization coverage and reasons individuals are choosing not to get vaccinated. Michigan’s HB 5486 would require health care providers to report adverse events to the state IIS. While intended to support transparency around vaccine-related issues, this approach may place additional reporting burdens on providers and duplicate existing federal vaccine safety monitoring systems. As a result, the requirement may create challenges for IIS infrastructure without benefit to established vaccine safety processes. In conjunction, the bill also limits the ability of school systems to access the registry.
Although designed to prioritize individual consent, policies altering reporting or access to records can reduce the utility of IIS as a tool for safeguarding community health and preventing vaccine-preventable disease transmission in group settings. Schools, for example, often rely on timely immunization records to ensure compliance with entry requirements, identify students who need catch-up vaccinations, and respond quickly during outbreaks. For these reasons, both robust provider reporting policies and maintaining appropriate access to records are critical to maximizing the usefulness of IIS for public health decision-making related to immunization.
Utilizing IIS for Public Health Impact
As state and federal policies continue to evolve, IIS are increasingly positioned as a critical tool for public health. Recent and ongoing legislative efforts demonstrate that states are actively considering how IIS function and how data are used for public health impact. By utilizing IIS strategically, states can improve vaccination coverage monitoring, target interventions more effectively, and respond rapidly to outbreaks, underscoring IIS as a dynamic tool for protecting communities and advancing public health.
Looking ahead, legislative interest in IIS is likely to continue as policymakers consider additional approaches to addressing infrastructure and utility. Emerging policy areas may include consumer access to personal immunization records, IIS interjurisdictional data sharing, and how IIS data can be used across sectors such as health care, schools, and public health agencies. As these policy conversations evolve, IIS will remain central to state efforts to modernize immunization infrastructure and support more coordinated, data-driven public health action.
ASTHO will continue tracking legislative actions on this important public health issue.