WellCareTracker (WCT) is a tool used by schools and childcare centers to
document and analyze the timeliness of childhood preventive care services -
primarily immunizations and screens. In it's current form it is not an
electronic medical record in the sense that it is not used in a patient
workflow of providing care, and it does not contain information on patient
problems, allergies, medications, treatments, procedures, etc.
WCT does, however, contain information that can be considered a part of a
medical record. The confidentiality and legality of sharing immunization
information varies from state to state, due to efforts usually related to
development of regional and statewide immunization registries. For
example, in Minnesota, "providers can share immunization data to schools
and child care providers without patient authorization."
Missouri has a similar statute:
For those childcare centers concerned about WCT and HIPAA, first determine
whether your childcare center would be considered a 'covered entity' under
HIPAA; i.e., "a health plan, a health care clearinghouse, or a health care
provider who transmits any health information in electronic form in
connection with a HIPAA transaction." If not, then the Privacy Rule does not
apply. In general, collection and tracking of health data by child care
programs is viewed as it is for schools which are not covered entities
according to HIPAA.
However, if it is determined your childcare center *is* a covered entity,
and if parents are providing the immunization and screenings data to your
childcare center, then parents are giving the childcare center the authority
to access and use that information as per your existing data-sharing
agreement with parents.
WCT does not share child-specific immunization/screening information with
any other entities outside a given center. WCT technical and support staff
do have access to all data for the purposes of website administration and
troubleshooting. WCT has in the past compiled summary reports looking at the
timeliness of immunizations. However, when this is done, all data
identifying either the individual and/or the site is de-identified.
All data-entry and data display functionalities in WCT employ SSL for
secure, encrypted transmission of data.