State flag of Tennessee An official website of the Tennessee Secretary of State.

STATEWIDE IMMUNIZATION INFORMATION SYSTEM (TennIIS)

RDA Number
10096
Effective Date
Record Series Abstract
DOCUMENTS IMMUNIZATION EVENTS AND ADVERSE REACTIONS TO IMMUNIZING AGENTS, MONITORS VACCINE USAGE AND DISTRIBUTION, AND ASSURES FOLLOW-UP OF CHILDREN WHO MISS SCHEDULED IMMUNIZATIONS.
Record Series Active
Yes
Cut Off at End of
Other
If Other, Explain
Upon death of patient
Total Retention Years
100
Total Retention Months
0
Retention End Action
Permanent
Disposition Notes
These records are generated in electronic format, the files are cut off upon death of patient, then inactivated in the Immunization Information System (IIS).
Allotment Code
34349
Record Location
IMMUNIZATION REGISTRY (AMAZON CLOUD SERVERS)
File Arrangement
alpha & numeric
Date Range
1993 TO CURRENT
Annual Accumulation
130 GB
Current Volume
360 GB
Record Value
Administrative
Audit Requirements
State
Information Shared Outside the State
Yes
Shared Agencies
Authorized immunization providers in TN and those located in the bordering states that provide immunizations to TN residents. Authorized school systems and other state agencies may also be granted access to the IIS.
Essential Record
Yes - Original
Essential Record Stored
Amazon Cloud Services Backups STCs backup policy for AWS environments consists of two layers. These two layers retain the environment at both the server and data levels. Backups are an additional safeguard on top of the disaster recovery policy outlined. The first layer is an instance snapshot that runs nightly. This captures the state of the instance at the point in time the snapshot is performed. Snapshots that are taken from encrypted volumes are automatically encrypted. The retention period for these snapshots will be 1 week. Amazon EBS Snapshots The second layer of backups includes an Oracle Database backup that is pushed to AWS disk storage (S3), which is mirrored across multiple data centers. These backups will include full weekly backups, incremental nightly backups, and hourly log backups. The retention period for these backups will be 4 weeks. Test recoveries from these backups will be conducted periodically to ensure the reliability of backups.
Essential Record Media Type
Electronic
Confidential
No
Confidential Legal Citation
Tenn. Code Ann. 37-10-401 (c) Tenn. Code Ann. 10-7-504 (a)(1) Tenn. Code Ann. 10-7-504 (4)(A) Tenn. Code Ann. 10-7-504 (9)(C) Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191 45 C.F.R.Part 160,Part 162, andPart 164.
Does this Record Series Contain Sensitive Information?
No
Agency Retention
100 years
Records Center Retention Period
0
Record Sample PDF
1367.sample.pdf814.6 KB
System Name
The IIS is hosted on the Amazon Web Services (AWS) platform known as TennIIS
Hardware Description
The IIS is hosted on the Amazon Web Services (AWS) platform. This is a cloud-based Platform as a Service (PaaS)
Software Description
Oracle Database, Web Browsers
System Location
The IIS is hosted on the Amazon Web Services (AWS) platform. This is a cloud-based Platform as a Service (PaaS) environment that provides significant hardware, networking and security capabilities. Other documents delve into the specifics of the environment and its features in more details. The diagram below provides a high-level view of the hosting deployment. One of the key features for security purposes is the Virtual Private Cloud (VPC). This is a hardware and software barrier that restricts who can access the resources and how they can be accessed. Within the VPC are the physical servers for the IIS. These comprise the web application servers and database servers. Each server type is configured in pairs to provide redundancy and failover capabilities. Security features, backup procedures and business continuity processes are detailed further in their respective documents.
Backup Procedures
Backups STC's backup policy for AWS environments consists of two layers. These two layers retain the environment at both the server and data levels. Backups are an additional safeguard on top of the disaster recovery policy outlined. The first layer is an instance snapshot that runs nightly. This captures the state of the instance at the point in time the snapshot is performed. Snapshots that are taken from encrypted volumes are automatically encrypted. The retention period for these snapshots will be 1 week. Amazon EBS Snapshots The second layer of backups includes an Oracle Database backup that is pushed to AWS disk storage (S3), which is mirrored across multiple data centers. These backups will include full weekly backups, incremental nightly backups, and hourly log backups. The retention period for these backups will be 4 weeks. Test recoveries from these backups will be conducted periodically to ensure the reliability of backups.
Disaster Recovery
Due to the additions/modifications to select AWS features involving how disaster recovery is handled; the business continuity plan and checklists will be a dynamic process. In addition to the above checklist, STC has created the following plan to address any service issues that occur during normal business hours (8AM-5PM AZ time) as well as outside of normal operating hours. This plan will be executed by an assembled cloud services team with expertise in cloud resources and infrastructure, application knowledge, and database structure. 1. When a service issue occurs during normal STC operating hours, the client will need to call the primary help desk number (844-206-9927)or the STC afterhours number (844-223-7520). The help desk person will then communicate the issue directly to the cloud services team. If an outage is identified outside of business hours, the client is instructed to call the Account Executive assigned to them. It is also recommended to send an email to CloudServices@stchome.com with the service issue detailed and screenshots attached if applicable. 2. Once the cloud services team is informed of the issue, they will work together to triage the issue and determine where the fault is occurring. They will provide status updates following the initial diagnosis, what steps are being taken to resolve the issue, and when the issue has been resolved. 3. After the client is made aware the service is back to normal operating condition, STC will conduct a root cause analysis and generate recommendations and steps to prevent the same service issue from occurring again. This will be documented and sent to the customer by their Account Executive for review.
Data Migration Description
Electronic records are located in TennIIS and hosted by the Amazon Web Services (AWS). The data migration process would be managed by the TennIIS vendor STC.
Legacy Revision UUID
1367