Thanks to our friends at the National Vaccine Information Center (NVIC), we are now aware of HB 1164, introduced by the Colorado Department of Public Health and Environment (CDPHE), attempting to hijack control of vaccine exemptions. 
The intended purpose of HB 1164 states, “The department is responsible for determining the form by which the exemption is to be submitted and for posting on its website exemption rates for each school.” 
Currently, vaccine exemption information is collected by the individual schools. However, this bill would force all families in the state seeking vaccine exemptions to submit sensitive, personally identifiable information (PII) and protected health information (PHI) directly to the department.
This information is protected by the Family Educational Rights and Privacy Act (FERPA) which prohibits disclosing protected information to a third party, such as CDPHE. 
However, there may be more to the story than just posting website exemption rates.
Your Data Is NOT Safe
First, let’s start with data protection.
From my perspective, no health or government agency has even earned the right within the past year to even justify THINKING about collecting my sensitive data. They cannot even keep their own backyard safe.
What do I mean?
In 2015, the Office of Personnel Management (OPM) accidentally discovered their computer network was infected with malware through a vendor demonstrating their product. The ensuing investigation discovered over four million records, including security clearance data, were leaked to the Chinese government. One of the results of the data breach was pulling CIA officers from China. [4-6]
In early February of 2016, a hacker posted the personal details of 20,000 Federal Bureau of Investigation (FBI) employees, as well as information about more than an alleged 9,000 Department of Homeland Security (DHS) employees. 
What about the health care industry?
The U.S. Department of Health and Human Services have reported over 1469 data breaches affecting 500 individuals or more since October of 2009 – and that is only the known losses. 
You may also recall, about this same time last year, the health insurance company Anthem was hacked and millions of records were exposed through a compromise in their computer systems. 
Have you also heard that a hospital in California was held ransom by hackers recently? Reuters reports, “The president of Hollywood Presbyterian Medical Center said on Wednesday that his hospital paid hackers a ransom of $17,000 in bitcoins to regain control of their computer systems after a cyber attack.” 
This is only the tip of the iceberg.
Let’s be realistic.
As our friends from NVIC have stated in the past, vaccine tracking systems are already in place and the information that is proposed to be collected will be used to harass those who have chosen to delay or decline vaccines.
This is not a myth.
Public Law No. 111-148 gives the Centers for Disease Control and Prevention (CDC) authorization to create “vaccination squads” in local communities and seek out unvaccinated children. The ‘vaccine squads’ are called the “Community Preventive Services Task Force.” 
The Centers for Disease Control has also been quietly rolling out a nationwide program called the Immunization Information Systems (IIS), registering your sensitive personal information into a database. This effort has been run in parallel with state vaccine registry implementations. 
Lastly, applications tracking vaccine refusals have already been created to report the location of the refusal, the vaccine refused, and patient demographics. The output of the data, which is supposedly anonymous and stored securely at the University of Iowa, provides a heat map of the refusals. 
We should not trust any government agency, state or federal, to securely collect or store our data. The superficial motive for collecting such sensitive information must be heavily contested and challenged as the opportunity exists for the abuse of the collected data.