Students, faculty and staff on the Ann Arbor (including Michigan Medicine), Dearborn and Flint campuses are required to comply with the U-M COVID-19 Vaccination Policy. This policy requires individuals to be vaccinated against COVID-19 and submit their vaccination information to U-M, request a medical or religious exemption, or request a temporary postponement (“COVID-19 Vaccination Data”).
Self-reported COVID-19 vaccination and medical exemption information is not Protected Health Information (PHI) and is not regulated by HIPAA. For students, this information is regulated by FERPA. U-M respects the privacy of its community members and takes appropriate measures to keep COVID-19 vaccination data confidential and secure.
What COVID-19 Vaccination Data We Collect
- Identification and Contact Information
Name, uniqname, UMID, U-M role, date of birth, city of residence, presence on campus in last 14 days, phone number. - Vaccine Information
Location where the vaccine was received, month, date and year of vaccine doses, type of COVID-19 vaccine, vaccine lot number, images of your vaccination card. - Vaccine Exemption Information
Medical exemption supporting statements and documentation, religious exemption supporting statements and documentation (if applicable). - Logging Information
Date and time of completing the consent/reporting form.
This information is retained in compliance with applicable state or federal laws, or university policy.
How We Use COVID-19 Vaccination Data
The University of Michigan uses identifiable COVID-19 vaccination data to:
- Manage Public Health Protocols
Implement, waive or reduce COVID-19 testing requirements, quarantine periods, face covering requirements, or other public health protocols. - Maintain a Safe Campus
Direct public-health-informed decisions related to living, learning, and working at U-M, including informing and enforcing UM COVID-19 policies and protocols. - Update Health Records
Update Occupational Health Services (OHS) and University Health Services (UHS) health records with vaccine information. - Report and Inform
Produce reporting for necessary university officials.
The University of Michigan uses non-identifiable COVID-19 vaccination data to:
- Produce Trend Reporting and Analysis
Monitor trends in compliance over time.
The use of COVID-19 compliance data is governed by university policy and the U-M Data Governance framework, among other methods. Requests to access and use the data are only considered if they are related to public health.
How We Collect COVID-19 Vaccination Data
- Directly
when you provide responses to the questions in the self-reporting vaccination and exemption forms. - Automatically
when we capture information as you authenticate and use the forms.
How We Share COVID-19 Vaccination Data
We do not sell or rent your personal information. Individually identifiable information may be shared as required by law, and as appropriate with university officials, government public health agencies, and external service providers to aid vaccine verification and support COVID-19 response efforts.
- Service Providers
When information is shared with service providers, we have contractual agreements to require such service providers to keep your personal information secure and confidential, and do not allow them to use or share personal information for any purpose other than providing services on the university’s behalf.