How Does the Federal Government Monitor Vaccine Safety?
Vaccines are essential tools for public health that help prevent millions of hospitalizations and deaths each year in the U.S. alone. Vaccines are also overwhelmingly safe, with serious negative side effects from vaccinations being very rare. Even so, side effects and adverse events do happen, which makes it important to continually monitor vaccine safety and to investigate and respond to serious events that are detected, and to assess whether they are linked to vaccination. For this reason, the federal government has multiple systems in place that track vaccine safety. At the same time, the issue of vaccine safety in the U.S. has been increasingly contested, and is currently facing growing scrutiny, including from Trump administration officials. For example, Department of Health and Human Services (HHS) Secretary Robert F. Kennedy, Jr. has raised questions about vaccine safety, saying he believes the federal government is not doing enough to monitor adverse events and has not been transparent about the data on vaccine safety that it does have. Prior to becoming HHS Secretary, Kennedy said that the federal government had failed to conduct comprehensive studies on vaccine safety and said he believes the federal vaccine safety system captures only a tiny fraction of adverse events from vaccinations. As Secretary, Kennedy has also said he wishes to overhaul the federal government’s approach to vaccine safety monitoring, including by creating a division at the Centers for Disease Control and Prevention (CDC) to focus on vaccine-related injuries and implementing an automated system to track such injuries. In addition, members of the Advisory Committee on Immunization Practices (ACIP), a key vaccine advisory committee for the federal government that was newly constituted by Kennedy in June 2025, have echoed some of these same concerns about vaccine safety and have pledged to revisit vaccine safety issues through ACIP. Further, the safety of COVID-19 vaccines and the ability of the federal government to detect adverse events from vaccination has been questioned by the newly appointed chief medical and scientific officer at the Food and Drug Administration (FDA).
Experts within and outside the government have disputed claims about the lack of sufficient federal vaccine safety monitoring, saying the federal government does in fact have systems in place that can track the safety of vaccines, and that these systems are collectively able to identify important safety signals or significant adverse events from vaccinations. These systems include reviews of data collected during the regulatory review process both before and after vaccines are approved for use, analysis of self-reported vaccine injuries from the public, and ongoing surveillance and analysis of data from patient records at a national level. In most cases, these systems have been in place for decades and have been able to identify past vaccine safety issues.
To provide background and help inform current discussions, this brief provides an overview of the main federal systems and databases that monitor vaccine safety:
- Safety Data from Clinical Trials – FDA
- Post-licensure Rapid Immunization Safety Monitoring (PRISM) / Biologics Effectiveness and Safety (BEST) – FDA
- Vaccine Adverse Events Reporting System (VAERS) – FDA and CDC
- Vaccine Injury Compensation Data – HRSA
- Vaccine Safety Datalink (VSD) – CDC
- V-Safe – CDC
- Clinical Immunization Safety Assessment (CISA) – CDC
Background
Safety monitoring of vaccine products has been subject to federal regulatory oversight for over a century. Federal regulation of vaccine safety began formally with the passage of the “Biologics Control Act of 1902”, which authorized federal review of pharmaceutical products in development and which was created in response to a number of deaths caused by the unregulated use of a diphtheria anti-toxin vaccine in 1901. Subsequent laws expanded and clarified the federal role in protecting the public’s health and regulating the safety of drugs and vaccines, spurred on in some cases by safety events. For example, the Federal Food, Drug, and Cosmetic Act passed in 1938 following a number of deaths caused by sulfanilamide (a drug developed to treat streptococcal infections) expanded federal regulatory oversight of the manufacturing, testing, promotion, and distribution of pharmaceuticals. In 1944, the Public Health Service Act (PHSA) was enacted to consolidate and affirm the roles of federal agencies in protecting the public’s health, including review and regulation of pharmaceutical products, and has served as a foundation for continued federal public health efforts.
For many decades, vaccines were regulated primarily by the National Institutes of Health (NIH), but in 1972 Congress moved much of the responsibility for regulatory review of vaccine research and development to the U.S. Food and Drug Administration (FDA). CDC established an early vaccine adverse event tracking system in 1978, called the Monitoring System for Adverse Events Following Immunizations (MSAEFI), which collected reports of adverse events from parents receiving publicly funded vaccines. A major expansion of the vaccine safety monitoring infrastructure took place with the passage of the National Childhood Vaccine Injury Act in 1986, which was passed in response to a growing number of lawsuits filed against vaccine manufacturers claiming serious adverse events linked to administration of the diphtheria-tetanus-pertussis (DPT) vaccine (links not established by epidemiological studies). The law created a requirement for vaccine safety reporting to HHS and led to many of the systems for post-licensure vaccine safety monitoring still in place today and described further below. For example, in 1990, the more robust VAERS system replaced CDC’s MSAEFI system, and the same year the Vaccine Safety Datalink program at CDC was established. In subsequent years, the federal government has expanded these programs and added more, including the 2007 FDA Amendments Act (FDAAA) which required FDA to establish more robust pharmaceutical safety tracking systems. In response, the FDA established several programs drawing information from large administrative insurance databases to identify and analyze safety issues, including the PRISM and BEST initiatives described below, with the latter initially scaled up to track the safety of 2009 H1N1 pandemic influenza vaccines. During the COVID-19 pandemic, the federal government added additional vaccine safety tracking tools, including V-Safe.
Current Federal Vaccine Safety Monitoring Systems
Safety Data from Clinical Trials – FDA
Before being approved and licensed for use in the U.S., all new vaccines must be tested in clinical trials by vaccine developers, and the data from these trials must be submitted to the FDA for regulatory review. (Updates to already licensed vaccines do not necessarily go through the same set of clinical trials, though updated vaccine formulations are still subject to regulatory review and must be approved by FDA). In its clinical trial review, which covers multiple stages of the research and development process, the FDA’s primary considerations are determining that candidate vaccines are safe and effective. As such, reports of adverse reactions or other safety issues are closely monitored and any adverse safety signals are investigated. During later-stage, larger clinical trials, monitoring and evaluation of safety is a key component of data collection and review. Review of vaccine clinical trial data includes internal, confidential review by experts on staff at FDA, as well as external, public review provided typically through the Vaccines and Related Biological Products Advisory Committee (VRBPAC). Based on the conclusions and recommendations from these internal and external experts, the FDA Commissioner decides whether to approve candidate vaccines.
The 2007 FDAA required information from all clinical trials supported with public funds to be recorded in a public database (ClinicalTrials.gov) and set up requirements that trial results also be included in the public database, although raw data from trials is not typically made public as it is considered proprietary under FDA regulations. In addition, data hosted on the ClinicalTrials.gov database relies on investigators and sponsors choosing to submit such information and some, but not all submissions, include study results.
While the clinical trial system has a long history of ensuring that pharmaceutical products licensed for use in the U.S. are safe and effective, and major safety issues are able to be identified before a vaccine is licensed for use, clinical trials are performed in relatively small numbers of people compared to a whole population that might receive a vaccine. Therefore, very rare safety events might be harder to identify during the trials process. This is one reason post-licensure surveillance has been expanded, as required by the FDAA (see below).
Post-licensure Rapid Immunization Safety Monitoring (PRISM) / Biologics Effectiveness and Safety (BEST) – FDA
FDA also monitors safety of medical devices, drugs, and vaccines after they become available on the market. For many of the products it regulates, including vaccines, FDA has often required manufacturers to perform post-licensure safety reviews and submit that information to FDA for review. The 2007 FDAAA law required FDA to expand its post-licensure surveillance capabilities and develop a robust system that used health care data from clinical sites to track safety. In response, FDA created the Sentinel Initiative in 2008, which over time, has grown into a electronic surveillance system that is capable of tracking safety data for over 100 million individual members served by a broad set of health care organizations and clinical sites nationwide. In 2009, HHS initiated the Post-licensure Rapid Immunization Safety Monitoring (PRISM) to help monitor the safety of the H1N1 pandemic influenza vaccine; in 2010, PRISM became an immunization safety component within the Sentinel system and has expanded to include other vaccines. The FDA’s Center for Biologics Evaluation and Research (CBER) oversees another post-licensure vaccine safety program called Biologics Effectiveness and Safety (BEST), which was also created in response to the 2007 FDAAA requirements and launched in 2017. As part of its vaccine safety monitoring efforts, FDA also partners with the Centers for Medicare and Medicaid Services (CMS) to analyze Medicare claims data in order to track safety events among persons aged 65 or older. Using CMS data, FDA is able to perform regular, ongoing analyses looking for pre-specified adverse events following vaccination, as well as perform more specific analyses as needed.
PRISM, BEST, and FDA-CMS have access to large datasets, with hundreds of millions of patients covered by participating systems. These larger study populations allow for more specificity when trying to identify vaccine safety issues but can present challenges when studying longer-term safety issues because individuals may move in and out of different insurance plans over time. It may also take time for data in some of these systems to be made available for analysis (FDA reports a three month average data lag time for the BEST system, for example). To protect confidentiality, FDA does not have direct access to identifying information on patients, with private clinical sites and health insurers that partner with PRISM and BEST retaining their data locally behind firewalls.
Vaccine Adverse Events Reporting System (VAERS) – FDA and CDC
VAERS is a national vaccine safety surveillance program which allows the federal government to collect, analyze, and report on adverse reactions or other safety issues related to vaccines. It was created after the passage of the 1986 National Childhood Vaccine Injury Act and formally established in 1990. VAERS is jointly administered by the FDA and CDC.
VAERS is a “passive” surveillance system, as it depends on individuals submitting voluntary reports of issues that arise after vaccination. Anyone can submit reports to VAERS including healthcare providers, representatives from vaccine manufacturers, and the public. Since 1990, there have been over 2 million reports submitted to VAERS. Prior to 2020, there were on average about 40,000 to 50,000 reports submitted annually, and after COVID-19 vaccinations became available, the number of reports increased significantly, with over 1 million reports submitted in 2021 alone. FDA and CDC scientists monitor the VAERS database for possible signals of problems with vaccines. Most submissions report mild side effects after vaccinations, such as fever. Very rarely, more serious adverse events are reported and identified through VAERS. When staff at these agencies determine there may be a serious concern about a specific report or set of reports, additional information may be requested of the individual(s) that submitted the information such as clinical records or other evidence to corroborate the information in the report.
While anyone can submit to VAERS, which makes it easier and more convenient to report through this system, initial reports are not verified and, as with all passive surveillance, the population submitting reports to VAERS may not be representative of the population of people receiving vaccinations. Further, in some cases health issues reported by individuals following vaccination could be coincidental rather than causal. This is one reason additional information may be requested and further investigation triggered by serious VAERS reports. As a result, analyzing and interpreting VAERS data requires care and an understanding of its limitations. VAERS can be useful to generate hypotheses and indicate possible concerns but may not be suitable for determining definitive causal relationships between vaccines and safety issues. Because of these inherent weaknesses and difficulties working with VAERS data, some have used the data to draw misleading conclusions, or even actively misinform about links between vaccinations and adverse events. Regarding transparency, almost all data in VAERS is made public on the CDC website, including all initial and subsequent reports from the public. However, more sensitive follow-up information collected through VAERS during further review by federal officials is not made available due to privacy considerations.
Systems related to or similar to VAERS have been maintained at other federal agencies as well, including the Indian Health Service, the Department of Veteran’s Affairs, and the Department of Defense.
Vaccine Injury Compensation Data – HRSA
The Health Resources and Services Administration (HRSA) oversees the National Vaccine Injury Compensation Program (VICP). This program was one of several vaccine safety systems created by the 1986 National Childhood Vaccine Injury Act, and was designed to be a “no-fault alternative to the traditional tort system” for vaccine injury claims. Congress passed the 1986 law following a series of lawsuits against vaccine manufacturers and healthcare providers that had threatened the supply of vaccines in country. The system removes the liability burden from manufacturers for vaccine-related injuries, and allows for the government to compensate individuals and families affected by adverse reactions to childhood vaccinations. HRSA hosts the VICP, conducts medical reviews of submitted petitions, and makes any Court-ordered compensation payments to petitioners. The U.S. Court of Federal Claims is responsible for final decisions regarding whether compensation is warranted, and the amount and type of compensation from the government. Payments are funded through an excise tax on each dose of a childhood vaccine. To be included in VICP a vaccine must be: 1) recommended by the CDC for routine administration to children or pregnant women, 2) subject to the excise tax that funds VICP, and 3) must have been added to the official VICP Vaccine Injury Table by the Secretary of HHS. Each month, HRSA publishes an updated summary of claims and payouts, per covered vaccine, processed through the VICP. A total of 28,673 petitions have been filed with VICP between 1988 and 2025, and 12,019 (42%) were found to be compensable under the program. HRSA reports that over the period from 2006 to 2023, CDC estimates over 5 billion doses of VICP covered vaccines were distributed, and over the same time period 9,675 individuals were compensated for vaccine injuries, or about 1 compensable petition per 1 million doses distributed.
HRSA also oversees another injury compensation program, the Countermeasures Injury Compensation Program (CICP), initially created through the 2005 PREP Act. Like the VICP, the CICP provides compensation for adverse events following the administration or use of certain vaccines (along with diagnostics or other countermeasures). However, CICP differs from VICP in a number of important ways, such as: CICP only covers vaccines administered in the context of a public health emergency or security threat; CICP claims are adjudicated via an administrative process rather than a judicial process, and; there is no judicial appeals allowed under CICP (while VICP allows court-based appeals). Currently, COVID-19 vaccine injury compensation cases are evaluated and compensated under CICP rather than VICP, at least through December 2029 as presently authorized by Congress. HRSA provides monthly updates on CICP-related vaccine compensation cases and compensated amounts. According to this data, between fiscal years 2010 and 2025 CICP has received 14,413 claims and has reached a decision on 4,979 of those claims. 4,864 claims were denied, while 115 claims (or less than 1% of petitions) have been found to be eligible for compensation through June 2025.
While VICP and CICP compensation data do not constitute a traditional database or surveillance system for tracking vaccine safety, they can serve as an indicator of sorts for the scale and scope of vaccine injuries. However, not all vaccine injuries will be adjudicated through these systems, and there have been issues with delays in reaching decisions and settlements. In particular, the CICP’s more limited scope, administrative review process, and surge of claims related to COVID-19 vaccines since 2021 has led to long case review times. CICP also has a rejection rate that appears much higher than that of the VICP. Also, a re-organization of several HHS offices and agencies, including HRSA, has been announced by Secretary Kennedy, raising some questions about where these two compensation programs will reside and what support they will receive as part of the proposed “Administration for Health America” (AHA).
Vaccine Safety Datalink (VSD) – CDC
The Vaccine Safety Datalink (VSD) is an “active” vaccine adverse event surveillance program, created after the passage of the 1986 National Childhood Vaccine Injury Act and formally established by CDC in 1990. VSD is a collaboration between the CDC Immunization Safety Office and several health care system sites spread across various regions of the U.S. At its start, VSD worked with four sites, but the number of sites has expanded; CDC reports that there are presently 11 participating clinical sites (and two additional sites providing subject matter expertise), covering an estimated population of about 15 million health plan participants annually across all age groups, with an annual birth cohort of approximately 115,000 births.
VSD is designed to allow investigators to perform vaccine safety studies and investigate vaccine adverse events, drawing on data from the electronic health records (EHRs) of patients at participating sites. VSD investigators may include CDC and other federal government employees, as well as external experts. VSD data is used for active surveillance of vaccine safety issues through weekly analyses comparing rates of predefined adverse events following specific vaccines to rates in a comparison group. The data is also used to test hypotheses and perform more specific analyses or look further into potential vaccine-related adverse events identified in VSD or elsewhere. For data security and privacy reasons, since 2001 VSD EHR data is not centrally hosted by the federal government but rather decentralized across participating sites and held in secure servers. When needed, de-identified data from these sites can be shared with CDC for analysis.
VSD provides an ability to perform close to “real-time” surveillance of vaccine injuries drawing from a large national dataset, and also allows for deeper analyses on specific topics using historical data in VSD. Even so, VSD data may be limited when identifying or investigating extremely rare safety events. Because the data is decentralized across multiple institutions, coordinating and accessing a complete dataset for analysis is more cumbersome, but the structure also maintains privacy more effectively. As with other data sources relying on information from commercial insurers, it can be challenging to study medium- or long-term safety issues because patients frequently change insurance plans and health care providers.
Over the past several years, VSD has been a target of some criticism from anti-vaccine groups, which have raised concerns about supposed misuse of its data and a lack of transparency. During Senate hearings in May, HHS Secretary Kennedy said there have been “allegations of fraud” and “so much information that’s disappeared from [VSD].” However, there is no evidence this is the case, and current and former federal health officials familiar with VSD have pushed back on these statements. Recently, Kennedy appointed a controversial researcher to analyze VSD data to identify links between childhood vaccines and autism – even though that is a link disproven through many other studies across many years, including through published studies using VSD data.
V-Safe – CDC
V-safe is a vaccine safety monitoring system originally launched in December 2020 to help monitor the safety of COVID-19 vaccines. Subsequently, the system has also been used to track safety of mpox (starting in November 2022) and RSV vaccines (starting in May 2023). Currently, the system monitors for events following COVID-19 and RSV vaccinations across the U.S. (mpox monitoring has been discontinued). V-safe is a passive, voluntary system where recipients of monitored vaccines can report to CDC how they feel after being vaccinated. Individuals may choose to sign up with V-safe after their vaccination, and the system will send text or email messages asking questions about symptoms or side effects they may or may not be experiencing. The reported data is collected and kept confidential at CDC. If participants report experiencing serious side effects or adverse events following a vaccination, they may be prompted to complete a VAERS report as well.
V-safe data has been used in multiple studies of adverse events following COVID-19, mpox, and RSV vaccinations. De-identified data from V-safe is made public by CDC on its data download website.
While V-safe can provide CDC with timely snapshots of vaccine safety issues through its text/email-based reporting approach, it is a voluntary, opt-in system so the population reporting through V-safe may not be representative of the population receiving a particular vaccines. In addition, initial reports through V-safe are self-reported and not verified. Therefore, analyzing and interpreting V-safe data requires care and an understanding of its limitations. The data can be useful to generate hypotheses and indicate possible concerns, but may not be suitable for determining definitive causal relationships between vaccines and safety issues.
Clinical Immunization Safety Assessment (CISA) – CDC
The Clinical Immunization Safety Assessment (CISA) Project was established in 2001 by CDC. It is a national-level network of vaccine safety experts drawn from CDC, medical research centers, and other partners. Providers who have questions or concerns about vaccine safety can submit information to CISA and request a consultation with its experts, which is provided free of charge. For example, CISA experts can provide clinical case consultations that help answer complex vaccine safety questions regarding individual patients, conduct research on vaccine safety issues, and help providers and organization with responses to vaccine safety issues. CISA participants have authored many published articles on vaccine safety, drawing on this expertise and the inquiries submitted to CISA.
CISA is not a vaccine safety surveillance system per se, but rather, serves as a resource for clinicians and others around the country to draw on when complex or unfamiliar issues come up when evaluating vaccine injuries in patients. This resource can help speed the identification of issues that do arise, and provide expert context to investigations and analyses of vaccine safety. CISA does not provide a systematic database of analyses and results, but has a record of academic articles published that address a broad set of vaccine safety concerns.
Conclusion
Federal vaccine safety monitoring spans regulatory oversight during clinical trials, through to post-licensure surveillance systems that include tracking of population-level outcomes at a broad scale. It includes passive systems that rely on individuals to report vaccine adverse reactions and active systems that can tap into data in almost real-time to identify issues. No single system can comprehensively address all vaccine safety monitoring needs, but this combination of systems provides a foundation for tracking and understanding vaccine safety issues.
Even so, concerns have been raised about whether these systems are sufficiently robust, and recent statements from Trump Administration officials reflect a broader debate about whether and how these systems could be improved and whether additional steps need to be taken to assure the public about the safety of current vaccines. Already, we’ve seen concerns about safety used to justify changes to vaccine recommendations at FDA and CDC, even without new evidence that vaccines are unsafe. The extent to which such concerns will lead to changes in federal tracking and reporting on vaccine safety is unknown.
