Automated vaccine-safety reporting was built, proven on 1.4 million doses, and open-sourced. The engine runs at scale today — just never pointed at VAERS. We don't need to invent it. We need to fork it.
The official VAERS form takes a clinician roughly 30 minutes of manually re-typing information the electronic health record already holds in structured form. Predictably, fewer than 1% of vaccine adverse events are ever reported. The usual conclusion is that better safety surveillance is hard, expensive, or impossible. It is none of those things. It was built fifteen years ago.
ESP (Electronic Support for Public Health) is an open-source platform that reads near-real-time EHR data — diagnoses, labs, prescriptions, vitals — and automatically detects and reports reportable conditions to public health authorities. It was built at the Department of Population Medicine, Harvard Pilgrim Health Care Institute, originally to automate the notifiable-disease reports clinicians are legally required to file and mostly don't.
This is not a prototype on a shelf. Today ESP is:
A maintained, deployed, government-networked engine already watches millions of records and files automated public-health reports every day. The "machine that reads the record and raises its hand" is real, and running.
With an AHRQ grant (R18 HS017045), the same team extended ESP into ESP:VAERS. The method was simple and powerful: for every patient who received a vaccine, the system automatically watched the next 30 days of their record for diagnoses, labs, and prescriptions suggestive of an adverse event — and when it flagged one, it auto-generated a pre-filled electronic VAERS report and could transmit it. No form. No 30 minutes. No reliance on memory.
It ran on real data: ~1.4 million doses of 45 vaccines given to 376,452 people (under IRB and data-use agreements — that individual-level data is protected and not public). What it proved:
The planned evaluation comparing ESP:VAERS to existing systems could not proceed — by the project's own final report, "due to restructuring at CDC and consequent delays in decision-making." The vaccine-reporting capability was not carried to national adoption.
To be precise and fair: that is the documented record, and we make no claim about intent. What is not in dispute is the outcome — a working, government-funded, automated vaccine-safety reporting system, proven on 1.4 million doses, was not deployed at national scale, while the engine underneath it went on to be open-sourced and deployed for other public-health reporting across an entire state.
| Layer | Status |
|---|---|
| Detection engine (read the record, flag the event) | Built. Open-source. Running at scale (ESP, 60%+ of MA, CDC MENDS). |
| Vaccine adverse-event reporting capability | Built & proven on 1.4M doses (ESP:VAERS, 2011); not switched on nationally. |
| Legal permission | Granted. VAERS reporting is a permitted public-health disclosure — 45 CFR 164.512(b); 42 U.S.C. 300aa-25. No patient authorization required. |
| Modern portability | Available. FHIR / SMART-on-FHIR — vendor-neutral, app-runs-in-the-EHR — didn't exist in 2011; it does now. |
| Frictionless entry (the visible half) | Demonstrated. Open 5-minute-VAERS proof of concept (synthetic data). |
| The connection | This is the only missing piece. |
We are not asking anyone to invent a solution. We are asking to connect the pieces that already exist, in the open:
⑂ ESP source (GitLab) ESP project ▶ 5-Minute VAERS demo The evidence corpus
Our open 5-Minute VAERS demo rebuilds the visible entry half on modern standards so anyone can see how little it takes. ESP is the detection half — already built, open, and deployed. Put them together and you have the instrument the public has been told is impossible.