Development of a Birth Certificate Trust Framework
Development of a Birth Certificate Trust Framework
Development of a Birth Certificate Trust Framework
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
y<br />
Garland Land<br />
NAPHSIS Consultant
Importance <strong>of</strong> <strong>Birth</strong> <strong>Certificate</strong>s<br />
Needed for:<br />
�Social Security Card<br />
�School Enrollment<br />
�Driver’s License<br />
�Passport
United States ID Document<br />
�No National ID Document<br />
�The de-facto ID Documents for persons<br />
born in the U.S. are:<br />
�Driver’s License<br />
�Passport
Importance <strong>of</strong> <strong>Birth</strong> <strong>Certificate</strong>s<br />
Driver’s Licenses and Passports are<br />
dependent on <strong>Birth</strong> Certifications.
The Problem<br />
Currently DMVs, the State Department<br />
and other parties relying on <strong>Birth</strong><br />
Certifications have no way to<br />
determine the level <strong>of</strong> trust they can<br />
place on a <strong>Birth</strong> Certification.
The Problem (cont.)<br />
� Registration and issuing policies and practices<br />
vary among vital records jurisdictions<br />
� Issuing practices vary between the state and<br />
local jurisdictions<br />
� Relying parties do not know the state and local<br />
registration and issuing policies and practices<br />
� This results in a general lack <strong>of</strong> trust <strong>of</strong> birth<br />
certifications
Solution<br />
� The solution is the development <strong>of</strong> security trust<br />
criteria that a vital records jurisdiction would<br />
strive to meet.<br />
� Adherence to the trust criteria would be assessed<br />
by an independent reviewer(s)<br />
� A Vital Records Agency security level <strong>of</strong> trust,<br />
would be made available to parties relying on birth<br />
certifications
Steps Taken to Develop a <strong>Birth</strong><br />
<strong>Certificate</strong> <strong>Trust</strong> <strong>Framework</strong><br />
� The concept <strong>of</strong> a <strong>Trust</strong> <strong>Framework</strong> was presented at<br />
the 2011 NAPHSIS annual meeting<br />
� The NAPHSIS Board authorized the Security<br />
Committee to develop the criteria for a <strong>Trust</strong><br />
<strong>Framework</strong><br />
� The security committee used the Security Guidelines,<br />
the Vital Statistics Standards and draft 2011 Model Law<br />
to develop <strong>Trust</strong> <strong>Framework</strong> Criteria, Assessment<br />
Procedures and Assessment Score Sheet
<strong>Trust</strong> Criteria Categories and<br />
Number <strong>of</strong> Criteria<br />
1. Registration (10)<br />
2. Issuance (14)<br />
3. Security <strong>of</strong> the Document (4)<br />
4. Validity (10)<br />
5. Death Status (5)<br />
6. Authentication (6)
Registration Criteria<br />
<strong>Trust</strong> criteria to assure best practice<br />
policies and procedures are in place<br />
and followed on filing delayed and out<br />
<strong>of</strong> institution births
Examples <strong>of</strong> Registration<br />
<strong>Trust</strong> Criteria<br />
� Delayed reports <strong>of</strong> birth are filed based upon the<br />
documentary evidence <strong>of</strong> Appendix A (taken from<br />
Security Guidelines)<br />
� At a minimum annually, a report <strong>of</strong> all out <strong>of</strong><br />
institution births is filed by licensed and lay midwives<br />
to verify registration <strong>of</strong> births.<br />
� Appropriate courts are provided resources on state<br />
laws, regulations and standards related to the creation<br />
<strong>of</strong> delayed and out <strong>of</strong> institution records
Issuance <strong>Trust</strong> Criteria<br />
<strong>Trust</strong> criteria to assure best practice<br />
policies and procedures are in place<br />
and followed to only issue a birth<br />
certification to the person named on<br />
the birth record or an eligible person<br />
with a legal right and tangible interest
Examples <strong>of</strong> Issuance Criteria<br />
� 100% <strong>of</strong> employees, contractors and vendor employees<br />
that have access to records have signed confidentiality<br />
statements and re-sign them annually<br />
� Staff duties are separated for staff roles that may be<br />
susceptible to fraud or misuse<br />
� Local Registrars issue all certifications <strong>of</strong> birth records<br />
from a jurisdiction central data base or image system
Security <strong>of</strong> the Document<br />
<strong>Trust</strong> Criteria<br />
<strong>Trust</strong> criteria to assure birth<br />
certifications have alteration resistance<br />
features
Examples <strong>of</strong> Security <strong>of</strong> the<br />
Document Criteria<br />
� Certification paper has the substrate and<br />
printing security features consistent with<br />
Appendix E (taken from Security<br />
Guidelines)<br />
� All birth certification documents used in<br />
local <strong>of</strong>fices are provided or approved by the<br />
Jurisdiction Registrar
Validity <strong>Trust</strong> Criteria<br />
<strong>Trust</strong> criteria to assure best practice<br />
policies and procedures are in place<br />
and followed to prevent birth<br />
certification fabrication
Examples <strong>of</strong> Validity Criteria<br />
� Certification paper is properly stored and<br />
handled according to Appendix F (taken<br />
from Security Guidelines)<br />
� Jurisdiction participates in EVVE<br />
� Jurisdiction participates in Fraud Early<br />
Warning System (FEWS)
Death Status <strong>Trust</strong> Criteria<br />
<strong>Trust</strong> criteria to assure the person named<br />
on the birth certification is alive
Examples <strong>of</strong> Death Status Criteria<br />
� All death records that occurred within the jurisdiction<br />
or elsewhere are matched with birth records occurring<br />
within the jurisdiction. The date <strong>of</strong> death and state or<br />
country <strong>of</strong> death is noted on the birth file.<br />
� Initial matching <strong>of</strong> birth and death records and<br />
marking or flagging <strong>of</strong> birth records occur within ten<br />
calendar days after receipt <strong>of</strong> death records.<br />
� Jurisdiction and local certifications <strong>of</strong> birth records <strong>of</strong><br />
persons who have died are marked deceased
Authentication <strong>Trust</strong> Criteria<br />
<strong>Trust</strong> criteria to assure a person is<br />
presenting their own birth certification
Examples <strong>of</strong> Authentication<br />
<strong>Trust</strong> Criteria<br />
� A qualified applicant for a certification <strong>of</strong> live birth<br />
is limited to the registrant, his or her, child, parent,<br />
etc. (taken from 2011 draft Model Law)<br />
� When submitting an application in person (by<br />
mail), (through the Internet) only persons with a<br />
legal right can obtain certifications <strong>of</strong> birth<br />
records. To verify legal right the applicant must<br />
(specific documentation is specified for each<br />
application mode.
Conformance Assessment<br />
Procedures<br />
� A Conformance Assessment Procedures Manual has<br />
been developed to assist reviewers on how to determine a<br />
jurisdiction’s level <strong>of</strong> conformance with trust criteria so<br />
there is consistency in assessing conformance among<br />
jurisdictions.<br />
� Reviewers can give a jurisdiction 0,1 or 2 points for each<br />
criteria depending if the jurisdiction does not comply,<br />
partially complies or fully complies with the trust criteria<br />
as defined in the Conformance Assessment Procedures<br />
Manual
Determining <strong>Trust</strong> Level<br />
� Each <strong>Trust</strong> Criteria is given a weight <strong>of</strong> 1 or 2<br />
� The jurisdiction level <strong>of</strong> conformance score<br />
<strong>of</strong> 0,1 or 2 for each criteria is multiplied<br />
times the weight <strong>of</strong> 1 or 2<br />
� The jurisdiction’s weighted scores are<br />
totaled with a possible score <strong>of</strong> 162
Levels <strong>of</strong> <strong>Trust</strong><br />
�There are four different levels <strong>of</strong><br />
security trust a Vital Records Agency<br />
can obtain.<br />
�The level <strong>of</strong> security trust is dependent<br />
on the weighted trust criteria score and<br />
meeting some mandatory trust criteria.
Level 1 Vital Records<br />
Security Agency<br />
Scores 20-79 points and meets Level I mandatory trust<br />
criteria. A level I Vital Records Security Agency is able<br />
to detect and <strong>of</strong>fer resistance to some common forms<br />
<strong>of</strong> birth record fraud. The likelihood <strong>of</strong> fraudulent<br />
actions occurring are prevalent because <strong>of</strong> a low level<br />
<strong>of</strong> security provisions and dishonest individuals are<br />
expected to perceive the fraud barriers to be less<br />
difficult and the chance <strong>of</strong> success to be good. In the<br />
event that fraudulent actions are attempted these<br />
agencies will be less prepared to mitigate some types<br />
<strong>of</strong> fraudulent attempts.
Level IV Vital Records<br />
Security Agency<br />
Scores 140-162 points and meets mandatory Level IV<br />
trust criteria. A level IV Vital Records Security<br />
Agency is able to anticipate and effectively control all<br />
credible birth record related fraudulent attempts. The<br />
likelihood <strong>of</strong> fraudulent actions occurring are nearly<br />
eliminated because <strong>of</strong> very high security provisions<br />
and dishonest individuals are expected to perceive the<br />
fraud barriers to be nearly insurmountable and the<br />
chance <strong>of</strong> success to be nearly non-existent. In the<br />
event that fraudulent actions are attempted these<br />
agencies are prepared to fully mitigate the fraudulent<br />
attempts.
Possibilities for the Future<br />
�The trust framework criteria and<br />
Assessment Procedures should be pilot<br />
tested.<br />
�NAPHSIS will need to determine next<br />
steps for institutionalizing a formal<br />
<strong>Trust</strong> <strong>Framework</strong> Program.