Development of a Birth Certificate Trust Framework

y
Garland Land
NAPHSIS Consultant

Importance of Birth Certificates
Needed for:
�Social Security Card
�School Enrollment
�Driver’s License
�Passport

United States ID Document
�No National ID Document
�The de-facto ID Documents for persons
born in the U.S. are:
�Driver’s License
�Passport

Importance of Birth Certificates
Driver’s Licenses and Passports are
dependent on Birth Certifications.

The Problem
Currently DMVs, the State Department
and other parties relying on Birth
Certifications have no way to
determine the level of trust they can
place on a Birth Certification.

The Problem (cont.)
� Registration and issuing policies and practices
vary among vital records jurisdictions
� Issuing practices vary between the state and
local jurisdictions
� Relying parties do not know the state and local
registration and issuing policies and practices
� This results in a general lack of trust of birth
certifications

Solution
� The solution is the development of security trust
criteria that a vital records jurisdiction would
strive to meet.
� Adherence to the trust criteria would be assessed
by an independent reviewer(s)
� A Vital Records Agency security level of trust,
would be made available to parties relying on birth
certifications

Steps Taken to Develop a Birth
Certificate Trust Framework
� The concept of a Trust Framework was presented at
the 2011 NAPHSIS annual meeting
� The NAPHSIS Board authorized the Security
Committee to develop the criteria for a Trust
Framework
� The security committee used the Security Guidelines,
the Vital Statistics Standards and draft 2011 Model Law
to develop Trust Framework Criteria, Assessment
Procedures and Assessment Score Sheet

Trust Criteria Categories and
Number of Criteria
1. Registration (10)
2. Issuance (14)
3. Security of the Document (4)
4. Validity (10)
5. Death Status (5)
6. Authentication (6)

Registration Criteria
Trust criteria to assure best practice
policies and procedures are in place
and followed on filing delayed and out
of institution births

Examples of Registration
Trust Criteria
� Delayed reports of birth are filed based upon the
documentary evidence of Appendix A (taken from
Security Guidelines)
� At a minimum annually, a report of all out of
institution births is filed by licensed and lay midwives
to verify registration of births.
� Appropriate courts are provided resources on state
laws, regulations and standards related to the creation
of delayed and out of institution records

Issuance Trust Criteria
Trust criteria to assure best practice
policies and procedures are in place
and followed to only issue a birth
certification to the person named on
the birth record or an eligible person
with a legal right and tangible interest

Examples of Issuance Criteria
� 100% of employees, contractors and vendor employees
that have access to records have signed confidentiality
statements and re-sign them annually
� Staff duties are separated for staff roles that may be
susceptible to fraud or misuse
� Local Registrars issue all certifications of birth records
from a jurisdiction central data base or image system

Security of the Document
Trust Criteria
Trust criteria to assure birth
certifications have alteration resistance
features

Examples of Security of the
Document Criteria
� Certification paper has the substrate and
printing security features consistent with
Appendix E (taken from Security
Guidelines)
� All birth certification documents used in
local offices are provided or approved by the
Jurisdiction Registrar

Validity Trust Criteria
Trust criteria to assure best practice
policies and procedures are in place
and followed to prevent birth
certification fabrication

Examples of Validity Criteria
� Certification paper is properly stored and
handled according to Appendix F (taken
from Security Guidelines)
� Jurisdiction participates in EVVE
� Jurisdiction participates in Fraud Early
Warning System (FEWS)

Death Status Trust Criteria
Trust criteria to assure the person named
on the birth certification is alive

Examples of Death Status Criteria
� All death records that occurred within the jurisdiction
or elsewhere are matched with birth records occurring
within the jurisdiction. The date of death and state or
country of death is noted on the birth file.
� Initial matching of birth and death records and
marking or flagging of birth records occur within ten
calendar days after receipt of death records.
� Jurisdiction and local certifications of birth records of
persons who have died are marked deceased

Authentication Trust Criteria
Trust criteria to assure a person is
presenting their own birth certification

Examples of Authentication
Trust Criteria
� A qualified applicant for a certification of live birth
is limited to the registrant, his or her, child, parent,
etc. (taken from 2011 draft Model Law)
� When submitting an application in person (by
mail), (through the Internet) only persons with a
legal right can obtain certifications of birth
records. To verify legal right the applicant must
(specific documentation is specified for each
application mode.

Conformance Assessment
Procedures
� A Conformance Assessment Procedures Manual has
been developed to assist reviewers on how to determine a
jurisdiction’s level of conformance with trust criteria so
there is consistency in assessing conformance among
jurisdictions.
� Reviewers can give a jurisdiction 0,1 or 2 points for each
criteria depending if the jurisdiction does not comply,
partially complies or fully complies with the trust criteria
as defined in the Conformance Assessment Procedures
Manual

Determining Trust Level
� Each Trust Criteria is given a weight of 1 or 2
� The jurisdiction level of conformance score
of 0,1 or 2 for each criteria is multiplied
times the weight of 1 or 2
� The jurisdiction’s weighted scores are
totaled with a possible score of 162

Levels of Trust
�There are four different levels of
security trust a Vital Records Agency
can obtain.
�The level of security trust is dependent
on the weighted trust criteria score and
meeting some mandatory trust criteria.

Level 1 Vital Records
Security Agency
Scores 20-79 points and meets Level I mandatory trust
criteria. A level I Vital Records Security Agency is able
to detect and offer resistance to some common forms
of birth record fraud. The likelihood of fraudulent
actions occurring are prevalent because of a low level
of security provisions and dishonest individuals are
expected to perceive the fraud barriers to be less
difficult and the chance of success to be good. In the
event that fraudulent actions are attempted these
agencies will be less prepared to mitigate some types
of fraudulent attempts.

Level IV Vital Records
Security Agency
Scores 140-162 points and meets mandatory Level IV
trust criteria. A level IV Vital Records Security
Agency is able to anticipate and effectively control all
credible birth record related fraudulent attempts. The
likelihood of fraudulent actions occurring are nearly
eliminated because of very high security provisions
and dishonest individuals are expected to perceive the
fraud barriers to be nearly insurmountable and the
chance of success to be nearly non-existent. In the
event that fraudulent actions are attempted these
agencies are prepared to fully mitigate the fraudulent
attempts.

Possibilities for the Future
�The trust framework criteria and
Assessment Procedures should be pilot
tested.
�NAPHSIS will need to determine next
steps for institutionalizing a formal
Trust Framework Program.