mark flotow chief, illinois center for health statistics naphsis president
TRANSCRIPT
Recent Activities of theNational Association forPublic Health Statistics
and Information Systems (NAPHSIS)
Mark Flotow Chief, Illinois Center for Health
StatisticsNAPHSIS President
Mission Statement
To provide national leadership and advocacy on behalf of its members to ensure the quality, security, confidentiality, and utility of vital records and health statistics as well as their integral role with health information systems, for monitoring and improving public health.
NAPHSIS Board of Directors President: Mark Flotow, Illinois President Elect: Jennifer Woodward, Oregon Past President: Isabelle Horon, Maryland Treasurer: Bruce Cohen, Massachusetts Secretary: Kelly Baker, Oklahoma Member at Large: Judy Moulder, Mississippi Member at Large: Rich McCoy, Vermont Member at Large: Lou Saadi, Kansas Member at Large: Linette Scott, California
NAPHSIS Committees Board of Directors Annual Meeting Audit Awards By-laws Communications Cost eHealth EVVE Innovations International &
Territorial Affairs
Inter-jurisdictional Exchange ( incl. STEVE)
Membership Nominating Past Presidents Registration Research Proposal
Review Resolutions Security Statistics Training
NAPHSIS Projects
State VSCP Contracts/NCHS
EVVE Data Cleaning Tool STEVE /IJE Model Law
Workgroup* Cause of Death e-
learning Technical Assistance
Re-engineering EBRs / EDRs
Business Process Improvement
* recently completed
Security Guide + FEWS
Vital Statistics Standards
Monthly Webinars Web Training
Resource Statistical
Definitions Reviews of
researcher data requests to NCHS
International Consulting
NAPHSIS Committees Board of Directors Annual Meeting Audit Awards By-laws Communications Cost eHealth EVVE Innovations International &
Territorial Affairs
Inter-jurisdictional Exchange ( incl. STEVE)
Membership Nominating Past Presidents Registration Research Proposal
Review Resolutions Security Statistics Training
NAPHSIS Security Guide
Challenges to Vital Records Systems
9/11 Impact on reform -- heightened public awareness
The Move toward Intelligence Reform Certificate Filing and Review
Out-of-Institution Births Delayed Certificate Filing
Application Processing and Verification of Identity Open vs. Closed Records Who is applying? Is identification required and is it valid? Is the applicant entitled? Identity Theft
Internal Security Physical Security Paper Security Personnel
Motion 2006 – 01To promote an awareness and
commitment to national security by . . .
Each jurisdiction designates a security coordinator,
Each jurisdiction adopts nationally-developed best practices,
NAPHSIS adopts these best practices as a standard and designates a security coordinator, and
The NAPHSIS security coordinator serves as a focal point among jurisdictional security coordinators to establish and promote uniformity of security procedures.
Intelligence Reform& Terrorism Prevention Act -
2004SEC. 7211. MINIMUM STANDARDS FOR
BIRTH CERTIFICATES.3(A) at a minimum, shall require
certification of the birth certificate by the State or local government custodian of record that issued the certificate, and shall require the use of safety paper or an alternative, equally secure medium, the seal of the issuing custodian of record, and other features designed to prevent tampering, counterfeiting, or otherwise duplicating the birth certificate for fraudulent purposes;
(D) may not require a single design to which birth certificates issued by all States must conform;
Why a NAPHSIS Security Guide?
To meet NAPHSIS Motion 2006-1
Intelligence Reform & Terrorism Prevention Act (IRTPA) of 2004 Regulations (pending)
Supplement the Model Act Establish uniformity among
jurisdictions
Foundation of the Security Guide
Model State Vital Statistics Act and Regulations 1992 revision currently 2011 revision pending approval
State/Jurisdictional Best Practices Intel Reform Workgroup
Recommendations Input from Contributors
Model State Vital Statistics Act
(+)Uniformity Among
Jurisdictions: Registration of Vital
Events Disclosure of
Information Amendments or
Corrections Security Features Penalties
(-)
Not mandated Influenced by States’
Rights Lacks legislative
attention Cost may become a
factor
Contributors to the Security Manual
National Center for Health Statistics (NCHS)
Dept. of State - Passport Services Dept. of Homeland Security - Forensic Labs NAPHSIS Corporate Sponsors - Technical Document Security Alliance (DSA) North American Security Products
Association-(NASPO) AAMVA – DMVs (Motor Vehicle
Administration)
Security Manual Contents
Delayed and Out-of-Institution Birth
Access to Vital Records
Birth Certification Document
Issuance Procedures
Physical Security Measures
Amendment/Correction
Topics include . . . Security
Coordinator Guidelines
Security Paper, Records/Data, & Money
Vendors Personnel Training Record Retention
Section 2Access to Vital Records
Vital records should be closed to the public
Restrict access to eligible requestors
All employees required to sign confidentiality statements
Government officials must present identification and written assurance the use is for official business
Maintain fraud activity files
Standardized application
Minimum set of biographic identifiers
Requestor should provide proof of identity
All birth records issued at local level should be from a central data base or image system
Non-restricted vital records(e.g., 100 yrs birth,
50 yrs death)
Section 3Birth Certification Document
Four layers of security
Overt, covert, and forensic features
Certification Document should be provided or approved by State Registrar
Security awareness
Security features comparison chart
Paper and printers: Printing in USA Level of security Supply chain Review product
Physical Security Measures
Access Control DevicesWho has keys? Where are they?
Badges, pass cards, other access devices
General Access QuestionsWho has access?
Staff SafetyAre your counter staff safe?
Physical Security Measures
Surveillance Who does your security? Procedures in place to report intruders?
Fire, Smoke, Water, Alarms and Notification Systems Are the systems in place? Do they have
regular maintenance? Are there emergency drills?
Disaster Preparedness/Business Continuity Do you have a comprehensive disaster
plan? Are records backed up off-site?
Additional Topics for Guidelines
Physical Security Measures (recently completed)
Destruction of Original Records and Other Documents Containing Confidential and Sensitive Information (in progress)
Amendments/Corrections Fee Accounting Security Training and Personnel Local Registrars and Satellite Offices Fraud Awareness
What is the Process for the Security Guidelines?
Initial Draft crafted and reviewed by the Security Committee
Draft sent to the NAPHSIS Board of Directors
Revised Draft sent to the Membership
Comments and additions reviewed Section made available on the
NAPHSIS Website (for members only!)
The NAPHSIS Security Guide: additional considerations . . .
An Internal Document - not available to public
A Living Document - continually changed and updated as best practices, technology, regulations, etc. evolve
May require a State or jurisdiction to change laws and regulations
May need to be revised once 2011 Revised Model Act is adopted
What Else Is NAPHSIS Doing?
EVVE Electronic
Verification of Vital Events
STEVEState and Territorial
Exchange of Vital Events
Model ActPartnering with
NCHS to revise 1992 version (Workgroup mission completed)
Fraud Early Warning System (FEWS)
In conjunction with motor vehicle partners and law enforcement
Fraud Early Warning System (FEWS)
FEWS is . . .
A secure system for reporting discovered fraudulent activities among the jurisdictions and with other government agencies
Administered by the American Association of Motor Vehicle Administrators (AAMVA) Functioning successfully NAPHSIS now included in this system
Funded and owned by the Federal Motor Carrier Safety Administration
FEWS Features
A secure database system (i.e., not e-mail) consisting of Incidents, Alerts and Updates
Post fraud alerts and receive instant notifications
Cross-referencing of incidents Post photos and document examples No cost to jurisdictions Searchable Configurable by geography Links to federal and association partners
FEWS Timetable for NAPHSIS
Initially, 8 states piloted for NAPHSIS (over two years)
More than 10 additional jurisdictions have joined after a NAPHSIS invitation to the membership to join
Training by AAMVA this month (October) for new participants and this new group will be part of the production whole in November or December
Goal is for all NAPHSIS jurisdictions to participate
Possible Enhancements or Uses for NAPHSIS
FEWS Posting area for fraudulent death
certificates List of suspicious addresses (e.g., get
frequently used) Fraudulent registration activities or
attempts to obtain a birth or death record
Additional points . . . Certain information can be viewed only by
Law Enforcement officials but there is no access by private entities
No access to Canadian jurisdictions for us in the USA
Inter-Jurisdiction Exchange of Vital
Records Information
The Challenge When a child is born in another state, who
has responsibility for follow up? Getting birth information from another
jurisdiction can be slow and unpredictable Residence jurisdiction may not get birth
record, or it may be delayed Residence jurisdiction has to re-distribute
fact of birth information to its own programs and agencies
Critical interventions may be missed or delayed
Introducing STEVE –State and Territorial
Exchange of Vital Events A secure messaging system for vital
records exchange between jurisdictions and with other public health programs and agencies
57 vital records jurisdictions will become STEVE trading partners
Based on Inter-jurisdictional Exchange Agreement administered by NAPHSIS
Automates and standardizes exchange process
Improvement over current system of paper copies, abstracts and line lists
What is Inter-jurisdictional Exchange?
IJE File Type From To
Natality File Jurisdiction where birth occurred
•Jurisdictions of residence of newborns•NCHS
Roster File(short form death notice)
Jurisdiction where death occurred
•Jurisdictions of birth of decedents•For birth/death matching for fraud prevention
Mortality File(sent twice, before and after coded cause)
Jurisdiction where death occurred
•Jurisdictions of residence of decedents•NCHS
Fetal Death File Jurisdiction where fetal death occurred
•Jurisdictions of residence of patients•NCHS
ITOP (Induced Termination of Pregnancy)
Jurisdiction where abortion occurred
Jurisdictions of residence of patients
Standard IJE File Format Used for Exchange
Uses standard flat file format Five file types defined by IJE Committee
Natality Mortality (includes cause of death literals and
codes) Roster (for birth/death matching) Fetal Death ITOP (induced terminations) – in development Marriage and divorce - future
NCHS reportable data embedded within layouts
Data content of each file type is configurable by sender at the data element level
InternetInternet
STEVE Transformation Modules (TMs) are installed at each jurisdiction for secure, point-to-point vital record exchange
S
Jurisdiction A’s TM
Jurisdiction B’s TM
IJE files IJ
E fi
les
Receiving TM
Vital Records
Newborn Hearing Screening
Immunization
Child SupportEnforcement
Research
If program mailboxes are set up by a jurisdiction, received IJE files are automatically delivered to them by the TM
When Is STEVE Coming?
National rollout began in March 2009
January 2014 deadline for implementation
Until all jurisdictions are trading partners, STEVE will support alternate electronic record exchanges with non-participants
STEVE-ER implementation in 2011 in territories
Each jurisdiction needs to have signed the IJE agreement
Alaska
California
Idaho +
Oregon
Washington +
Montana
Wyoming +
Utah
Colorado
ArizonaNew Mexico
Texas
Oklahoma
Kansas
Nebraska
South Dakota
North Dakota Minnesota
Wisconsin
Iowa
Illinois
OhioIndiana
Kentucky
WV
Virginia
N. Carolina
Georgia
Florida
AlabamaMS
Missouri
Arkansas
LA
Nevada
Hawaii
Michigan
PennsylvaniaNJ
New York CTMA
VT
NH
Maine
Tennessee
MD
DE
RI
DC
S. Carolina
State and Territorial Exchange of Vital Events (STEVE) Implementation by JurisdictionUpdated August 2011
Installed
In Preparation Puerto Rico
Guam
U.S. Virgin Islands
American Samoa
Northern Mariana Islands
NYC
+ Sharing IJE Files without using STEVE
Planning
Can Canadian Provinces and Territories Be Trading
Partners in STEVE? Placeholders built into STEVE currently
File layout differences – at what level would such differences need to be “translated” or converted?
Collection differences, such as race categories
Alternative: notification for fraud prevention purposes with a minimum of demographic characteristics for matching purposes (more than what is in current consular notices)
Alternative: focus on border states and provinces/territories
Other NAPHSIS Projects
Vital Statistics Standards Registration Security Issuance Data Collection Data Transmission Data Analysis and
Release Training Data and Record
Preservation Legal Authority
Alaska
California
Idaho
Oregon
Washington
Montana
Wyoming
Utah
Colorado
ArizonaNew Mexico
Texas
Oklahoma
Kansas
Nebraska
South Dakota
North Dakota Minnesota
Wisconsin
Iowa
Illinois
OhioIndiana
Kentucky
WV
Virginia
N. Carolina
Georgia
Florida
AlabamaMS
Missouri
Arkansas
LA
Nevada
Hawaii
Michigan
PennsylvaniaNJ
New York CT
MA
VT
NH
Maine
Tennessee
MD
DE
RI
DC
S. Carolina
EVVE Implementation – August 2011
New York City
On-line with EVVE (34) Implementation in progress (11)
Guam
American Samoa
Northern Mariana Islands
Puerto Rico U.S. Virgin Islands
eHealth or Health Information Exchange
huge interest from the states, cutting edge, future direction, etc.
new NAPHSIS committee may determine, ultimately, how VRs
are viewed, even shaped, in the larger health world
VRs in the USA are both civil registration and health
Looking at possible technical solutions, reviewing national standards documents, track jurisdictional pilots, provide communication to the membership
“Merci beaucoup” for your attention and patience!
Contact information:
Mark FlotowIllinois Center for Health Statistics/IL Dept Public Health525 West Jefferson StreetSpringfield, IL 62761
www.naphsis.org