Docstoc

Texas Birth Certificates Online

Document Sample
Texas Birth Certificates Online Powered By Docstoc
					          Draft Combined Report on Recommendations for Birth
          Certificates for Intelligence Reform Regulations

                           Table of Contents

   I.        Minimum Standards for Birth Certificates from State Vital
             Statistics Offices
             a. Registration……………………………………………………2
             b. Issuance and Use of Vital Records……………………..…..…5
             c. Amendments………………………………………………….11
             d. Birth and Death Matching…………………………..….…….12
             e. Data Content, Access and Exchange……………..…….…….15
             f. Physical Plant, Materials, and Personnel……..………………23
             g. IT Systems and Electronic Files…………..….………………36
             h. Applicability of Standards……………………………………38
             i. Minimum Conditions that States Must Meet to Apply for
                the Federal Grants…………………………………………….38

   II.       Minimum Standards for a National Electronic Verification of
             Vital Events System
             a. Queries………………………………………………………..40
             b. Hub Management……………………………………………..40
             c. Disaster Recovery and Business Continuity..………………..41
             d. Security……………………………………………………….41

   III.      Best Practices for Vital Statistics Agencies..…………………….44

   IV.       Glossary………………………………………………………….48

   V.        Appendix…………………………………………………………51
             a. Appendix #1: National Industrial Security Program Manual
                Chapter 5-801
             b. Appendix #2: Centralized Procurement Model
             c. Appendix #3: Fiscal Impact and Timing
             d. Appendix #4 System Issues




11/15/2010                            1
   I.        Minimum Standards for Birth Certificates from State Vital
             Statistics Offices

        1. Minimum Standards Associated with Registration
           a. Timeliness of Registration
                 i. Birth Registration
                       1. Births should be filed utilizing an electronic birth
                          registration (EBR) system so that information is
                          available within five days after the date of birth.
                          (WG #4)
                       2. Must electronically register 95% of all births
                          occurring within hospitals or birthing facilities
                          within 5 business days of their occurrence within
                          four years of receipt of federal funds. (WG #5)
                          (NAPHSIS Comment: This requirement goes
                          beyond the capability of the electronic system
                          itself. We agree state vital records offices should
                          have a full-fledged program to improve vital event
                          reporting. We agree such a program should
                          include electronic systems, an effective field
                          representative staff, and laws mandating timely
                          reporting of vital events. However, states maintain
                          they can not report on events until the event is
                          reported to them or their agents (e.g., hospitals,
                          licensed birthing clinics, etc.). Without baseline
                          data, states believe that it is impossible to
                          determine if the 95% requirement is reasonable).

                  ii. Death Registration
                        1. Deaths should be filed utilizing an electronic death
                            registration system so that, at minimum, the fact of
                            death is available within three days after the date
                            of death. (WG #4)
                        2. Must electronically report 90% of all deaths within
                            5 business days of their occurrence within six
                            years of receipt of federal funds. (WG #5)

             b. Delayed Registration


11/15/2010                              2
              i. All births filed more than one year after the date of birth
                 should be filed on a special Delayed Certificate of Birth
                 form.
                    1. Delayed Certificates of Birth should contain a
                        summary description of the evidence used to place
                        the record on file. (WG #4)
                    2. States should verify the evidence presented to
                        place a delayed birth on file. (WG #4)
                    3. If the delayed birth is ordered by a court, the
                        summary of evidence should indicate that the birth
                        was court ordered. (WG #4)
             ii. Must be able to retain and track a history of applications
                 for delayed birth certificates that are denied. (WG #5)
                 (Note to Charlie: See a somewhat related
                 recommendation by Workgroup #4 on a national
                 database of denied applications for delayed registration
                 under the section titled “Best Practices” starting on page
                 43 of this document)

             iii. Delayed Certificate of Birth - indicate on the certification
                  that the certificate is a delayed certificate of birth,
                  generally filed one year or more after birth. (WG #1)
                  (Note to Charlie: This statement may be a little
                  confusing as is. May need to re-write so the meaning is
                  clear.)

             iv. The certification of birth of a delayed birth certificate
                 must contain a description of each document submitted to
                 support the facts shown on the certificate. The
                 description must include the title or description; the name
                 and address of the custodian of the document; the date of
                 the original filing of the document; and all the birth facts
                 contained in the document. (WG #1)

             v. To be acceptable for consideration, as proof for Federal
                purposes, the certification of birth of a Delayed Birth
                Certificate must be marked ―Delayed‖ and include the
                date the delayed birth certificate was registered. In
                addition, it must include a description of the documentary


11/15/2010                           3
                      evidence that was used to establish the delayed
                      certificate. (WG #1)

             c. Certificates of Foreign Birth
                   i. Certificate of Foreign Birth – These courtesy documents
                       are unacceptable for use in obtaining a driver’s license
                       that then could be used for Federal purposes. A
                       certificate of foreign birth should be annotated on the
                       face of the document with the statement, ―This is not
                       proof of U.S. citizenship.‖ As with all official
                       certifications of a vital event attested to and issued by a
                       competent authority, any birth certificate should clearly
                       indicate the location (City, State, and Country) where the
                       birth actually occurred. (WG #1)

                   ii. Courtesy documents are unacceptable for use in
                       obtaining a driver’s license that then could be used for
                       federal purposes. They should be annotated on the face of
                       the document with the statement ―not proof of US
                       citizenship‖ (WG #3)

                  iii. Certificates of Foreign Birth will not meet the standards
                       for federal agency use created to implement the
                       Intelligence reform legislation. (WG #3)

             d. Verification of Birth Occurrence
                   i. Each State should establish independent methods for
                       verifying that a birth actually occurred (WG #4)
                          1. For births occurring in a facility, EBR records can
                              be matched to other databases such as hospital
                              discharge, newborn screening, and hospital billing
                              records. (WG #4)
                          2. Methods must be established for reconciling those
                              births that do not match electronically. (WG #4)
                          3. States should verify information provided by any
                              person registering a birth that occurred outside a
                              facility. (WG #4)
                          4. If a birth occurring outside a facility was not
                              attended by a medical provider, states should
                              require evidence to support the pregnancy of the

11/15/2010                                4
                         mother, that the child was born alive, and that the
                         mother was in the state on the date of the birth.
                         (WG #4)

               ii. Birthing entities shall submit a monthly facility report
                   listing all births within that entity to State/Jurisdiction
                   Vital Records offices. State/Jurisdiction Vital Records
                   offices shall reconcile the monthly report against birth
                   certificates received and investigate any discrepancies.
                   (WG #2)

              iii. The state’s electronic birth system must be able to
                   perform a monthly ―birth by facility‖ report to allow
                   independent verification of birth identity information.
                   (WG #5)

      2. Minimum Standards Associated with the Issuance and Use of
         Vital Records
         a. To Whom Records Maybe Issued
               i. There should be a national standard for restrictions on
                  access to vital records. The 1992 Model State Vital
                  Statistics Act and Regulations should be a starting point
                  for developing federal regulations to restrict access to
                  vital records. We recommend restricted access to all
                  vital records, but specifically single out birth documents
                  for special and priority consideration. (WG #3) [Note to
                  Charlie: The language in the Model Law says: The State
                  Registrar shall, upon receipt of an application, issue a
                  certified copy of a vital record in his or her custody or a
                  part thereof to the registrant, his or her spouse, children,
                  parents or guardians, or their authorized representative.
                  Others may be authorized to obtain certified copies when
                  they demonstrate that the record is needed for the
                  determination or protection of his or her personal or
                  property right.]

               ii. The general public should be required to provide
                   identification to obtain copies of vital records. Generally,
                   a primary photo ID such as a driver’s license or federal
                   travel document issued by an appropriate issuing

11/15/2010                             5
                      authority should be required. Other documentation
                      should be required that establishes a preponderance of
                      evidence of identity. State issuing authorities should
                      reserve the right to request additional evidence as
                      appropriate. In addition, a street mailing address should
                      be required. This requirement would not preclude using a
                      PO Box for receiving the mailed certificate; however, a
                      street address would need to be present. (WG #3)

                  iii. Vital Records offices shall institute measures to verify
                       the identity of the persons requesting birth certificates.
                       (WG #2)

                  iv. Federal employees that request birth certificates to
                      perform their official duties should generally not be
                      required to present identification, as long as the vital
                      records offices can be assured that the record is being
                      sent directly to the agency for official purposes. (WG
                      #3)

                   v. With respect to issuing informational copies of birth
                      records to anyone, we support the suggestion from the
                      Genealogical Community of a time limit of 100 years
                      from the date of birth. However, the regulations should
                      be directed only to those states that currently allow
                      access to genealogists. States that do not currently allow
                      access should not be required nor encouraged to provide
                      access. (WG #3)

                  vi. In any application for a vital record, it should be standard
                      procedure for Registrars or Custodians of Records to
                      request a set of biographical identifiers (e.g., full name,
                      date of birth, parents’ full name) from the applicant to
                      identify the record and to confirm the applicant’s
                      knowledge of events. (WG #3)

             b. Source of Issuance (Workgroup Comment: For Workgroup #5,
                this is an area of overlap with other workgroups. State
                representatives feel that differences among states as to whether
                they are “image” or “database” issuers must be taken into

11/15/2010                                6
             account in issuance procedures. State representatives are also
             concerned about the timeframe entailed in this requirement.
             They believe that complete centralized issuance systems can be
             constructed and that historical records can be converted to be
             used in them, but that it will take 8 to 10 years; with additional
             resources, the timeframe might be 5-6 years, still in excess of
             the law’s requirements. Image vs. database issuance needs to
             be addressed in the analysis of cost and fiscal impact.)
                 i. Local vital records offices should issue standardized
                    certificates from a centralized state-administered
                    database. (WG #3)

               ii. Each state should maintain a central database in which all
                   births and deaths are recorded so that timely information
                   is available for use by governmental agencies. (WG #4)

               iii. Implementing the same centralized issuance for death
                    certificates along with an EDRS is necessary to facilitate
                    a timely birth-death match. (WG #3)

               iv. States/Jurisdictions must issue records from a central
                   state-level database and maintain audit trails on all
                   issuances. (WG #5)

                v. States should establish procedures to maintain centralized
                   control and to audit interactions with the database. (WG
                   #4)

               vi. Place a deceased statement on the issued copy when the
                   record is flagged ―deceased‖; (WG #5 and WG #4)

              vii. If a person is deceased, the certification of birth shall
                   reflect this. (WG #1)

             viii. The central database should contain indicators for birth
                   records that were amended, delayed or marked deceased
                   (WG #4).

               ix. States/Jurisdictions shall:


11/15/2010                             7
                          1. track document control numbers for auditing usage
                             and inventory and for fraud investigations; (WG
                             #5)
                          2. link the document control number to the birth
                             record issued; (WG #5)
                          3. create/maintain a history file of each request. The
                             history file should contain at a minimum:
                                 a. requestor information (name of requestor
                                     and address sent);
                                 b. a history of previous requests for the same
                                     record. (WG #5)
                          4. detect ―excessive requests‖ for the same record;
                             (WG # 5) (Workgroup Comment: Need definition
                             from Workgroup #3 of “excessive”)
                          5. track the issuance history and requestors of birth
                             certificates. (WG #3)
                          6. track the number of times a specific record is
                             issued (could be built into EVVE system) (WG #1)
                          7. requests for 3 or more certificates at one time or
                             totaling 5 over a lifetime should be flagged for
                             review by a higher level authority. In addition,
                             multiple requests for the same record coming from
                             different locations should also be flagged for
                             additional review and possible investigation.
                             States should have procedures in place to notify
                             the appropriate authorities when they detect a
                             suspicious pattern. (WG #3)
                          8. be able to separate out requests that are to be sent
                             to ―real addresses‖ as opposed to ―mail drops‖;
                             (WG #5)
                          9. note information about past amendments on the
                             certificate. (WG #5)

                (Note to Charlie: Issuance-related recommendations are also
                included under Security of Materials under Section 6 of this
                Document.)

             c. Content of Acceptable Birth Certificates
                  i. Each certification of birth shall contain the name,
                     signature and title of the active State Registrar, the

11/15/2010                                8
                 location of the original document/information, and the
                 date of issuance. (WG #1) [Workgroup COMMENT:
                 This recommendation requires all certifications of birth
                 to contain the active State Registrar’s signature.]

             ii. As with all official certifications of a vital event attested
                 to and issued by a competent authority, any birth
                 certificate should clearly indicate the location (City,
                 State, and Country) where the birth actually occurred.
                 (WG #1)

             iii. Each certification of birth shall contain the State seal of
                  the governmental agency responsible for maintaining and
                  issuing a certification of birth. The seal shall be
                  embossed, engraved, pressed, or raised on the document.
                  (WG #1)

                 [Workgroup COMMENT: a. The Immigration and
                 Customs Enforcement Forensic Document Laboratory
                 (ICE FDL) recommends that each certification of
                 birth should bear an original signature and/or an
                 original dry seal/wet seal that has been placed on the
                 document by the appropriate designee at the time of
                 issuance. These actions signify that the process has
                 been completed, that the designee has verified to the
                 best of their knowledge that all information is
                 accurate, and add features to the document that are
                 verifiable through forensic examinations. Pre-
                 authorized forms (e.g., pre-embossed forms bearing
                 pre-printed signature), present an inherent reduction
                 in the security of the document.

                 NAPHSIS representatives feel pre-authorized forms
                 (containing a seal and signature of the State
                 Registrar) carefully monitored and captured through
                 a central data base tracking system can provide the
                 same if not better security level as an original
                 signature and seal at the final stage of processing a
                 certification. Pre-authorized forms are necessary and
                 practical due to the volume of certifications issued.

11/15/2010                           9
                 The personal signing and sealing of certifications
                 would add a labor intensive step in the processing of
                 certifications.]

             iv. A certification of birth shall not be issued unless at least
                 the first and last name of the child, or its equivalent,
                 exists on the record (Baby Boy and Baby Girl are not
                 acceptable). (WG #1)

             v. The group (i.e., Workgroup #3) agreed that blank name
                field is a bad idea and an invitation to fraud. At the very
                least, there should be some sort of indication or
                placeholder (e.g., ―baby boy‖, ―****‖, or ―-----―) that a
                first name was not given at the time of registration. (WG
                #3)

             vi. Each certification of birth shall include, at a minimum,
                 the following items (if available):
                    1. Child’s name - First, Middle (if applicable), Last,
                        Generational Identifier (if applicable)
                    2. Sex
                    3. Date of Birth
                    4. City, Town, or Location of Birth
                    5. County of Birth
                    6. Mother’s Name Prior to First Marriage
                    7. Father’s Current Legal Name
                    8. Mother’s Birthplace
                    9. Father’s Birthplace
                    10. State File Number (Certificate Number)
                    11. Name and Signature of the active State Registrar
                    12. Date original record filed
                    13. Certification Statement
                    14. Seal
                    15. Date Copy Issued
                    16. Certification Statement: This is to certify that this
                        is a true and correct copy of the original certificate
                        on file in the-----Department of (Health) or
                        custodial agency. (WG # 1)




11/15/2010                          10
                 vii. Commemorative birth certificates shall not be acceptable
                      certifications of birth for Federal purposes. (WG #1)

                 viii. Wallet certifications of birth or their equivalent shall not
                       be acceptable for Federal purposes. (WG #1)

             d. Education
                   i. The public should be informed of the importance of
                      safeguarding vital records, both for legitimate purposes
                      and to protect themselves from identity theft, and the
                      need to protect these documents from unauthorized
                      access or abuse. A ―significant public outreach and
                      education effort‖ will be required to minimize any
                      adverse effect of this recommendation (i.e., keeping the
                      volume manageable by reassuring folks that they will
                      need a new certificate until they apply for a new driver’s
                      license, new passport, or SS benefits) if it becomes a
                      federal regulation. (WG #3)

                   ii. A public outreach and educational campaign is needed to
                       educate citizens about the:
                           1. New birth certificate regulations and the
                              acceptance of noncompliant certified copies (WG
                              #3)
                           2. Importance of safeguarding birth records both for
                              legitimate purposes and protection from identity
                              theft. (WG #3).
                           3. Phase-in process for acquiring and using the new
                              birth certificates. (WG #3)
                       (Note to Charlie: Workgroup #1 had a best practice
                       recommendation on public education. It was to “conduct
                       a public education campaign on new policies/procedures
                       related to certifications of births.” This statement is
                       found in the Best Practices Section starting on Page 43
                       of this Document.)

                  iii. Educate adjudicators on security features. (WG #1)


      3. Minimum Standards Related to Amendments

11/15/2010                                11
             a. Records that are amended, with the exception of ―sealed
                records,‖ should be marked ―Amended‖ on the state central
                database as well as on certified copies. (WG #4)

             b. An audit trail should be maintained on any birth or death record
                in the state’s central database to indicate each time a record has
                been amended. (WG #4)

             c. The indicator that a record has been amended should be
                available through the EVVE system. (WG #4)

             d. Except for a birth designated as a sealed record by the State, the
                certification of birth should indicate the certificate has been
                amended, the item that has been amended, the date the action
                was taken, and the old and new information. (WG #1)

             e. For those States, which may issue an abstract of the birth
                certificate rather than a reproduction of the original document,
                the abstract must be marked ―Amended‖ if the name of the
                child, date of birth, or place of birth have been amended, except
                for a birth record designated as a sealed record by the State. In
                addition, the abstract should indicate the date of the amendment
                and which of the item(s) was amended. If a State is unable to
                meet this requirement, their abstract certifications of birth will
                not be acceptable certifications of birth for Federal purposes.
                (WG #1)


      4. Minimum Standards Associated with Birth and Death
         Matching
         a. Timeliness and Comprehensiveness of Matching
               i. All death records should be cross-matched to the
                  corresponding birth record in a comprehensive and
                  timely manner. (WG #4)

                          1. Records shall be matched within each state, among
                             all states and with Department of Defense and
                             Department of State records within five days after
                             the death. (WG #4)


11/15/2010                               12
                    2. Methods must be established for reconciling those
                       birth and death records that do not match
                       electronically. (WG #4)

                    3. Both the paper and electronic record should be
                       marked ―deceased‖ and the marker should be
                       available through the EVVE system. (WG #4)

                    4. To match legacy records, existing databases of
                       death information should be utilized. Examples of
                       these are the National Death Index (NDI), which
                       contains death information back to 1979, and
                       Social Security Administration files. (WG #4)

             ii. States/Jurisdictions must have a system for electronically
                 cross-matching birth and death records. This system
                 should: (WG #5) (Note to Charlie: SSA sent a comment
                 late in the process that was not reviewed by WG #5.
                 They would like for the “should” to be a “must”):
                    1. match 95% of all deaths to their respective birth
                        certificate and mark ―deceased‖ on the birth
                        certificates under the following time standards:
                            a. within 3 business days of receipt of the
                                death certificate, on average, after the first
                                two years of receipt of funding; and
                            b. within 2 business days of receipt of the
                                death certificate, on average, after the first
                                four years of receipt of funding. (WG #5)
                                (Workgroup Comment: The above two
                                goals are intended to make it much more
                                difficult to obtain a birth certificate that is
                                not marked “deceased” by purchasing it
                                after a person dies.)
                    2. transmit decedents’ death records to their State of
                        birth within 1 business day of registration; (WG
                        #5)
                    3. provide the capability to collect and store selected
                        information on the birth certificate from the
                        matching death certificate for subsequent use;
                        (WG #5)

11/15/2010                          13
                         4. provide the capability to assist a manual matching
                            process when a ―no match‖ or a ―near match‖ is
                            found, in order to meet the requirement that 95%
                            of all deaths be matched to their respective birth
                            records. (WG #5)

                  iii. When carrying out birth and death cross-matching
                       pursuant to this section, States/Jurisdictions shall
                       establish written guidelines which provide the standards
                       for determining when a match exists. These standards
                       shall specify the information about the decedent, which
                       should be available, and which should be compared to
                       the information on the birth certificate before a match can
                       be made. The information to be compared should
                       include at a minimum: name of decedent; name of father
                       and maiden name of mother; date of birth or age of
                       decedent; and State of birth of decedent. No match shall
                       be made unless there is documented proof of the fact of
                       death. The date of death, the State where death occurred,
                       and the death certificate number shall be posted to the
                       birth certificate. (WG #5)

             b. Electronic Records for Matching and Verification
                   i. Maintenance of Records in Electronic Format
                          1. To the extent possible, States/Jurisdictions should
                             maintain birth identity data items from birth
                             records in an electronic format for all individuals
                             born in the years 1935 to the present. (WG #5)
                          2. To the extent possible, States/Jurisdictions should
                             maintain death identity data items in an electronic
                             format from death records for individuals who died
                             in the years 2000 to the present. (WG #5)

                   ii. Matching of Historical Records
                         1. To the extent possible, States/Jurisdictions should
                            conduct a one-time birth/death matching of
                            historical records based on a pre-determined
                            prioritization scheme that takes security concerns
                            into account. (WG #5) (NAPHSIS Comments:
                            One-time matching of historical records could be

11/15/2010                               14
                         extremely expensive, especially for records that
                         cross state lines (birth and death occurred in
                         different states. Some states question whether this
                         would be cost-effective.)

      5. Minimum Standards Associated with Data Content, Access
         and Exchange
         a. Data Content
               i. Must capture birth identification, death identification,
                  and public health data elements as defined in section 5aii
                  below. Data must be captured in a standard format, and
                  the system at a minimum must process these data using
                  the consensus edit specifications for births and deaths
                  developed jointly by the NCHS and NAPHSIS. (WG #5)
                  (Workgroup Comment: This wording was chosen to
                  assure that when data are used in a birth, death, or
                  EVVE system that are also used in a federal system, those
                  data will be captured and processed according to the
                  data standards adopted jointly by the NCHS and
                  NAPHSIS.)

                   (Note to Charlie: SSA provided some comments that
                 came after the deliberations of WG #5. We wanted to
                 bring those comments on data content to your attention to
                 assist in your deliberations. They were: “The proposed
                 data standards or other project documentation should
                 include the definition and format of each of the data
                 elements included in this Section. For example, the data
                 element, “birth certificate number,” should have a
                 definition and structure of the number to ensure its
                 uniqueness; length and format specifications for computer
                 programming needs; and, instructions to deal with special
                 events, such as how to correct numbers previously issued
                 in error”.)


               ii. For the purposes of this report: (WG #5)
                     1. Birth Identification Data is defined as follows:
                            a. registrant’s name;
                            b. date of birth;

11/15/2010                           15
                   c.   city, county, and State of the place of birth;
                   d.   gender;
                   e.   mother’s maiden name;
                   f.   father’s name;
                   g.   mother’s address;
                   h.   birth certificate number;
                   i.   mother’s Social Security number;
                   j.   father’s Social Security number; and
                   k.   date filed.

             2. Death Identification Data is defined as follows:
                (WG #5)
                  a. decedent’s name and alias, if available;
                  b. date of birth;
                  c. date of death;
                  d. place of birth, State or country;
                  e. gender;
                  f. mother’s first name;
                  g. mother’s maiden name;
                  h. father’s first name;
                  i. father’s last name;
                  j. decedent’s Social Security number;
                  k. death certificate number;
                  l. State source of death;
                  m. foreign country indicator; and
                  n. date filed.

             3. Birth Public Health Data includes but is not limited
                to: (WG #5)
                    a. date of birth;
                    b. State of birth;
                    c. birth certificate number
                    d. void flag;
                    e. auxiliary state file number;
                    f. time of birth;
                    g. gender;
                    h. county of birth
                    i. place where birth occurred;
                    j. facility ID, if available;
                    k. facility ID, State assigned;

11/15/2010                   16
             l. mother’s date of birth;
             m. mother’s place of birth;
             n. mother’s residence;
             o. father’s date of birth;
             p. mother’s marital status;
             q. mother’s education;
             r. indication whether mother is of Hispanic
                 origin;
             s. mother’s race;
             t. father’s education
             u. indication whether father is of Hispanic
                 origin;
             v. father’s race;
             w. attendant at birth;
             x. indication whether mother was transferred;
             y. date of first prenatal care visit;
             z. date of last prenatal care visit;
             aa. total number of prenatal care visits;
             bb.mother’s height;
             cc. mother’s pre-pregnancy weight;
             dd.mother’s weight at delivery;
             ee. indication whether mother received WIC
                 food for herself;
             ff. previous live births now living;
             gg. previous live births now dead;
             hh. previous other pregnancy outcomes;
             ii. date of last live birth;
             jj. date of last other pregnancy outcome;
             kk. number of cigarettes smoked;
             ll. principal source of payment for delivery;
             mm.        date last normal menses began;
             nn. risk factors;
             oo.infections present;
             pp.obstetric procedures;
             qq.characteristics of labor and delivery;
             rr. method of delivery;
             ss. maternal morbidity;
             tt. birth weight;
             uu. obstetric estimation of gestation;
             vv. Apgar score (5 and 10 minutes);

11/15/2010           17
                   ww.        plurality;
                   xx. set order;
                   yy. number of live born;
                   zz. matching number;
                   aaa.       abnormal conditions of the newborn;
                   bbb.       congenital anomalies of the newborn;
                   ccc.       indication whether infant was
                       transferred within 24 hours of delivery;
                   ddd.       indication whether infant was living at
                       time of report; and
                   eee.       indication whether infant was being
                   breastfed at discharge.

             4. Death Public Health Data includes but is not
                limited to: (WG #5)
                   a. date of death;
                   b. State of death;
                   c. death certificate number;
                   d. void flag;
                   e. auxiliary state file number;
                   f. source flag: paper/electronic;
                   g. decedent’s legal name;
                   h. father’s surname;
                   i. gender;
                   j. decedent’s Social Security number;
                   k. decedent’s age;
                   l. date of birth;
                   m. place of birth;
                   n. decedent’s residence;
                   o. marital status;
                   p. place of death;
                   q. facility name—county;
                   r. method of disposition;
                   s. time of death;
                   t. decedent’s education;
                   u. indication whether decedent was of Hispanic
                       origin;
                   v. decedent’s race;
                   w. occupation;
                   x. industry;

11/15/2010                 18
                                y. infant death/birth linking—birth certificate
                                    number;
                                z. infant death/birth linking—year of birth;
                                aa. infant death/birth linking—State of birth;
                                bb.coder status;
                                cc. lot;
                                dd. section number;
                                ee. shipment number;
                                ff. NCHS receipt date;
                                gg. PGM version control—SuperMICAR;
                                hh. cause of death;
                                ii. indication whether tobacco use contributed
                                    to death;
                                jj. indication whether decedent was pregnant;
                                kk. manner of death;
                                ll. date of injury;
                                mm.        time of injury;
                                nn. place of injury;
                                oo.indication whether injury occurred at work;
                                pp.description of how injury occurred;
                                qq.indication whether injury was due to
                                    transportation accident;
                                rr. indication whether an autopsy was
                                    performed;
                                ss. indication whether autopsy findings were
                                    available to certifier;
                                tt. date of surgery;
                                uu. activity at time of death (computer
                                    generated);
                                vv. place of injury (computer generated);
                                ww.        auxiliary state file number; and
                                xx. State specific data.

             b. Access to Data by Federal Agencies
                  i. No federal agency receiving Birth or Death Identification
                     Data from a state vital records entity shall also receive
                     Public Health Data that comes from the State’s vital
                     record data collection system, and no federal agency
                     receiving Public Health Data from a state vital records
                     entity shall also receive either Birth Identification Data or

11/15/2010                               19
                      Death Identification Data from the State’s vital record
                      data collection system. (WG #5)

             c. Access to Data by Researchers
                  i. In addition to the above unless required by federal
                     statute, disclosure of information which may identify
                     any person [or institution] named in any vital record or
                     report may be made only pursuant to regulations which
                     require submission of written requests for information by
                     researchers and execution of research agreements that
                     protect the confidentiality of the information provided.
                     Such agreements shall prohibit the release by the
                     researcher of any information that might identify any
                     person [or institution] other than releases that may be
                     provided for in the agreement. For purposes of this part,
                     research means a systematic investigation, approved by a
                     cognizant Institutional Review Board as appropriate, and
                     designed primarily to develop or contribute to
                     generalizable knowledge. Federal agencies receiving
                     identity data may do so as required by federal statute.
                     (WG #5) (Workgroup Comment: This paragraph was
                     taken from the NCHS Model Law, and is intended to
                     allow public research to continue.) (Note to Charlie:
                     Received comments from SSA about this item after the
                     WG completed its work. These comments were NOT
                     discussed with the WG. They were as follows: “SSA is
                     concerned about this section. Although the intent of the
                     paragraph is to allow public health research to continue,
                     we believe it could have the opposite effect on research
                     that SSA undertakes. That paragraph, in our
                     interpretation, appears to allow for disclosure of vital
                     statistics data for research purposes only in specific and
                     narrow circumstances---i.e., when required by federal
                     statute or when made pursuant to regulations which
                     require submission of written requests. The paragraph
                     further indicates that the research must be approved by a
                     cognizable Institutional review Board. SSA research
                     disclosure regulations at 20 CFR401.165 do not include
                     similar restrictions and may not satisfy the stringent
                     disclosure requirements of this paragraph. For this

11/15/2010                              20
             reason, we are concerned that the language in that
             paragraph may hamper SSA’s research efforts. We fully
             recognize the need to protect personal vital statistics
             data, but we believe that the language in this paragraph
             is overly restrictive and, therefore, warrants revision.
             SSA’s Office of Research, Evaluation and Statistics,
             which brought this matter to the attention of the OGC,
             shares our concern about this paragraph.

             Also, disclosure issues are usually covered in a
             memorandum of understanding rather than in computer
             standards, so one option would be to delete this
             paragraph. The intent was to allow research to continue,
             but as written, the language would preclude SSA from
             disclosing the information for research purposes. SSA
             statutes permit release of data for research purposes but
             do not “require” it other than for epidemiological
             purposes. Also, SSA does not have a regulation that
             requires submission of written requests, although it is our
             practice. In addition, SSA does not have an Institutional
             Review Board. If the paragraph must remain in the
             standards, we propose the following rewrite:
             “ In addition to the above unless required by federal
             statute, disclosure of information which may identify any
             person [or institution] named in any vital record or
             report may be made only pursuant to regulations which
             require the submission of written requests for
             information by researchers and execution of research
             agreements that protect the confidentiality of the
             information provided. Such agreements shall prohibit
             the release by the researcher of any information that
             might identify any person [or institution] other than
             releases that may be provided for in the agreement. For
             purposes of this part, research means a systematic
             investigation, approved by a cognizant Institutional
             Review Board as appropriate, and designed primarily to
             develop or contribute to generalizable knowledge.
             Federal agencies receiving identity data may do so as
             permitted by federal statute.”


11/15/2010                     21
             d. Data Exchange
                   i. Must transmit electronic birth or death Identification
                      Data or Public Health Data, as described in this part, to
                      authorized state or federal agencies within 1 business day
                      of receipt at the state office, using an agreed upon
                      standard (similar to ANSI) and a secure messaging
                      transport protocol. (WG #5) (NAPHSIS Comment: Rather
                      than specify ANSI, which could change over time, we
                      chose to generalize the wording, keeping the concept the
                      same.)

             e. Electronic Verification of Vital Records
                   i. Timeliness of verification
                          1. Must allow SSN verification on death reports with
                             the SSA during record entry to ensure accuracy of
                             name and social security number, making every
                             effort to provide the verification response within
                             one minute. (WG #5)

                         2. Goals of the State-component of the EVVE
                            Program
                               a. States/Jurisdictions should achieve and
                                  maintain a timeliness goal of 5 seconds, on
                                  average, when responding to queries from
                                  the EVVE hub. (WG #5)
                               b. The indicator that a record has been
                                  amended should be available through the
                                  EVVE system. (WG #4)
                               c. States/Jurisdictions should ensure that:
                                      i. registered records are available for the
                                         EVVE system within 24 hours after
                                         registration in an electronic format;
                                         (WG #5)
                                     ii. amended birth or death certificate
                                         items that are also part of the EVVE
                                         system should be available for the
                                         EVVE system to use within 24 hours,



11/15/2010                              22
                                       on average, from the time the
                                       amendment is approved; (WG #5)
                                  iii. in the event of a system failure, they
                                       have adequate back-up and
                                       redundancy to bring the EVVE
                                       system back on line within 72 hours;
                                       (WG #5) (Note to Charlie: Review
                                       #7b. This recommendation may
                                       conflict with that one).
                                  iv. the system is able to receive and
                                       maintain an inventory of lost or stolen
                                       security paper numbers. (WG #5)
                                       (Workgroup Comment: This
                                       capability allows stolen paper to be
                                       identified if an attempt to use it occurs
                                       subsequently. If the paper is bar
                                       coded, and then the bar code is
                                       swiped when a user attempts to use it,
                                       the reference number can reach back
                                       via the EVVE to the purchaser or to
                                       the “stolen list”).

      6. Minimum Security Standards Associated with Vital Statistics
         Physical Plant, Materials and Personnel
         a. Physical Plant Security
               i. Security Planning Risk and Mitigation
                     1. State/Jurisdiction Registrars shall develop and
                         maintain a State/Jurisdiction Security Policy
                         Manual, which addresses the requirements
                         specified in CRF ____. Local Registrars shall
                         develop and maintain a Local Security Policy
                         Manual, which addresses the requirements
                         specified in the State/Jurisdiction Security Policy
                         Manual. State/Jurisdiction Registrars shall review
                         and approve Local Security Policy Manuals. (WG
                         #2)

                      2. State/Jurisdiction and Local Registrars or designee
                         shall oversee the requirements specified in the


11/15/2010                           23
                       State/Jurisdiction Security Policy Manual or the
                       Local Security Policy Manual. (WG #2)

                    3. Annually, State/Jurisdiction and Local Registrars
                       or designee shall conduct and document a security
                       inspection, which includes a statement that the
                       organization is in compliance with the
                       requirements specified in the State/Jurisdiction
                       Security Policy Manual or the Local Security
                       Policy Manual or listing deficiencies and a plan to
                       resolve them. (WG #2)

                    4. State/Jurisdiction and Local Registrars or designee
                       shall report illegal entry or attempted illegal entry
                       to the appropriate law enforcement agency. (WG
                       #2)

                    5. State/Jurisdiction and Local Registrars or designee
                       shall have a designated law enforcement contact
                       for issues pertaining to fraudulent birth certificates.
                       (WG #2)

                    6. The State/Jurisdiction or Local Registrar or his
                       designee shall annually coordinate with
                       appropriate law enforcement authorities to ensure
                       that they are aware of the value of vital documents,
                       hours of operation, and security issues that pertain
                       to the vital records facilities and to determine the
                       expected response time by law enforcement if a
                       security breach were to occur. (WG #2)

             ii. Security of Materials
                    1. During non-working hours, security paper,
                       embossing equipment and other items used to
                       authenticate birth certificates shall be maintained
                       in a room or in containers comprised of materials
                       offering resistance to and evidence of,
                       unauthorized entry into the room or container.
                       (WG #2).


11/15/2010                          24
             2. During non-working hours, blank birth certificate
                forms shall be secured in a locked container or
                under equally secure means. (WG #2)

             3. Vital Records equipment which must operate on a
                24/7 basis to support EVVE, match programs and
                other related systems shall be maintained under
                safeguards as noted bullet #1 above. (WG #2)

             4. State and Local Registrars shall distribute birth
                certificate forms and equipment designed to create
                birth certificates only to government agencies or to
                those non-government facilities and personnel who
                are licensed to assist in the birth process.
                Government and non-government personnel and
                facilities that maintain birth certificate forms and
                equipment shall maintain them under the
                guidelines established for Vital Records
                State/Jurisdiction and Local Registrars. Issuance of
                birth certificate forms and acceptance of the forms
                shall only be to/from birthing facilities and to/from
                midwifery operations with two certified or licensed
                midwives, approved by the State Registrar to sign
                the birth certificate form. Birth certificates for
                other non-institution births shall be completed in
                the vital records office or under the management of
                the State or Local Registrar or designee. (WG #2)

             5. State/Jurisdiction and Local Registrars shall
                develop security paper risk prevention procedures
                for operations during hours of operation. These
                procedures may vary depending upon the size of
                the operation but State/Jurisdiction and Local
                Registrars shall hold employees accountable for
                the paper assigned to them. Example: Large
                operations may require operators to remove copier
                trays and place them under lock when absenting
                themselves from the area. Small operations may
                require operators to add and remove security paper


11/15/2010                  25
                from copier trays for each action conducted.) (WG
                #2)

             6. Facilities shall maintain a log of security paper
                control numbers. The log will identify the
                certificate issued or an explanation of other
                disposition (e.g., Voided). The State/Jurisdiction
                or Local Registrar or designee shall review the log
                monthly. Local Registrars shall forward a monthly
                report with physical proof that the document was
                destroyed to State/Jurisdiction Registrars who shall
                investigate any discrepancies in numbers.
                Examples of acceptable proof include but are not
                limited to: removing and sending the actual
                control number from the paper or sending the
                actual voided certificate. (WG #2)

             7. Paper manufacturers and printers shall comply
                with the National Industrial Security Program
                Requirements regarding security paper
                manufactured and delivered to State vital records
                offices. The National Industrial Security Program
                and its operational manual prescribes
                requirements, restrictions and other safeguards that
                are necessary to prevent unauthorized disclosure of
                classified information released by the U.S.
                Government Executive Branch Departments and
                Agencies to their contractors. (See Appendix #1).
                The Manual also prescribes requirements,
                restrictions, and other safeguards that are
                necessary to protect special classes of classified
                information. The NISP was established by
                Executive Order 12829, 6 January 1993, "National
                Industrial Security Program.‖ (WG #1)

             8. Procurement of the birth certificate paper, Surface
                Security Printing, etc., should be accomplished at
                the Federal level. (See Appendix #2 for
                description of the Centralized Procurement
                Model). The formula for the paper, watermark,

11/15/2010                  26
              overt and covert security printing specifications
              should be classified. Aggregate procurements will
              include all 57 jurisdictions and likely result in
              lower costs per unit. A smaller (cleared) number
              of paper manufacturers and security printers will
              be solicited for this national contract vehicle. (WG
              #1)

              [Workgroup COMMENT: There is
              disagreement with this recommendation.
              NAPHSIS feels that as long as the security
              measures adopted by regulation for paper or
              printing can be met by established vendors, the
              State should maintain the option to utilize any
              vendor able to meet the requirements. GPO
              could also provide this service and States
              would have the option to use their service.

             Federal COMMENT: ICE FDL supports GPO’s
             proposal to handle the procurement process. If
             individual states are left to select their own
             vendors, two concerns arise: 1) All states may
             not have the necessary training or resources to
             properly vet vendors who will be supplying
             security features to include high quality security
             printing/inks, watermarks, ultraviolet and/or
             infrared fluorescent inks/fibers/threads, optically
             variable inks/devices, and covert forensic
             features, and (2) The most important quality of a
             security document is consistency in all aspects of
             the document from one certificate to the next. In
             other words, if a feature is not consistent from
             one document to the next, then the feature is not
             reliable (or useless). Creating a situation where
             there is a possibility of utilizing 57+ (if locals
             also have this option) different vendors make the
             production of a consistent product virtually
             impossible. What that boils down to is basically
             the same situation that exists today where nobody
             knows what a genuine certification looks like

11/15/2010                27
              (14,000 different certifications) but on top of that
              the certification now is even more expensive].

             9. Each certification of birth issued on paper shall
                include, at a minimum, the following security
                features:
                   a. 28#, acid free paper, not optically bright/
                       UV dead
                   b. A fourdrinier watermark unique to Vital
                       Records visible through use of transmitted
                       light
                   c. Chemically sensitive paper to react visibly
                       from both sides when the document is
                       altered
                   d. Paper to be printed using ink jet or laser
                       printer with the paper containing a
                       protective laminate
                   e. Overt and covert security fibers that must be
                       integrated in the paper
                   f. Overt security thread integrated in the paper
                   g. Void Copy Background or Pantograph or a
                       similar feature to deter color photo-coping
                       of document
                   h. Prismatic (Rainbow, Split Foundation)
                       printing – use printing with continuous line,
                       not dot images
                   i. Include micro-printing
                   j. A permanent, sequential, letterpress
                       printed control number for inventory control
                       and a transaction number specific to the
                       issuance of the certification of birth for
                       tracking purposes. These numbers may be
                       one in the same.
                   k. Revision date that has been preprinted on
                       the security paper. (WG #1)

                      [Workgroup COMMENT: NAPHSIS does
                      not agree with the requirements of item #d
                      (Paper to be printed using ink jet or laser
                      printer with the paper containing a

11/15/2010                  28
             protective laminate). Most States and locals
             utilize laser printers for issuance of
             certificates because they are cost effective,
             reliable, and readily available. Requiring
             ink-jet printers or laminates with laser
             printers will be a tremendous cost to the
             States. They question the reliability and
             availability of effective ink-jet printers for
             the many offices requiring heavy volume
             printing. The purchase and daily
             maintenance costs of using ink-jet printers
             will be far more than laser printers. Any
             lamination technique added to the
             processing of a certification will require
             costly equipment and add another step in the
             processing of the document impacting the
             timeliness of service. If initial funds are
             provided to purchase equipment along with
             continued funding to offset the increased
             maintenance costs associated with ink-jet
             printing, the recommendation would be
             more feasible.

             Federal COMMENT: The ICE FDL
             recommends that biographical data be
             entered using technology in this preferred
             order: 1) inkjet printer utilizing a pigment-
             based ink, or (2) electrostatic process (laser
             printer) covered by a protective security
             laminate. {An impact process would be the
             best option because the impact also
             embosses the paper. However, questions
             remain about the availability, cost
             effectiveness, speed, and the noise
             associated with this process. Additionally, it
             is highly unlikely that a dot matrix printer
             could be used in those states that print an
             “image” of the certificate on file.}




11/15/2010        29
             Therefore, inkjet that utilizes a pigment-
             based ink is probably the best, feasible
             option. Inkjet, when utilized with
             compatible paper, penetrates the paper
             surface. Therefore, the data cannot be
             simply scraped from the surface without
             leaving evidence of attack (paper fiber
             disturbance). Additionally, pigment-based
             inks are not soluble in water and are more
             durable (resistant to fading).


             Laser printers utilize toner, which is a dry
             ink powder that is fused to the surface of the
             document by heat. Because toner rests on
             the surface of the document, toner can be
             removed rather easily from the document
             without leaving much, if any, evidence of
             tampering. Utilization of a protective
             laminate would greatly enhance the security
             of the personalized information added to the
             document, especially if the laminate itself
             contained security features. Furthermore, it
             may not be necessary to obtain any
             additional equipment to apply the laminate,
             as there are some laminates that are self-
             adhesive and only require the application of
             pressure. Utilization of a laser printer
             without a protective laminate would render
             all certifications highly susceptible to
             alteration. It is counterproductive to
             enhance the security features of the
             document (making it harder to counterfeit)
             while leaving the information vulnerable to
             alteration.

             The ICE/FDL also recommends a standard
             size of 81/2 inches by 11 inches for all
             certifications of birth.]


11/15/2010        30
                  iii. Inventory Control and Waste Disposal
                          1. Movement of paper birth certificates between vital
                             records offices shall include tracking and signature
                             receipts on both ends of the shipment. (WG #2)

                          2. Voided security paper, working copies of birth
                             certificates, microfilm and other materials, which
                             contain personal identifying information shall be
                             destroyed by shredding or by an equally secure
                             method. While awaiting destruction, the materials
                             shall be placed in secured containers which the
                             Security of Materials criteria cited above. (WG #2)

                          3. Security equipment items (e.g., embossers,
                             signature stamps etc.) shall be destroyed in a
                             manner that renders them unusable. (WG #2)

                          4. Electronic materials containing birth information
                             shall be destroyed in accordance with methods that
                             do not permit data recovery. (Examples may
                             include multiple overwrite, ultraviolet light,
                             magnetic removal.) (WG #2)

             b. Personnel Security
                   i. Vital records staff
                         1. All persons with access to the vital records system
                             must meet all personnel security requirements that
                             are required for vital records staff, irrespective of
                             where employed. (WG #5) (Workgroup
                             Comments: This assures that IT personnel with
                             access to the system are also screened.)

                          2. State vital records operations shall designate
                             specific personnel to conduct activities that involve
                             sealed files, control of bulk security paper and
                             other high-risk activities. (WG #2)

                          3. Current Vital Record’s employees shall at a
                             minimum receive a local police background check,
                             which reveals that the candidate has not been

11/15/2010                               31
                convicted of a felony offense within the last 10
                years. If the employee has not been in area for ten
                years, the check will include the previous
                residence for the outstanding period of time. (WG
                #2)

             4. Candidates for permanent employment positions in
                vital records shall at a minimum receive a local
                police background check which, reveals that the
                candidate has not been convicted of a felony
                offense within the last 10 years. If the employee
                has not been in area for ten years, the check will
                include the previous residence for the outstanding
                period of time. Probationary appointments may be
                made but permanent appointments shall be
                dependant upon the results of the check. (WG #2)

             5. Background checks should be completed within 60
                days for local and state police checks and 120 days
                for FBI or National Agency Checks. Extensions
                beyond these dates shall require written
                explanation from the agency conducting the check.
                (WG #2)

             6. Candidates for permanent employment positions in
                vital records shall receive a review of references
                and last place of employment. (WG #2)

             7. Candidates for employment within a state or local
                vital records office shall be U.S. Citizens or have
                U.S. documents, which authorize their
                employment in the United States. (WG #2)

             8. Candidates selected for positions in vital records
                offices shall sign a document verifying that they
                are aware that the results of an unfavorable
                background check may result in termination. (WG
                #2)




11/15/2010                  32
                    9. Employees of vital records office must sign a non-
                       disclosure statement indicating that if they access
                       or disclose information for other than professional
                       reasons as related to their direct duties that they
                       shall be subject to immediate termination. (WG
                       #2)

                    10. Personnel who maintain the centralized processing
                        centers outside the vital records office shall meet
                        the same personnel requirements as personnel who
                        work within the vital records office. (WG #2)

                    11. Employees shall wear a badge, which identifies
                        them as persons with access to the vital records
                        area. In government buildings where badges are
                        issued to all employees, a special designation shall
                        be placed on the badges of personnel with access
                        to vital records. (WG #2)

                    12. Security infractions shall be documented and
                        maintained in accordance with the
                        state/jurisdiction personnel directives. (WG #2)

             ii. Temporary and Volunteer Personnel
                   1. Temporary and volunteer personnel shall not be
                      granted unsupervised access to security paper or
                      birth records unless a local police check of equal
                      or better measure has been completed. Background
                      checks, which reveal a felony conviction within
                      the last 10 years, shall result in termination. (WG
                      #2)

             iii. Contract Personnel
                    1. Contractors who physically work in vital records
                        offices more than 30 days per year shall come
                        under the security procedures specified for
                        temporary and volunteer personnel. (WG #2)
                    2. Contract specification for goods or services that
                        impact birth certificate security shall include
                        security procedures equivalent to those required of

11/15/2010                         33
                            vital records offices. (Examples may include
                            credit card ordering, data entry, software
                            development and maintenance.) (WG #2)

                  iv. Security Training
                         1. Semi-annually, permanent and temporary
                            personnel shall receive security training. Training
                            subjects and names of the participants who attend
                            shall be documented. (WG #2)

                         2. States/Jurisdictions must establish and maintain an
                            ongoing capability for providing computer security
                            awareness training for vital records/statistics
                            employees that includes information about their
                            responsibility for proper use and protection of birth
                            and death information, and the possible sanctions
                            for misuse. (WG #5)

                         3. State/Jurisdiction Registrars or their designee shall
                            annually provide security training information to
                            hospital birth certificate personnel. (WG #2)

             c. Supply Chain
                   i. Birthing facilities and registered/licensed midwives
                      (birthing entities) that prepare birth certificates shall:
                          1. Ensure that computer and printer equipment
                             containing birth information are accessed only by
                             designated personnel with secure user ID assigned.
                             (WG #2)
                          2. Birth certificate forms and documents containing
                             birth information shall be maintained in a locked
                             container with documented key control procedures.
                             (WG #2)

                  ii. Birthing entities shall destroy voided birth certificates by
                      shredding or equivalent method. (WG #2)

             d. Physical Intrusion
                   i. The State/Jurisdiction or Local Registrar or designee
                      shall maintain a record of key and combination holders

11/15/2010                               34
                  and conduct a semi-annual key inventory or equivalent
                  security measures. (WG #2)

              ii. Vital records operations that are co-located with other
                  governmental operations shall have well defined
                  separation between the operations. The same person may
                  perform multiple duties but vital records documents and
                  the location where the activities occur shall be separated
                  from other activities. (WG #2)

              iii. State and Local Vital Records Offices shall be housed
                   only in government operated buildings or areas of
                   buildings that are available at any time to unannounced
                   inspection. (WG #2)

              iv. Customers shall have specific designated entry(s) into the
                  facility. (WG #2)

               v. Facilities shall have spatial arrangements, which separate
                  vital records’ personnel and customers sufficiently to
                  ensure that the certificates are not within reach nor can
                  information be viewed by customers. (WG #2).

              vi. Customers shall not be permitted unaccompanied access
                  within the vital records office. (WG #2)

             vii. Non vital records personnel, who provide
                  cleaning/maintenance services to areas within secure
                  areas of vital records offices shall be accompanied or
                  managed using measures equivalent to accompaniment.
                  (WG #2)

             viii. Facilities that house vital records shall contain doors
                   and/or windows with secure locking mechanisms and at
                   least one additional measure which may include:
                      1. Security guards.
                      2. Intrusion alarm system.
                      3. Electronic monitoring.
                      4. Security fencing with added measures appropriate
                          to the location of the building.

11/15/2010                          35
                          5. Video monitor.
                          6. Routine law enforcement surveillance of facilities.
                             (WG #2)

                  ix. Birth certificates and birth certificate data that are stored
                      in off site locations shall be maintained under standards
                      established for Vital Record offices or equivalent
                      measures. (WG #2)


      7. Minimum Standards Associated with Vital Statistics IT
         Systems and Electronic Files
         a. Access to Computer Files
               i. State/Jurisdiction Registrars shall control access of
                  computer files containing birth identity information.
                  Personnel shall be assigned access only to the portions of
                  the files that pertain to their duties. (WG #2)

                   ii. State/Jurisdiction Registrars shall not permit open access
                       of electronic birth files to government or non-government
                       agencies. Access may be granted to specific persons
                       within the agencies with secure user ID assigned by the
                       State/Jurisdiction Registrars. (WG #2)

                  iii. Vital Records data maintained in centralized processing
                       centers outside vital records shall meet the same
                       requirements as that maintained within the vital records
                       office. (WG #2)

             b. Storage of Records and Files
                   i. State Vital Records offices shall maintain birth
                      certificates or electronic birth files in an off site storage
                      to ensure disaster recovery. (WG #2)

             c. System Compliance
                   i. The Vital Records IT system must be compliant with
                      section 508 of the Americans with Disabilities Act. (WG
                      #5)

             d. IT System Security and Business Continuity

11/15/2010                                36
              i. Authentication
                   1. A user authentication mechanism must validate
                      that the user is registered to use the vital
                      records/statistics systems and has signed on with
                      the appropriate user name and password or other
                      identifiable key. States/Jurisdictions are
                      encouraged to use stronger authentication
                      mechanisms where their state IT infrastructure
                      permits. (WG #5)
                   2. User authorization levels must manage access to
                      system functions and data. Authorization should
                      be both user-based and role-based. (WG #5)

             ii. Encryption
                   1. States/Jurisdictions must encrypt the record-level
                      or response-level data transmitted between State,
                      federal, and/or private systems. (WG #5)
                   2. State/Jurisdiction Registrars shall employ
                      encrypted or an equally secure method for
                      transmitting birth data from hospitals into vital
                      records and from the state/Jurisdiction facility to
                      local vital records facilities or other government or
                      non-government offices. (WG #2)

             iii. Audits
                    1. Each of the states’/Jurisdictions’ electronic vital
                        records systems must contain an audit capability
                        which:
                           a. maintains audit trails of all entry or
                              alterations of record information in the
                              system; (WG #5)
                           b. maintains the audit file data in an
                              unalterable (read only) format for a
                              minimum of seven years; (WG #5)
                           c. records at a minimum the changes made to
                              the record, date modified, and the person
                              modifying the record; (WG #5)
                           d. tracks paper control numbers regardless of
                              the physical location of the paper; (WG #5)


11/15/2010                         37
                             e. keeps track of the number of times a
                                document is printed and the number of
                                documents printed, when printed, and who
                                ordered the printing; (WG #5)
                             f. version-control all records (i.e., when
                                records are amended, the original value of
                                key fields before and after each value was
                                modified is retained). (WG #5)

      8. Applicability of Standards
         a. All standards for the issuance of certified copies of birth
            certificates, processing applications, physical security and other
            security enhancements should apply equally to state and local
            offices. (WG #3)

      9. Minimum Conditions that States Must Meet to Apply for the
         Federal Grants
         a. Must originate from the legal entity responsible for the vital
            records/statistics program in the State. (WG #5).
         b. Must commit to maintain the level of budgetary effort for the
            vital records/statistics program to at least its pre-award level
            during the receipt of the federal grant. (WG #5)
         c. Must demonstrate adequate support from the state or
            departmental IT agency/program. (WG #5)
         d. Must have a project manager with project management training
            (or commit to obtain one). (WG #5)
         e. Must agree to participate in the national EVVE network. (WG
            #5)
         f. Must agree at a minimum to develop a confidentiality
            agreement with the federal agencies authorized to receive
            identity or public health data from state vital statistics systems,
            provided that such data are used for administrative or public
            health purposes, respectively, solely in the conduct of their
            official duties. (WG #5) (Note to Charlie: The following SSA
            statement came in after the WG finished its deliberations and
            thus was not discussed in that process. In responding to them,
            we stated that we would make you aware of their concern about
            this statement. It was: “”we are concerned that this section
            might be interpreted to limit SSA’s Office of the Inspector
            General’s Office of Audit or Office of Investigations access to

11/15/2010                            38
                information necessary to fulfill their statutory responsibilities
                under the Inspector General Act of 1978, as amended (5 U.S.C.
                App 3) to conduct audits or investigations involving SSA’s
                programs and operations. We should suggest that it be clear
                that the HHS Standards will not so limit our access to this
                information.)

             g. Must agree to:
                   i. meet the Minimum systems standards outlined in Part II
                      below and the time requirements as specified in the
                      legislation; and
                  ii. provide a cost estimate for each of the major components
                      of their proposed project(s). (WG #5)



(Note to Charlie: WG #5 had some significant discussions and concerns
about the fiscal impact of the regulations on the states and the charges to the
federal agencies, on who had access to data and under what conditions, and
on certification vs. verification of records through the EVVE system. While
consensus was not reached on many of these issues, they did agree to a
summary of the issues as outlined in Appendixes 3 and 4)




11/15/2010                               39
II. Minimum Standards for a National Electronic Verification of
               Vital Events System (EVVE)

    1. Queries
        a. The national EVVE system must achieve the following
           standards:
                i. must support multiple governmental agencies at the
                   State, federal and local levels; (WG #5)
               ii. must support ―verification‖ and to the extent possible
                   ―certification‖ queries involving birth records from 1935
                   year of birth to the present and death records from 2000
                   year of death to present; (WG #5) (Note to Charlie.
                   Received comments from SSA after the WG completed its
                   report. SSA would like the term “to the extent possible”
                   in front of certifications dropped.)
             iii. must have an automatic billing capability that supports
                   multiple pricing structures for ―certificate queries‖; (WG
                   #5)
              iv. must use the approved Vital Events Transaction standard-
                   --a national standard for the exchange of vital records and
                   vital statistics whether for administrative or statistical
                   purposes (ANSI or similar) and a secure messaging
                   transport protocol; (WG #5)
               v. must have the capacity to capture user-specified
                   management information reports; (WG #5)
              vi. must achieve and maintain the following timeliness
                   response goals:
                       a. receive queries from the federal agencies and send
                           to appropriate State within 5 seconds on average;
                           and
                       b. receive responses to queries from the State and
                           send to the appropriate federal agencies within 5
                           seconds on average. (WG #5)
             vii. must flag responses with amendment information when
                   appropriate (WG #5 see also WG #4) and
            viii. must be able to flag verification responses if the paper
                   being verified has been reported as lost or stolen. (WG
                   #5)

    2. Hub Management

11/15/2010                           40
      a. A full-time manager with project management training should
         manage the EVVE system and its enhancements and provide
         monthly performance data (i.e., cost and schedule) for all projects.
         (WG #5)

   3. Disaster Recovery and Business Continuity
         a. The EVVE hub must be capable of operating on a 24/7 basis,
            with appropriate back-ups and redundancies. (WG #5)

             b. In the event of catastrophic system failure associated with the
                hub and/or the facility housing the hub, the national entity must
                have a redundant off-site hub that can become operational
                within 8 hours of the failure. (WG #5)

   4. Security
         a. The EVVE system and the national entity operating it should be
            certified and accredited against national standards. Certification
            and accreditation reviews should be conducted by an
            independent security firm of mutual agreement between the
            national entity and the federal agencies. (WG #5) (Note to
            Charlie: SSA provided comments to us after the WG process
            was completed, so the committee did not have an opportunity to
            discuss them. SSA stated that “FISMA” standards would not
            apply to EVVE. We deleted the word FISMA between “national
            standards” in this statement, but left the remaining statement as
            is).

             b. The national entity must establish and maintain an ongoing
                capability for providing computer security awareness training
                for its employees and contractors. That training must advise the
                employees and contractors about their responsibility to properly
                use and protect person-specific information and about the
                sanctions for misuse. (WG #5)

             c. The EVVE System must comply with any federal State Online
                Query requirements, including any certification processes,
                before sending/receiving online queries. (WG #5) (Note to
                Charlie: received comments from SSA about this statement
                after the WG process was completed. In that statement, SSA
                stated the “federal State Online Query requirements” would

11/15/2010                               41
                NOT apply to EVVE. Since SSA originally requested this
                statement to be included, we took the liberty of deleting it for
                this combined report.)

             d. The EVVE System must encrypt the record-level or response-
                level data transmitted between the EVVE hub and the state
                EVVE servers and between the EVVE hub and the federal
                agencies servers. (WG #5)

             e. All electronic communications occurring over the public
                internet between the national entity and States/Jurisdictions and
                between the national entity and federal agencies must at a
                minimum use Secure Socket Layer (SSL) and 128-bit
                encryption protocols, Virtual Private Networks (VPN), and/or
                more secure methods. (WG #5)

             f. The national EVVE system must maintain a fully automated
                trail system capable of:
                     i. maintaining audit trails of all entry or alterations of
                        record information in the system;
                    ii. maintaining audit file data in an unalterable (read only)
                        format for a minimum of seven years;
                   iii. recording at a minimum changes made to the record, date
                        modified and the person modifying the record; and
                   iv. restricting access to the audit file to authorized users with
                        a ―need to know.‖ (WG #5)

      (Note to Charlie: SSA provided some general comments about EVVE
      that were too late to be discussed in WG #5 meetings. We are
      providing these comments for your information and deliberations.
      They stated: The proposed standards or other project documentation
      should include a detailed description of the EVVE network, including
      the proposed workflow and network infrastructure. We believe that a
      well- designed EVVE would be a more efficient and cost-effective way
      to accommodate some of the requirements that are now considered
      State responsibilities, such as:
          1. User registration and access control, including user
             authentication
          2. Maintenance of a history file of all requests


11/15/2010                                42
             3. Detection of “excessive requests” from any site, or for any
                record
             4. Tracking States’ performance




11/15/2010                              43
   II.       Best Practices for Vital Statistics Agencies

   1.        Denied Applications
             a. A national database of denied applications for delayed birth
                certificates and for unattended home births should be
                established for state use. (WG #4)
             b. Prior to filing a delayed birth certificate, states should check the
                national database to ensure that the applicant has not attempted
                to file the birth in another state. (WG #4)
             c. Prior to filing a birth certificate for an unattended home birth,
                states should check the national database to ensure that the
                applicant has not attempted to file the birth in another state.
                (WG #4)

   2.        Amendments
             a. As a best practice, a description of the change and evidence
                used should be indicated on the birth record and on certified
                copy of the record. (WG #4) (Note to Charlie: Most workgroup
                members (5 actively; 6 via assent) thought it was sufficient for
                this to be a best practice; however, SSA opinion, as articulated
                by one of the 4 SSA staff, is that this bullet should be part of the
                regulation.)
             b. A possible best practice may be to have an indicator on an
                electronic record that there is a sealed file on that record but no
                indication of the reason for the sealed file. This indicator
                should be available through the EVVE system. (WG #4)
             c. As a best practice, states should add an indicator to legacy
                records that have been amended so that it is available through
                the EVVE system. (WG #4)

   3.        Issuance of Certificates
             a. Intaglio printing is the gold standard because it is expensive to
                produce (more difficult to counterfeit) and produces tactile
                security features; high quality offset lithography is acceptable if
                intaglio is not cost effective. (WG #1)

             b. Distribution of security features: 80% overt features (printing,
                paper, watermark, security thread) with users shared with the
                general public, 15% covert features (requires black light or loop
                to determine features) shared with adjudicators and law

11/15/2010                                44
                enforcement , and 5% forensic features known only by the
                State. (WG #1)

             c. Security features - optically variable ink (color shifting ink) and
                optically variable devices (holograms, kinegrams) are the gold
                standard. (WG #1)

             d. Customer identification: The workgroup was impressed by the
                requirement in California for notarized applications for vital
                records. The system now in testing for electronic verification
                of vital events (EVVE) will greatly augment the security
                provided by admittedly imperfect ID verification possible
                during remote transactions between vital records offices and
                their customers. (WG #3)

   4.        Birth and Death Matching
             a. Best practice would be to match all ages; however, practical
                considerations may limit the number of legacy records that can
                be matched. (WG #4)

   5.        Education
             a. Conduct a public education campaign on new
                policies/procedures related to certifications of birth. (WG #1)

   6.        Personnel
             a. Best practice shall require background checks of existing
                employees after each ten years of employment. The result of a
                background check which reveals that the employee has been
                convicted of a felony offense within the last ten years shall
                result in removal from vital records duties. (WG #2)

             b. Best Practice shall require that the background check be
                completed in 30 days for local or state law enforcement and 60
                days for an FBI or National Agency Check or better. (WG #2)

             c. Best practice shall require a state police, FBI or National
                Agency Check or better background check. (WG #2)


   7.        Security of Materials

11/15/2010                                45
             a. Best practice shall include materials and locking mechanisms
                approved recommended in chapter 5-801 of the National
                Industrial Security Program Manual (Appendix 1 to this
                document). (WG #2)

             b. Best practices for construction of State Vital Records vaults
                which store birth certificates and equipment which contains
                electronic birth data shall be in accordance with chapter 5-801
                of the National Industrial Security Program Manual for closed
                areas. (Note Charlie: See Appendix 1 for the standards). (WG
                #2)

             c. Best practice for policy manual development shall include
                coordination with federal fraud program managers and
                incorporate standards as practicable from the policy manuals of
                those programs e.g., State, SSA, ICE. (WG #2)

   8.        Storage of Records and Files
             a. Best practice shall include business continuity procedures that
                allow recovery of operations within four weeks of disaster.
                This requirement is established to ensure continued operation of
                the EVVE and birth death match procedures. (WG #2)

   9.        Physical Intrusion
             a. Best practice shall have a physical barrier between the customer
                and the vital records reception personnel. (WG #2)

             b. Best practices shall have physical separation between vital
                records and other activities. (WG #2)



(Note to Charlie: SSA provided some general comments about the
recommendations associated with WG #5. They came after the Committee
completed its deliberations, so we were not able to include them in the
report of WG #5. However, the drafters of the combined report wanted to
make sure that all comments were brought to your attention in your
deliberations about these recommendations. SSA’s general comments were
as follows: First, we think that the standards or other project documentation
should also discuss the standard enforcement and penalty issues.

11/15/2010                               46
Specifically, it should discuss the entity and procedures to be involved in
reviewing performance, recommending corrective actions, and assessing
penalty. Second, we recommend that HHS contact the International
Organization for Standardization (ISO) to study the feasibility of developing
international vital records standards. In the past, the lack of international
death record standards has affected SSA’s ability to do death records
computer matching with foreign countries. The availability of international
vital records standards will not only enable us to better perform matching to
reduce overpayments, but it can potentially improve the accuracy of SSN
issuance.




11/15/2010                           47
   III.      Glossary

   1. ANSI

   2. Birth record

   3. Birth registration

   4. Certification - The authentication of birth information from the
      original birth record on file in accordance with applicable laws of the
      state, District of Columbia, New York City, Commonwealth or Territory.

   5. Certification of Birth - A copy of part thereof of a birth record on
      file with the State, in accordance with applicable laws authenticated by
      the State Registrar. This copy or part thereof, shall be considered for
      all purposes the same as the original birth certificate on file.

   6. Certifying official - The state registrar authorized by law to       issue
      certifications, or a part thereof, of birth records in their custody.

   7. Certification Statement -        Shall contain the source of information,
      certifying official, and the date of issuance.

   8. Custodian of the record

   9. Data-based Image

   10. Delayed Registration of Birth – When a certificate of birth of a
      person born in a state has not been filed within one year, a delayed
      certificate of birth may be filed in accordance with regulations of the
      state agency. No delayed certificate shall be registered until the
      evidentiary requirements as specified in regulation have been met.

   11. DSA – Document Security Alliance   is a voluntary organization made
      up of approximately 75 industry members and 20 government
      agencies. Their mission is to improve government document security.
      They produce generic guidelines and white papers related to security
      issues. The group functions under the lead of the US Secret Service.

   12. Electronic Verification of Vital Events Records System –
      This system, currently being designed by the American Association of
      Motor Vehicles Administrators, is designed to be a “hub” where state
      DMVs can electronically verify the issuance of a birth certificate. State
      vital records systems are queried by the EVVER system, following the
      receipt of a query from the state DMV. The system returns a


11/15/2010                             48
      statement that there is a record of that document being issued. To
      date, this system is still in a pilot stage and has not been tested
      nationwide.

   13. Enumeration at Birth

   14. Format

   15. Genealogists

   16. Image based printing

   17. Intaglio printing

   18. Jurisdiction

   19. Local issuance of birth certificate

   20. Model Events Vital Registration System

   21. Model Vital Statistics Act and Regulations

   22. National Industrial Security Operating Manual - The National
      Industrial Security Program and its operational manual prescribes requirements,
      restrictions and other safeguards that are necessary to prevent unauthorized
      disclosure of classified information released by the U.S. Government Executive
      Branch Departments and Agencies to their contractors. The Manual also
      prescribes requirements, restrictions and other safeguards that are necessary to
      protect special classes of classified information. The NISP was established by
      Executive Order 12829, 6 January 1993, "National Industrial Security Program".

   23. Open Records

   24. Registration Districts – Areas

   25. Restricted records (Closed Records)

   26. Safety Paper -   Paper which protects against alteration and
      counterfeiting. Paper containing security features which are created
      during the paper making process or are added to the surface of the
      paper using a security printing technique.

   27. Sealed Record – are birth records for which a legal action has
       occurred, usually through a court, and a new birth certificate has been


11/15/2010                               49
      prepared according to state law. The original birth certificate and the
      information used to prepare the new certificate are placed in a file that
      cannot be opened except as determined by that state’s laws. Sealed
      records are determined by each state, but generally include adoptions,
      some legitimations or paternity determinations, and in some states,
      gender re-assignments. (WG #4)

   28. Security Chain

   29. Security Checks

   30. Security Paper

   31. Security Threads

   32. State – Shall include all 50 states, District of Columbia, New
                                                                  York
      City, Commonwealth of the Northern Mariana Islands, and Territories
      of American Samoa, Guam, Puerto Rico and the U.S. Virgin Islands.

   33. Supply Chain – The sum total of people, materials, and
      transportation required to bring a product to market. Not Finalized

   34. Vital Records – certificates or reports of birth, death, marriage
      (divorce, dissolution of marriage, or annulment) and data related
      thereto.

   35. Verification

   36. Watermark –




11/15/2010                            50
                                  Appendix 1

      National Industrial Security Program Manual Chapter 5-801

This paragraph specifies the minimum safeguards and standards required for
the construction of Closed Areas that are approved for use for safeguarding
classified material. These criteria and standards apply to all new construction
and reconstruction, alterations, modifications, and repairs of existing areas.
They will also be used for evaluating the adequacy of existing areas.

a. Hardware. Only heavy duty builder's hardware shall be used in
construction. Hardware accessible from outside the area shall be peened,
pinned, brazed, or spotwelded to preclude removal.

b. Walls. Construction may be of plaster, gypsum wallboard, metal panels,
hardboard, wood, plywood, glass, wire mesh, expanded metal, or other
materials offering resistance to, and evidence of, unauthorized entry into the
area. If insert-type panels are used, a method shall be devised to prevent the
removal of such panels without leaving visual evidence of tampering. If
visual access is a factor, area barrier walls up to a height of 8 feet shall be of
opaque or translucent construction.

c. Windows. The openings for windows which open, that are less than 18
feet from an access point (e.g., another window, roof, ledge, or door) shall
be fitted with 1/2-inch bars (separated by no more than 6 inches), plus
crossbars to prevent spreading, 18 gauge expanded metal, or wire mesh
securely fastened on the inside. When visual access of classified information
is a factor, windows shall be covered by any practical method (e.g., drapes,
blinds, or painting). During nonworking hours, windows shall be closed and
securely fastened to preclude surreptitious entry.

d. Doors. Doors shall be substantially constructed of wood or metal. When
windows, louvers, baffle plates, or similar openings are used, they shall be
secured with 18 gauge expanded metal or with wire mesh securely fastened
on the inside. If visual access is a factor, the windows shall be covered.
When doors are used in pairs, an astragal (overlapping molding) shall be
installed where the doors meet.

e. Door Locking Devices. Entrance doors shall be secured with either an
approved built-in combination lock, an approved combination padlock, or
with an approved key-operated padlock.

11/15/2010                              51
Other doors shall be secured from the inside with a panic bolt (for example,
actuated by a panic bar); a dead bolt; a rigid wood or metal bar, (which shall
preclude "springing") which extends across the width of the door and is held
in position by solid clamps, preferably on the door casing; or by other means
approved by the CSA consistent with relevant fire and safety codes.

f. Ceilings. Ceilings shall be constructed of plaster, gypsum wall board
material, panels, hardboard, wood, plywood, ceiling tile, or other material
offering similar resistance to and detection of unauthorized entry. Wire
mesh, or other non-opaque material offering similar resistance to, and
evidence of, unauthorized entry into the area may be used if visual access to
classified material is not a factor.

g. Ceilings (Unusual Cases). When wall barriers do not extend to the true
ceiling and a false ceiling is created, the false ceiling must be reinforced
with wire mesh or 18 gauge expanded metal to serve as the true ceiling.
When wire mesh or expanded metal is used, it must overlap the adjoining
walls and be secured in a manner that precludes removal without leaving
evidence of tampering. When wall barriers of an area do extend to the true
ceiling and a false ceiling is added, there is no necessity for reinforcing the
false ceiling. When there is a valid justification for not erecting a solid
ceiling as part of the area, such as the use of overhead cranes for the
movement of bulky equipment within the area, the contractor shall ensure
that surreptitious entry cannot be obtained by entering the area over the top
of the barrier walls.

h. Miscellaneous Openings. Where ducts, pipes, registers, sewers, and
tunnels are of such size and shape as to permit unauthorized entry, (in excess
of 96 square inches in area and over 6 inches in its smallest dimension) they
shall be secured by 18 gauge expanded metal or wire mesh, or, by rigid
metal bars 1/2-inch in diameter extending across their width, with a
maximum space of 6 inches between the bars. The rigid metal bars shall be
securely fastened at both ends to preclude removal and shall have crossbars
to prevent spreading. When wire mesh, expanded metal, or rigid metal bars
are used, they must ensure that classified material cannot be removed
through the openings with the aid of any type instrument. Expanded metal,
wire mesh or rigid metal bars are not required if an IDS is used as
supplemental protection.




11/15/2010                             52
                          Appendix 2:
                         CENTRALIZED PROCURMENT MODEL


DESIGN INPUT                                NAPHSIS/NCHS DRAFT
     57 Jurisdictions                      REGULATION
     Govern ment Printing Office
      (GPO)                                                                       PUBLIC
     Immigration & Customs                DEPARTMENT OF HEALTH &                 COMMENT
      Enforcement Forensic Documents
      Lab - ICE Labs (Depart ment of       HUMAN SERVICES (HHS) DRAFT
      Ho meland Security – DHS)            REGULATION
                                                                                  ECONOMIC
                                                                                  IMPACT STUDY
                                           HHS SPECIFICATION
                                           (CLASSIFIED DOCUMENT)

                                                          GPO

                     PAPER REQUEST FOR                            SURFACE PRINTING REQUEST
                     INFORMATION (RFI)                            FOR INFORMATION (RFI)


                             POOL OF QUALIFIED /                 POOL OF QUALIFIED/
                             CLEARED VENDORS                     CLEARED CONTRACTORS




                                                   ANALYSIS OF COST/
                           BAD                     VALUE OF QUOTE                   BAD

                                            GOOD                       GOOD

                   PAPER REQUEST FOR                                   SURFACE PRINTING REQUEST
                   PROPOSAL (RFP)                                      FOR PROPOSAL (RFP)




                                                                SINGLE/MULTIPLE
                                                                AWARD


                                       GPO CUSTOMER SUPPORT
                                          ASSIGN ACCT. MGR. TO JURISDICTION
                                          QUALITY ASSURANCE SERVICES
                                               o PAPER TESTING (GPO)
                                               o ICE FORENSIC LABS (DHS)
                                           APPENDIX 3:
                                               o PRESS SHEET INSPECTION (GPO)
                                               o SECURITY AUDITS (GPO)
            11/15/2010                               53
                    Appendix 3:
                    Fiscal Impact and Timing

 While the consideration of costs and burdens was not within the charge of
the workgroup, these factors were a major concern to the States, especially
concerns that one-time and maintenance appropriations to implement and
operate the systems required by the new regulations will not be adequate.
Specific examples of requirements of fiscal concern are found in footnotes 2,
8, 9 and 12. Further, state have concerns about timing, especially given state
and federal legal, oversight and process requirements for developing and
improving major IT systems. Similarly, federal representatives were
concerned that the information needs of federal agencies will continue long
after the grants expire. Finally, such a change in the legal framework for
vital record processing is likely to have a significant impact on state vital
record system financing, beyond the immediate and recognizable costs of
system improvements. These need to be studied and adverse impacts
ameliorated so process improvements can be sustained. Workgroup
members also suggest the use of incentives and penalties to help States meet
the requirements, for example providing a percentage ―premium‖ increase
for records filed within a certain number of days.

Successful implementation of IRTPA section 7211 presents political as well
as technical challenges. A major concern is the change to State business
processes that will result from selected Federal agencies being able to
electronically verify and certify birth and death records. For certification in
particular, this represents a potential loss in income to the states if Federal
agencies certify records where, absent the new system, citizens would have
purchased paper certificates. Since sales of these certificates may represent
all or most of the operating funds for State bureaus of vital statistics, these
organizations reasonably expect that the new system will, at the very least,
preserve existing levels of revenue.
The Federal government, on the other hand, reasonably expects to pay
significantly less than the full cost the citizen pays for a paper certificate for
several reasons:
   1. State costs of issuing certificates may be reduced due to automation of
       the process.
   2. The Federal government is a large volume buyer.
   3. As costs for obtaining vital records decline (due to automation and
       reduced pricing), Federal demand may increase.


11/15/2010                              54
   4. The Federal government will be paying a large percentage of the costs
      for developing the new systems.
   5. For verifications, the citizen has already purchased a certificate, so
      this represents new business for the States.

The State view is that state costs for issuing certificates are likely to remain
the same or even increase, and there is no guarantee that the federal
government will be paying for these costs or for the development of new
state systems. While it is true that the federal government is a high volume
buyer of state data, this only means that if the states are losing even a small
amount of money per certificate, the total impact could be enormous, and
would grow if federal demand increased.

An agreement must be reached early in this initiative that equitably meets
the needs of both the States and the Federal government. SSA’s experience
with EVVE has highlighted the difficulties in reaching such an agreement.
The complexities of predicting the amount of Federal usage, the degree to
which this usage will cause a drop in citizen demand for certificates, and the
differences between individual State BVS practices make this a very
daunting task. Resources must be directed at this problem as soon as
possible and a solution should be proposed as part of the economic impact
analysis.




11/15/2010                             55
                          Appendix 4
                          System Issues

The workgroup considered the vital records ―electronic system‖ to
fundamentally consist of three parts; an electronic birth registration system
(EBR), an electronic death registration system (EDR), and a
communications capability to move identity information across state lines
and to and from federal agencies, called electronic verification of vital
events (EVVE). The workgroup chose to separately identify and define
―identity‖ data and ‖public health data‖ in order to overcome issues
regarding confidentiality and privacy. In general, those who need identity
data do not need the public health data. Similarly, federal agencies that need
public health data do not need identity data. Therefore, separating the two
avoids significant issues in data collection, reporting and confidentiality.
Several sub-systems are also required; these include a capability to link
death events with the birth record of the decedent (Cross-match), and a
system to process customer requests, issue certified copies, maintain
transaction logs and handle financial data. The workgroup made no
recommendations on how subsystems should be contained in or linked to the
three major components listed above, nor if they should interface
electronically with external, non-governmental stakeholders.

With respect to the EVVE system, the workgroup felt the pilot
demonstration financed by the SSA, and the adaptation now being operated
by NAPHSIS with AAMVA and selected state vital records and DMV
offices shows exceptional promise in assisting the nation with identity
verification. The workgroup recognized that an EVVE system requires
sound EBR, EDR and Cross-match systems to provide ongoing accurate
data. The workgroup also recognizes that fundamental decisions must be
made on whether federal government agencies will want the EVVE system
to provide ―verification‖ of paper birth or death certificates presented for
federal purposes, or if these agencies will require a ―paperless certification‖
system, where an applicant need not provide a paper document to the
requesting federal agency. Both systems appear to be feasible, but the
certification system is the more complex, costly, and likely to affect current
state vital record financing approaches. The workgroup did not take a
position on this issue. (Note to Charlie: SSA would like to add the following
statement at the end of this paragraph. “SSA strongly encourages HHS to
obtain sufficient funding that supports both certification and verifications in


11/15/2010                            56
the EVVE System.” This statement was NOT discussed at the WG#5
meetings)




11/15/2010                       57

				
DOCUMENT INFO
Description: Texas Birth Certificates Online document sample