450 likes | 554 Views
Recent Activities of the National Association for Public Health Statistics and Information Systems (NAPHSIS ). Mark Flotow Chief, Illinois Center for Health Statistics NAPHSIS President. Mission Statement.
E N D
Recent Activities of theNational Association forPublic Health Statisticsand Information Systems (NAPHSIS) Mark Flotow Chief, Illinois Center for Health Statistics NAPHSIS President
Mission Statement To provide national leadership and advocacy on behalf of its members to ensure the quality, security, confidentiality, and utility of vital records and health statistics as well as their integral role with health information systems, for monitoring and improving public health.
NAPHSIS Board of Directors President: Mark Flotow, Illinois President Elect: Jennifer Woodward, Oregon Past President: Isabelle Horon, Maryland Treasurer: Bruce Cohen, Massachusetts Secretary: Kelly Baker, Oklahoma Member at Large: Judy Moulder, Mississippi Member at Large: Rich McCoy, Vermont Member at Large: Lou Saadi, Kansas Member at Large: Linette Scott, California
NAPHSIS Committees • Inter-jurisdictional Exchange ( incl. STEVE) • Membership • Nominating • Past Presidents • Registration • Research Proposal Review • Resolutions • Security • Statistics • Training Board of Directors Annual Meeting Audit Awards By-laws Communications Cost eHealth EVVE Innovations International & Territorial Affairs
NAPHSIS Projects • Security Guide + FEWS • Vital Statistics Standards • Monthly Webinars • Web Training Resource • Statistical Definitions • Reviews of researcher data requests to NCHS • International Consulting • State VSCP Contracts/NCHS • EVVE • Data Cleaning Tool • STEVE /IJE • Model Law Workgroup* • Cause of Death e-learning • Technical Assistance • Re-engineering EBRs / EDRs • Business Process Improvement * recently completed
NAPHSIS Committees • Inter-jurisdictional Exchange ( incl. STEVE) • Membership • Nominating • Past Presidents • Registration • Research Proposal Review • Resolutions • Security • Statistics • Training Board of Directors Annual Meeting Audit Awards By-laws Communications Cost eHealth EVVE Innovations International & Territorial Affairs
Challenges to Vital Records Systems 9/11 Impact on reform -- heightened public awareness • The Move toward Intelligence Reform • Certificate Filing and Review • Out-of-Institution Births • Delayed Certificate Filing • Application Processing and Verification of Identity • Open vs. Closed Records • Who is applying? • Is identification required and is it valid? • Is the applicant entitled? • Identity Theft • Internal Security • Physical Security • Paper Security • Personnel
Motion 2006 – 01 To promote an awareness and commitment to national security by . . . Each jurisdiction designates a security coordinator, Each jurisdiction adopts nationally-developed best practices, NAPHSIS adopts these best practices as a standard and designates a security coordinator, and The NAPHSIS security coordinator serves as a focal point among jurisdictional security coordinators to establish and promote uniformity of security procedures.
Intelligence Reform& Terrorism Prevention Act - 2004 SEC. 7211. MINIMUM STANDARDS FOR BIRTH CERTIFICATES. 3(A) at a minimum, shall require certification of the birth certificate by the State or local government custodian of record that issued the certificate, and shall require the use of safety paper or an alternative, equally secure medium, the seal of the issuing custodian of record, and other features designed to prevent tampering, counterfeiting, or otherwise duplicating the birth certificate for fraudulent purposes; (D) may not require a single design to which birth certificates issued by all States must conform;
Why a NAPHSIS Security Guide? To meet NAPHSIS Motion 2006-1 Intelligence Reform & Terrorism Prevention Act (IRTPA) of 2004 Regulations (pending) Supplement the Model Act Establish uniformity among jurisdictions
Foundation of the Security Guide • Model State Vital Statistics Act and Regulations • 1992 revision currently • 2011 revision pending approval • State/Jurisdictional Best Practices • Intel Reform Workgroup Recommendations • Input from Contributors
Model State Vital Statistics Act (+) Uniformity Among Jurisdictions: • Registration of Vital Events • Disclosure of Information • Amendments or Corrections • Security Features • Penalties (-) • Not mandated • Influenced by States’ Rights • Lacks legislative attention • Cost may become a factor
Contributors to the Security Manual National Center for Health Statistics (NCHS) Dept. of State - Passport Services Dept. of Homeland Security - Forensic Labs NAPHSIS Corporate Sponsors - Technical Document Security Alliance (DSA) North American Security Products Association-(NASPO) AAMVA – DMVs (Motor Vehicle Administration)
Security Manual Contents • Delayed and Out-of-Institution Birth • Access to Vital Records • Birth Certification Document • Issuance Procedures • Physical Security Measures • Amendment/Correction Topics include . . . • Security Coordinator Guidelines • Security Paper, Records/Data, & Money • Vendors • Personnel • Training • Record Retention
Section 2Access to Vital Records • Vital records should be closed to the public • Restrict access to eligible requestors • All employees required to sign confidentiality statements • Government officials must present identification and written assurance the use is for official business • Maintain fraud activity files • Standardized application • Minimum set of biographic identifiers • Requestor should provide proof of identity • All birth records issued at local level should be from a central data base or image system • Non-restricted vital records (e.g., 100 yrs birth, 50 yrs death)
Section 3Birth Certification Document • Four layers of security • Overt, covert, and forensic features • Certification Document should be provided or approved by State Registrar • Security awareness • Security features comparison chart • Paper and printers: • Printing in USA • Level of security • Supply chain • Review product
Physical Security Measures • Access Control Devices • Who has keys? Where are they? • Badges, pass cards, other access devices • General Access Questions • Who has access? • Staff Safety • Are your counter staff safe?
Physical Security Measures • Surveillance • Who does your security? • Procedures in place to report intruders? • Fire, Smoke, Water, Alarms and Notification Systems • Are the systems in place? Do they have regular maintenance? • Are there emergency drills? • Disaster Preparedness/Business Continuity • Do you have a comprehensive disaster plan? • Are records backed up off-site?
Additional Topics for Guidelines Physical Security Measures (recently completed) Destruction of Original Records and Other Documents Containing Confidential and Sensitive Information (in progress) Amendments/Corrections Fee Accounting Security Training and Personnel Local Registrars and Satellite Offices Fraud Awareness
What is the Process for the Security Guidelines? Initial Draft crafted and reviewed by the Security Committee Draft sent to the NAPHSIS Board of Directors Revised Draft sent to the Membership Comments and additions reviewed Section made available on the NAPHSIS Website (for members only!)
The NAPHSIS Security Guide: additional considerations . . . An Internal Document - not available to public A Living Document - continually changed and updated as best practices, technology, regulations, etc. evolve May require a State or jurisdiction to change laws and regulations May need to be revised once 2011 Revised Model Act is adopted
What Else Is NAPHSIS Doing? • EVVE Electronic Verification of Vital Events • STEVE State and Territorial Exchange of Vital Events • Model Act Partnering with NCHS to revise 1992 version (Workgroup mission completed) • Fraud Early Warning System (FEWS) In conjunction with motor vehicle partners and law enforcement
FEWS is . . . • A secure system for reporting discovered fraudulent activities among the jurisdictions and with other government agencies • Administered by the American Association of Motor Vehicle Administrators (AAMVA) • Functioning successfully • NAPHSIS now included in this system • Funded and owned by the Federal Motor Carrier Safety Administration
FEWS Features A secure database system (i.e., not e-mail) consisting of Incidents, Alerts and Updates Post fraud alerts and receive instant notifications Cross-referencing of incidents Post photos and document examples No cost to jurisdictions Searchable Configurable by geography Links to federal and association partners
FEWS Timetable for NAPHSIS Initially, 8 states piloted for NAPHSIS (over two years) More than 10 additional jurisdictions have joined after a NAPHSIS invitation to the membership to join Training by AAMVA this month (October) for new participants and this new group will be part of the production whole in November or December Goal is for all NAPHSIS jurisdictions to participate
Possible Enhancements or Uses for NAPHSIS FEWS Posting area for fraudulent death certificates List of suspicious addresses (e.g., get frequently used) Fraudulent registration activities or attempts to obtain a birth or death record Additional points . . . Certain information can be viewed only by Law Enforcement officials but there is no access by private entities No access to Canadian jurisdictions for us in the USA
The Challenge • When a child is born in another state, who has responsibility for follow up? • Getting birth information from another jurisdiction can be slow and unpredictable • Residence jurisdiction may not get birth record, or it may be delayed • Residence jurisdiction has to re-distribute fact of birth information to its own programs and agencies • Critical interventions may be missed or delayed
Introducing STEVE –State and Territorial Exchange of Vital Events • A secure messaging system for vital records exchange between jurisdictions and with other public health programs and agencies • 57 vital records jurisdictions will become STEVE trading partners • Based on Inter-jurisdictional Exchange Agreement administered by NAPHSIS • Automates and standardizes exchange process • Improvement over current system of paper copies, abstracts and line lists
Standard IJE File Format Used for Exchange • Uses standard flat file format • Five file types defined by IJE Committee • Natality • Mortality (includes cause of death literals and codes) • Roster (for birth/death matching) • Fetal Death • ITOP (induced terminations) – in development • Marriage and divorce - future • NCHS reportable data embedded within layouts • Data content of each file type is configurable by sender at the data element level
STEVE Transformation Modules (TMs) are installed at each jurisdiction for secure, point-to-point vital record exchange IJE files IJE files Internet Jurisdiction A’s TM Jurisdiction B’s TM S
If program mailboxes are set up by a jurisdiction, received IJE files are automatically delivered to them by the TM Vital Records Newborn Hearing Screening Child Support Enforcement Receiving TM Immunization Research
When Is STEVE Coming? • National rollout began in March 2009 • January 2014 deadline for implementation • Until all jurisdictions are trading partners, STEVE will support alternate electronic record exchanges with non-participants • STEVE-ER implementation in 2011 in territories • Each jurisdiction needs to have signed the IJE agreement
State and Territorial Exchange of Vital Events (STEVE) Implementation by Jurisdiction Updated August 2011 Washington + Maine Montana North Dakota Minnesota Oregon VT Wisconsin NH Idaho + Alaska South Dakota MA New York Michigan CT Wyoming + RI Pennsylvania Iowa Nebraska NJ Nevada Ohio Indiana NYC DE Utah Illinois MD WV Colorado Missouri Virginia Kansas DC California Kentucky N. Carolina Tennessee Arizona Northern Mariana Islands Oklahoma Arkansas New Mexico S. Carolina Georgia MS Alabama Guam LA Texas Hawaii Florida American Samoa Installed Puerto Rico In Preparation U.S. Virgin Islands Planning + Sharing IJE Files without using STEVE
Can Canadian Provinces and Territories Be Trading Partners in STEVE? • Placeholders built into STEVE currently • File layout differences – at what level would such differences need to be “translated” or converted? • Collection differences, such as race categories • Alternative: notification for fraud prevention purposes with a minimum of demographic characteristics for matching purposes (more than what is in current consular notices) • Alternative: focus on border states and provinces/territories
Vital Statistics Standards Registration Security Issuance Data Collection Data Transmission Data Analysis and Release Training Data and Record Preservation Legal Authority
EVVE Implementation – August 2011 Washington Maine Montana North Dakota Minnesota Oregon VT New York City Wisconsin NH Idaho South Dakota Alaska MA New York Michigan CT Wyoming RI Pennsylvania Iowa Nebraska NJ Nevada Ohio Indiana DE Utah Illinois MD WV Colorado Missouri Virginia Kansas DC California Kentucky N. Carolina Tennessee Arizona Northern Mariana Islands Oklahoma Arkansas New Mexico S. Carolina Georgia MS Alabama Guam LA Texas Hawaii Florida American Samoa Puerto Rico U.S. Virgin Islands On-line with EVVE (34) Implementation in progress (11)
eHealth or Health Information Exchange huge interest from the states, cutting edge, future direction, etc. new NAPHSIS committee may determine, ultimately, how VRs are viewed, even shaped, in the larger health world VRs in the USA are both civil registration and health Looking at possible technical solutions, reviewing national standards documents, track jurisdictional pilots, provide communication to the membership
“Merci beaucoup” for your attention and patience! Contact information: Mark Flotow Illinois Center for Health Statistics/IL Dept Public Health 525 West Jefferson Street Springfield, IL 62761 217.785.1064 mark.flotow@illinois.gov www.naphsis.org