Virginia launching statewide authentication
System uses DMV data to verify Medicaid recipients
09 July, 2013
category: Digital ID, Government, Health
When it comes to state services, a typical resident has some identity attributes with the Department of Revenue, some with the Department of Motor Vehicles and still others with various agencies such as the Department of Natural Resources. Moreover, if the resident uses Medicaid there’s attribute information stored there as well.
For the past few years, there’s been discussion around consolidating the different state identity silos into one. The Commonwealth of Virginia is taking the first steps with a pilot program between the Department of Motor Vehicles and the Department of Medical Assistance Services.
Virginia is creating the Commonwealth Authentication System that will verify a Medicaid recipient’s identity using data from the Department of Motor Vehicles, explains Dave Burhop, deputy commissioner and CIO with the Virginia DMV. In the future this system could be used by other state agencies to verify identification information as well.
The impetus for the system was the Affordable Care Act, which will see 240,000 more Virginia residents using Medicaid, Burhop says. The goal was to ease enrollment into the system while also reducing fraud. The Virginia Department of Medical Assistance Services, which administers Medicaid in the commonwealth, reached out to the DMV to see if they could help make sure residents are whom they claim.
“We provide data to the Virginia Information Technology Agency and they take it and combine with the Department of Medical Assistance Services,” Burhop explains. From that point, Medicaid administrators can review the applicant’s information and verify their identity. The DMV will be providing the data, but it won’t have access to any Medicaid recipient information.
The system will provide identity-vetting information for administrators and it will also provide citizen-facing functionality, says Mike Farnsworth, project manager for the Commonwealth Authentication System with the Virginia DMV. Instead of having to fill out and deliver or fax paper forms, the new system enables online enrollment.
The individual will open an account that will take them through enrollment in the Commonwealth Authentication System, says Burhop. The system will vet the individual using the driver license data to confirm identity.
He is now able to apply for Medicaid benefits. After filling out the required forms, the system will automatically perform the eligibility checks and make sure the data is forwarded to the proper caseworker. Previously, the system was paper-based and required caseworkers to go through each file to determine eligibility. “Then they would call the eligible person and have them come into the office, provide an ID and go through the process,” Burhop says.
That won’t be necessary with the new system, expected to go live this summer.
While the system is starting out with the Virginia Department of Medical Assistance Services, it could eventually roll out to other state agencies as well. “As we onboard more agencies the Commonwealth Authentication Service will become more valuable,” he explains. “We can provide a service that ensures they are who they claim to be.”
Funding for this portion of the Commonwealth Authentication System comes from The Centers for Medicare and Medicaid Service, an agency within the Department of Health and Human Services.
State CIOs push for SICAM
The vision of having one identity that can be used across all state agencies is one that’s been championed by the National Association of State CIOs (NASCIO). The association released The State Identity Credential and Access Management (SICAM) Guidance in late 2012 in order to help jurisdictions that want to consolidate identity silos.
The road map is made up of the programs, processes, technologies and personnel used to create a trusted digital identity environment. This guidance promotes a federated approach where the identification of the requester and supplier are guaranteed.
The SICAM architecture enables states and their partners to share and audit identification, authentication and authorization across state enterprises. Using an enterprise approach can reduce administrative and technological overhead caused by siloed, incompatible and un-auditable identity management systems; lead to improved business processes and efficiencies; and reduce cyber security risks.
The document aims to mirror the Federal Identity Credential and Access Management guidance, or FICAM, used by federal agencies. NASCIO has been working on this document and contemplating ways to issue one identity to citizens that could be used for multiple purposes, such as driver licenses, Medicaid and various utilities.
Virginia’s project is a first step in starting a SICAM architecture, says Chad Grant, senior policy analyst with NASCIO. “It’s a great example of how states are looking across agency lines to get rid of the silos and use identity for multiple groups,” he adds.
Virginia tests waters via NSTIC pilot
State driver license issuers are a natural fit for SICAM and the American Association of Motor Vehicle Administrators is on board with the architecture, says Grant. AAMVA and Virginia were awarded funds to pilot secure electronic identities with the National Strategy for Trusted Identities in Cyberspace.
The $1.6 million pilot includes the Commonwealth of Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T.
The Commonwealth Authentication System and the NSTIC pilot are separate now, Farnsworth says. “We’re seeing how the attributes associated with our data can produce a strong credential in the electronic identification ecosystem,” he explains.
The two projects also have different delivery times. The Medicaid component of the Commonwealth Authentication System needs to be completed quickly while the pilot for the national strategy will take more time.
The national strategy pilot is designed to evolve and build on itself, Farnsworth says. It needs to start with a level one, self-asserted credential and then add trust.
One of the use cases the NSTIC pilot will provide is verifying that an individual is over the age of 18 without giving away their date of birth, Farnsworth says. The capability will use level one credentials and test an attribute verification system from the AAMVA database.
The next step will be adding more capabilities and trust to those credentials, Farnsworth explains. This would include introducing multiple form factors and authenticating the credentials and various attributes.
The last stage will require relying parties to consume the credentials. Some companies in Virginia have already approached Burhop and Farnsworth to discuss involvement with the project. “We have interest from CEOs of companies that manage millions of identities,” Burhop says. “They want a system so that Joe Citizen doesn’t have to get re-authenticated to gain access.”