1.23k likes | 1.35k Vues
E-government in the social security sector. Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be Website: http://www.law.kuleuven.ac.be/icri/frobben.
E N D
E-government in the social security sector Frank Robben General managerCrossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be Website: http://www.law.kuleuven.ac.be/icri/frobben Crossroads Bank for Social Security Federal Public Service for ICT (FEDICT)
What is E-government ? • E-government is a continuous optimization of service delivery and governance by transforming internal and external relationships through technology, internet and new media • external relationships • government <-> citizen • government <-> business • internal relationships • government <-> government • government <-> employees • all relationships • are bidirectional • can be within a country or border-crossing
Government • not monolithic • EU • in every country • federal level • regions • communities • provinces • municipalities • parapublic institutions • private instutions participating in delivery of public services • … • integrated E-government is based upon common strategy, multilateral agreements and interoperability • E-government contains the opportunity to realize one virtual electronic government with full respect for every specific competence
Advantages • efficiency gains • in terms of costs: same services at lower total costs, e.g. • unique information collection using co-ordinated notions and administrative instructions • less re-encoding of information by electronic information exchange • less contacts • functional task sharing concerning information management, information validation and application development (distributed information systems) • in terms of quantity: more services at same total cost, e.g. • all services are available at any time, from anywhere and from any device • integrated service delivery • in terms of speed: same services at same total cost in less time • reduction of waiting and travel time • direct interaction with competent governmental institution • real time feedback for the user
Advantages • effectiveness gains • in terms of quality: same services at same total cost in same time, but to a higher quality standard, e.g. • more corrected service delivery • personalized and participative service delivery • more transparant and comprehensive service delivery • more secure service delivery • possibility of quality control on service delivery process by customer • in terms of type of services: new types of services, e.g. • push system: automatic granting of or information about services • active search of non-take-up using datawarehousing techniques • controlled management of own personal information • personalized simulation environments
E-government: a structural reform process • ICT is only a means by which a result may be obtained • E-government requires • considering information as a strategic resource for all government activity • change of basic mindset: from government centric to customer centric • re-engineering of processes within each government institution, each government level and across government levels • clear definition of mission and core tasks of every governmental institution
E-government: a structural reform process • E-government requires • co-operation between governmental institutions: one virtual electronic government, with respect for mission and core tasks of each governmental institution and government level • co-operation between government and private sector • adequate legal environment elaborated at the correct level • interoperability framework: ICT, security, unique identification keys, harmonized concepts • implementation with a decentralized approach, but with co-ordinated planning and program management (think global, act local) • adequate measures to prevent a digital divide
Information as resource: implications • information modelling • information is being modelled in such a way that the model fits in as close as possible with the real world • definition of information elements • definition of attributes of information elements • definition of relations between information elements • information modelling takes into account as much as possible the expectable use cases of the information • the information model can be flexibly extended or adapted when the real world or the use cases of the information change
Information as resource: implications • unique collection and re-use of information • information is only collected for well-defined purposes and in a proportional way to these purposes • all information is collected once, as close to the authentic source as possible • information is collected via a supplier-chosen channel, but preferably in an electronic way, using uniform basic services (single sign on, arrival receipt of a file, notification for each message, …) • information is collected according to the information model and on the base of uniform administrative instructions
Information as resource: implications • unique collection and re-use of information • with the possibility of quality control by the supplier before the transmission of the information • the collected information is validated once according to an established task sharing, by the most entitled institution or by the institution which has the greatest interest in a correct validation • and then shared and re-used by authorized users
Information as resource: implications • management of information • information in all forms (e.g. voice, print, electronic or image) is managed efficiently through its life cycle • a functional task sharing is established indicating which institution stores which information in an authentic way, manages the information and keeps it at the disposal of the authorized users • information is stored according to the information model • information can be flexibly assembled according to ever changing legal notions • all information is subject to the application of agreed measures to ensure integrity and consistency
Information as resource: implications • management of information • every institution has to report probable improprieties of information to the institution that is designated to validate the information • every institution that has to validate information according to the agreed task sharing, has to examine the reported probable improprieties, to correct them when necessary and to communicate the correct information to every known interested institution • information will be retained and managed as long as there exists a business need, a legislative or policy requirement, or, preferably anonimized or encoded, when it has historical or archival importance
Information as resource: implications • electronic exchange of information • once collected and validated, information is stored, managed and exchanged electronically to avoid transcribing and re-entering it manually • electronic information exchange can be initiated by • the institution that disposes of information • the institution that needs information • the institution that manages the interoperability framework • electronic information exchanges take place on the base of a functional and technical interoperabilty framework that evolves permanently but gradually according to open market standards, and is independent from the methods of information exchange
Information as resource: implications • electronic exchange of information • available information is used for the automatic granting of benefits, for prefilling when collecting information and for information delivery to the concerned persons
Information as resource: implications • protection of information • security, integrity and confidentiality of government information will be ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies • personal information is only used for purposes compatible with the purposes of the collection of the information • personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirement • the access authorisation to personal information is granted by an independent institution, after having checked whether the access conditions are met • the access authorizations are public
Information as resource: implications • protection of information • every concrete electronic exchange of personal information is preventively checked on compliance with the existing access authorisations by an independent institution managing the interoperability framework • every concrete electronic exchange of personal information is logged, to be able to trace possible abuse afterwards • every time information is used to take a decision, the used information is communicated to the concerned person together with the decision • every person has right to access and correct his own personal data
Customer centric • unique declaration of every event during the life cycle/business episode of a customer and automatic granting of all related services, e.g.
Customer centric • delivery of services that cannot be granted automatically to a customer • in an integrated way • information • interaction • transaction • re-using all available information • harmonized concepts • back-office integration • prefilled information
Customer centric • delivery of services that cannot be granted automatically to a customer (ctd) • in a personalized way • look & feel and interface • content • only relevant information and transactions • personalized support • contextual help • own language • adapted vocabulary • on-line simulations • or at least based on the way of thinking of the customer group • life events (birth, marriage, etc.) or business episodes (starting a company, recruiting personnel, etc.) • life styles (sport, culture, etc.) • life status (unemployed, retired, etc.) or business sectors • specific target groups
Customer centric • declaration of events and service delivery via an access method chosen by the customer • application to application • various end-user devices • PC, GSM, PDA, digital TV, kiosks, … • file transfer • use of intermediaries • use of integrated customer relation management tools • service delivery in principle free of charge
Co-operation between government levels • in Belgium, a co-operation agreement has been signed between federal government, regions and communities • coordinated offer of e-services to citizens/companies • guarantee that a citizen/company can use the same tools • terminal • software • electronic signature • guarantee of a unique data collection from the citizen/company • with respect for the partition of competences between government levels
Co-operation agreement between government levels • co-ordinated, customer oriented service delivery • agreements have to be made on common standards • mutual tuning of portals, middleware, websites and back offices • use of common identification keys and electronic signature • mutual tuning of business processes when necessary • gradual mutual task-sharing on data storage in authentic form • common policy on SLA’s and security
Co-operation government and private sector • private companies as service providers (sharing of investments), e.g. • network and security management • co-sourcing in BPR and development/maintenance/housing of ICT building blocks, e.g. • certification authorities • portals • private companies as partners • integrated work flow with their own information systems, e.g. • e-procurement • tax declaration • social security declarations
Changes of the legal environment • organization of integrated data management and electronic service delivery: legal base for Royal Decree exists • functional task sharing on information management • obligation to respect unique data collection from the customer • obligation to exchange information in an electronic way • permission or obligation to use unique identification keys • harmonization of basic concepts
Changes of legal environment • ICT-law • data protection • public access to information • electronic signature • probative value • no overregulation • only basic principles • technology-neutral, but not technology unaware
Interoperability framework • goal: to guarantee the ability of government organizations and customers to share information and integrate information and business processes by use of • interoperable ICT • common security framework • common identification keys/sets for every entity • harmonized concepts and data modelling
ICT interoperability • examples on • www.govtalk.gov.uk and www.e-government.govt.nz (recent frameworks based on actual open ICT standards, to be implemented) • www.ksz.fgov.be (framework started in 1991 and implemented between 2.000 Belgian social security institutions, with unique gateway to foreign social security institutions within the EU, and continuously adapted to evolving and proven ICT standards with backwards compatibility) • tendency to use of open ICT standards • but ICT is so dynamic and fast changing that ICT standards are in an almost constant state of evolution • huge need to agreements on how to ensure functional interoperability, far beyond technical interoperability
Functional ICT interoperability • standardized codification (e.g. institutions, return codes, …) • standardized use of objects and attributes • standardized layout of header of messages, independent from information exchange format (EDI, XML, …) and type of information exchange • version management • backwards compatibility • SLA’s on availability and performance of services • access autorisation management • anonimization rules • acceptation and production environments • priority management • …
Common security framework • issues • confidentiality • integrity • availability • authentication • autorisation • non-repudiation • audit
Common security framework • specific points of interest • risk awareness based on risk analysis • security policies • structural and organisational aspects • encryption standards • interoperability of • PKI • electronic certificates • procedures (registration authority, certification authority) • difference between identification certificates and attribute certificates • attributes, optional fields • revocation lists • directories • application security
Common identification keys • at least common identification keys and identification sets for every entity • person • company • patch of ground • between nations • unique schemes • conversion tables • regulation of interconnection of information based on unique identification keys
Common identification keys • characterictics • unicity • one entity – one identification key • same identification key is not assigned to several entities • exhaustivity • every entity to be identified has an identification key • stability through time • identification key doesn’t contain variable characterics of the identified entity • identification key doesn’t contain references to the identification key or characteristics of other entities • identification key doesn’t change when a quality or characteristic of the identified entity changes
Harmonized concepts and data model • standard elements • with well defined characteristics • used within all services • OO-oriented, e.g. inheritance in a multilingual environment • version management in an ever changing environment • define once, use many (different presentations) • workflow for validation of standard elements and characteristics • multi criteria search • by element • by scheme • by version • …
A methodology to harmonize concepts • inventory of all documents (frequently) used for information collection • inventory of collected information • classification of collected information using a clustering methodology • decomposition of collected information into “real life” classes with description of the asked attributes • analysis of goals: what is every “real life” classes used for ? • setting up of simplification propositions (e.g. senseless different treatment of same “real life” object)
A methodology to harmonize concepts • based on the simplification propositions, framing out of an OO information model for information to be collected • design of XML-schema’s for the collecting of the information, corresponding to the OO information model • legislative adaptations in order to introduce the uniform definitions of the information classes • procedures in order to guarantee the consistency of the OO information model in an ever changing legal environment
Some interesting Belgian projects • social security sector • network of service integrators • integration of portal sites • electronic identity card
Social security • social security is a protection system against a variety of social risks • childhood • health care • incapacity for work due to • sickness • accidents • unemployment • old age • due to limited financial means, social security needs to work critically
Definition of the problem • in most countries, a lot of institutions are active in social security • information is one of the main production factors for each of these institutions • the information needed by the institutions is quite similar • identification data • data concerning the professional and social status • periodical data related to working periods and wages • data concerning certain events, e.g. the occurence of a social risk
Definition of the problem • lack of integration leads to • overloading of the citizens/companies • multiple collection of the same information by several governmental institutions • no re-use of available information • avoidable contacts with citizens/companies due to multiple, unco-ordinated quality checks • waste of efficiency and time within the governmental institutions • suboptimal support of the policy made by government • higher possibilities of fraud
Possible solutions • central data management (big brother concept) • not frequently implemented • privacy protection • technical feasability • threat for the autonomy of the institutions • distributed data management (network concept) • decentralised but unique data gathering • decentralised and distributed data storage, with functional task-sharing between social security institutions • data exchange via a network
Belgian social security sector • principles have been implemented under co-ordination of the Crossroads Bank for Social Security, in co-operation with 2.000 public and private social security institutions • functional and technical interoperability framework is functioning • between these institutions • between these institutions and all employers • every socially insured person has a unique identification key throughout the whole social security sector and an electronically readable social identity card containing this identification key
fonds de séc. exist. Interoperability within social security onss spf ss onssapl inasti FEDICT & National Register cpsm spf e & t onafts Crossroads Bank for Social Security onem adp inami fat sickness funds network cimire fmp onp onva ossom
Reference directory • serves as a base for organization of information flows • structure • directory of persons: what persons in what capacities have personal files in what social security institutions for what periods • data availability table: what data are available in what social security institutions for what types of files • access authorization table: what data may be transmitted to what institutions for what types of files • functions • routing of information • preventive access control • automatic communication of changes to information
Information security • institutional measures • organizational and technical measures based on ISO 17799 • legal measures
Institutional measures • no central data storage • independent Control Committee • preventive control on legitimacy of data exchange by Crossroads Bank according to authorizations of the independent Control Committee • information security department in each social security institution • specialized information security service providers • working party on information security
Independent Control Committee • assigned by Parliament • competences • supervision of information security • authorizing the data exchange • complaint handling • information security recommendations • extensive investigating powers • annual activity report
Information security department • in each social security institution • composition • information security officer • one or more assistants • control on independence and permanent education of the information security officers is performed by the Control Committee • the Control Committee can allow to commit the task of the information security department to a recognized specialized information security service provider
information security department recommends promotes documents controls reports directly to the general management formulates the blueprint of the security plan elaborates the annual security report general management takes the decision is finally responsible gives motivated feedback approves the security plan supplies the resources Information security department: tasks
Contents of the security report • general overview of the security situation • overview of the activities • recommendations and their effects • control • campaigns in order to promote information security • overview of the external recommendations and their effects • overview of the received trainings
Specialized information security service providers • to be recognized by the Government • recognition conditions • non-profit association • having information security in social security as the one and only activity • respecting the tariff principles determined by the Government • control on independence is performed by the Control Committee