E government in the social security sector
This presentation is the property of its rightful owner.
Sponsored Links
1 / 123

E-government in the social security sector PowerPoint PPT Presentation


  • 50 Views
  • Uploaded on
  • Presentation posted in: General

E-government in the social security sector. Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: [email protected] Website: http://www.law.kuleuven.ac.be/icri/frobben.

Download Presentation

E-government in the social security sector

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


E government in the social security sector

E-government in the social security sector

Frank Robben

General managerCrossroads Bank for Social Security

Strategic advisor Federal Public Service for ICT

Sint-Pieterssteenweg 375

B-1040 Brussels

E-mail: [email protected]

Website: http://www.law.kuleuven.ac.be/icri/frobben

Crossroads Bank for Social Security

Federal Public Service for ICT (FEDICT)


What is e government

What is E-government ?

  • E-government is a continuous optimization of service delivery and governance by transforming internal and external relationships through technology, internet and new media

  • external relationships

    • government <-> citizen

    • government <-> business

  • internal relationships

    • government <-> government

    • government <-> employees

  • all relationships

    • are bidirectional

    • can be within a country or border-crossing


Government

Government

  • not monolithic

    • EU

    • in every country

      • federal level

      • regions

      • communities

      • provinces

      • municipalities

      • parapublic institutions

      • private instutions participating in delivery of public services

  • integrated E-government is based upon common strategy, multilateral agreements and interoperability

  • E-government contains the opportunity to realize one virtual electronic government with full respect for every specific competence


Advantages

Advantages

  • efficiency gains

    • in terms of costs: same services at lower total costs, e.g.

      • unique information collection using co-ordinated notions and administrative instructions

      • less re-encoding of information by electronic information exchange

      • less contacts

      • functional task sharing concerning information management, information validation and application development (distributed information systems)

    • in terms of quantity: more services at same total cost, e.g.

      • all services are available at any time, from anywhere and from any device

      • integrated service delivery

    • in terms of speed: same services at same total cost in less time

      • reduction of waiting and travel time

      • direct interaction with competent governmental institution

      • real time feedback for the user


Advantages1

Advantages

  • effectiveness gains

    • in terms of quality: same services at same total cost in same time, but to a higher quality standard, e.g.

      • more corrected service delivery

      • personalized and participative service delivery

      • more transparant and comprehensive service delivery

      • more secure service delivery

      • possibility of quality control on service delivery process by customer

    • in terms of type of services: new types of services, e.g.

      • push system: automatic granting of or information about services

      • active search of non-take-up using datawarehousing techniques

      • controlled management of own personal information

      • personalized simulation environments


E government a structural reform process

E-government: a structural reform process

  • ICT is only a means by which a result may be obtained

  • E-government requires

    • considering information as a strategic resource for all government activity

    • change of basic mindset: from government centric to customer centric

    • re-engineering of processes within each government institution, each government level and across government levels

    • clear definition of mission and core tasks of every governmental institution


E government a structural reform process1

E-government: a structural reform process

  • E-government requires

    • co-operation between governmental institutions: one virtual electronic government, with respect for mission and core tasks of each governmental institution and government level

    • co-operation between government and private sector

    • adequate legal environment elaborated at the correct level

    • interoperability framework: ICT, security, unique identification keys, harmonized concepts

    • implementation with a decentralized approach, but with co-ordinated planning and program management (think global, act local)

    • adequate measures to prevent a digital divide


Information as resource implications

Information as resource: implications

  • information modelling

    • information is being modelled in such a way that the model fits in as close as possible with the real world

      • definition of information elements

      • definition of attributes of information elements

      • definition of relations between information elements

    • information modelling takes into account as much as possible the expectable use cases of the information

    • the information model can be flexibly extended or adapted when the real world or the use cases of the information change


Information as resource implications1

Information as resource: implications

  • unique collection and re-use of information

    • information is only collected for well-defined purposes and in a proportional way to these purposes

    • all information is collected once, as close to the authentic source as possible

    • information is collected via a supplier-chosen channel, but preferably in an electronic way, using uniform basic services (single sign on, arrival receipt of a file, notification for each message, …)

    • information is collected according to the information model and on the base of uniform administrative instructions


Information as resource implications2

Information as resource: implications

  • unique collection and re-use of information

    • with the possibility of quality control by the supplier before the transmission of the information

    • the collected information is validated once according to an established task sharing, by the most entitled institution or by the institution which has the greatest interest in a correct validation

    • and then shared and re-used by authorized users


Information as resource implications3

Information as resource: implications

  • management of information

    • information in all forms (e.g. voice, print, electronic or image) is managed efficiently through its life cycle

    • a functional task sharing is established indicating which institution stores which information in an authentic way, manages the information and keeps it at the disposal of the authorized users

    • information is stored according to the information model

    • information can be flexibly assembled according to ever changing legal notions

    • all information is subject to the application of agreed measures to ensure integrity and consistency


Information as resource implications4

Information as resource: implications

  • management of information

    • every institution has to report probable improprieties of information to the institution that is designated to validate the information

    • every institution that has to validate information according to the agreed task sharing, has to examine the reported probable improprieties, to correct them when necessary and to communicate the correct information to every known interested institution

    • information will be retained and managed as long as there exists a business need, a legislative or policy requirement, or, preferably anonimized or encoded, when it has historical or archival importance


Information as resource implications5

Information as resource: implications

  • electronic exchange of information

    • once collected and validated, information is stored, managed and exchanged electronically to avoid transcribing and re-entering it manually

    • electronic information exchange can be initiated by

      • the institution that disposes of information

      • the institution that needs information

      • the institution that manages the interoperability framework

    • electronic information exchanges take place on the base of a functional and technical interoperabilty framework that evolves permanently but gradually according to open market standards, and is independent from the methods of information exchange


Information as resource implications6

Information as resource: implications

  • electronic exchange of information

    • available information is used for the automatic granting of benefits, for prefilling when collecting information and for information delivery to the concerned persons


Information as resource implications7

Information as resource: implications

  • protection of information

    • security, integrity and confidentiality of government information will be ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies

    • personal information is only used for purposes compatible with the purposes of the collection of the information

    • personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirement

    • the access authorisation to personal information is granted by an independent institution, after having checked whether the access conditions are met

    • the access authorizations are public


Information as resource implications8

Information as resource: implications

  • protection of information

    • every concrete electronic exchange of personal information is preventively checked on compliance with the existing access authorisations by an independent institution managing the interoperability framework

    • every concrete electronic exchange of personal information is logged, to be able to trace possible abuse afterwards

    • every time information is used to take a decision, the used information is communicated to the concerned person together with the decision

    • every person has right to access and correct his own personal data


Customer centric

Customer centric

  • unique declaration of every event during the life cycle/business episode of a customer and automatic granting of all related services, e.g.


Customer centric1

Customer centric

  • delivery of services that cannot be granted automatically to a customer

    • in an integrated way

      • information

      • interaction

      • transaction

    • re-using all available information

      • harmonized concepts

      • back-office integration

      • prefilled information


Customer centric2

Customer centric

  • delivery of services that cannot be granted automatically to a customer (ctd)

    • in a personalized way

      • look & feel and interface

      • content

        • only relevant information and transactions

      • personalized support

        • contextual help

        • own language

        • adapted vocabulary

        • on-line simulations

    • or at least based on the way of thinking of the customer group

      • life events (birth, marriage, etc.) or business episodes (starting a company, recruiting personnel, etc.)

      • life styles (sport, culture, etc.)

      • life status (unemployed, retired, etc.) or business sectors

      • specific target groups


Customer centric3

Customer centric

  • declaration of events and service delivery via an access method chosen by the customer

    • application to application

    • various end-user devices

      • PC, GSM, PDA, digital TV, kiosks, …

    • file transfer

    • use of intermediaries

  • use of integrated customer relation management tools

  • service delivery in principle free of charge


Co operation between government levels

Co-operation between government levels

  • in Belgium, a co-operation agreement has been signed between federal government, regions and communities

    • coordinated offer of e-services to citizens/companies

    • guarantee that a citizen/company can use the same tools

      • terminal

      • software

      • electronic signature

    • guarantee of a unique data collection from the citizen/company

    • with respect for the partition of competences between government levels


Co operation agreement between government levels

Co-operation agreement between government levels

  • co-ordinated, customer oriented service delivery

  • agreements have to be made on common standards

  • mutual tuning of portals, middleware, websites and back offices

  • use of common identification keys and electronic signature

  • mutual tuning of business processes when necessary

  • gradual mutual task-sharing on data storage in authentic form

  • common policy on SLA’s and security


Co operation government and private sector

Co-operation government and private sector

  • private companies as service providers (sharing of investments), e.g.

    • network and security management

    • co-sourcing in BPR and development/maintenance/housing of ICT building blocks, e.g.

      • certification authorities

      • portals

  • private companies as partners

    • integrated work flow with their own information systems, e.g.

      • e-procurement

      • tax declaration

      • social security declarations


Changes of the legal environment

Changes of the legal environment

  • organization of integrated data management and electronic service delivery: legal base for Royal Decree exists

    • functional task sharing on information management

    • obligation to respect unique data collection from the customer

    • obligation to exchange information in an electronic way

    • permission or obligation to use unique identification keys

  • harmonization of basic concepts


Changes of legal environment

Changes of legal environment

  • ICT-law

    • data protection

    • public access to information

    • electronic signature

    • probative value

  • no overregulation

    • only basic principles

    • technology-neutral, but not technology unaware


Interoperability framework

Interoperability framework

  • goal: to guarantee the ability of government organizations and customers to share information and integrate information and business processes by use of

    • interoperable ICT

    • common security framework

    • common identification keys/sets for every entity

    • harmonized concepts and data modelling


Ict interoperability

ICT interoperability

  • examples on

    • www.govtalk.gov.uk and www.e-government.govt.nz (recent frameworks based on actual open ICT standards, to be implemented)

    • www.ksz.fgov.be (framework started in 1991 and implemented between 2.000 Belgian social security institutions, with unique gateway to foreign social security institutions within the EU, and continuously adapted to evolving and proven ICT standards with backwards compatibility)

  • tendency to use of open ICT standards

  • but ICT is so dynamic and fast changing that ICT standards are in an almost constant state of evolution

  • huge need to agreements on how to ensure functional interoperability, far beyond technical interoperability


Functional ict interoperability

Functional ICT interoperability

  • standardized codification (e.g. institutions, return codes, …)

  • standardized use of objects and attributes

  • standardized layout of header of messages, independent from information exchange format (EDI, XML, …) and type of information exchange

  • version management

  • backwards compatibility

  • SLA’s on availability and performance of services

  • access autorisation management

  • anonimization rules

  • acceptation and production environments

  • priority management


Common security framework

Common security framework

  • issues

    • confidentiality

    • integrity

    • availability

    • authentication

    • autorisation

    • non-repudiation

    • audit


Common security framework1

Common security framework

  • specific points of interest

    • risk awareness based on risk analysis

    • security policies

    • structural and organisational aspects

    • encryption standards

    • interoperability of

      • PKI

      • electronic certificates

        • procedures (registration authority, certification authority)

        • difference between identification certificates and attribute certificates

        • attributes, optional fields

      • revocation lists

      • directories

    • application security


Common identification keys

Common identification keys

  • at least common identification keys and identification sets for every entity

    • person

    • company

    • patch of ground

  • between nations

    • unique schemes

    • conversion tables

  • regulation of interconnection of information based on unique identification keys


Common identification keys1

Common identification keys

  • characterictics

    • unicity

      • one entity – one identification key

      • same identification key is not assigned to several entities

    • exhaustivity

      • every entity to be identified has an identification key

    • stability through time

      • identification key doesn’t contain variable characterics of the identified entity

      • identification key doesn’t contain references to the identification key or characteristics of other entities

      • identification key doesn’t change when a quality or characteristic of the identified entity changes


Harmonized concepts and data model

Harmonized concepts and data model

  • standard elements

    • with well defined characteristics

    • used within all services

  • OO-oriented, e.g. inheritance in a multilingual environment

  • version management in an ever changing environment

  • define once, use many (different presentations)

  • workflow for validation of standard elements and characteristics

  • multi criteria search

    • by element

    • by scheme

    • by version


A methodology to harmonize concepts

A methodology to harmonize concepts

  • inventory of all documents (frequently) used for information collection

  • inventory of collected information

  • classification of collected information using a clustering methodology

  • decomposition of collected information into “real life” classes with description of the asked attributes

  • analysis of goals: what is every “real life” classes used for ?

  • setting up of simplification propositions (e.g. senseless different treatment of same “real life” object)


A methodology to harmonize concepts1

A methodology to harmonize concepts

  • based on the simplification propositions, framing out of an OO information model for information to be collected

  • design of XML-schema’s for the collecting of the information, corresponding to the OO information model

  • legislative adaptations in order to introduce the uniform definitions of the information classes

  • procedures in order to guarantee the consistency of the OO information model in an ever changing legal environment


Some interesting belgian projects

Some interesting Belgian projects

  • social security sector

  • network of service integrators

  • integration of portal sites

  • electronic identity card


Social security

Social security

  • social security is a protection system against a variety of social risks

    • childhood

    • health care

    • incapacity for work due to

      • sickness

      • accidents

    • unemployment

    • old age

  • due to limited financial means, social security needs to work critically


Definition of the problem

Definition of the problem

  • in most countries, a lot of institutions are active in social security

  • information is one of the main production factors for each of these institutions

  • the information needed by the institutions is quite similar

    • identification data

    • data concerning the professional and social status

    • periodical data related to working periods and wages

    • data concerning certain events, e.g. the occurence of a social risk


Definition of the problem1

Definition of the problem

  • lack of integration leads to

    • overloading of the citizens/companies

      • multiple collection of the same information by several governmental institutions

      • no re-use of available information

      • avoidable contacts with citizens/companies due to multiple, unco-ordinated quality checks

    • waste of efficiency and time within the governmental institutions

    • suboptimal support of the policy made by government

    • higher possibilities of fraud


Possible solutions

Possible solutions

  • central data management (big brother concept)

    • not frequently implemented

      • privacy protection

      • technical feasability

      • threat for the autonomy of the institutions

  • distributed data management (network concept)

    • decentralised but unique data gathering

    • decentralised and distributed data storage, with functional task-sharing between social security institutions

    • data exchange via a network


Belgian social security sector

Belgian social security sector

  • principles have been implemented under co-ordination of the Crossroads Bank for Social Security, in co-operation with 2.000 public and private social security institutions

  • functional and technical interoperability framework is functioning

    • between these institutions

    • between these institutions and all employers

  • every socially insured person has a unique identification key throughout the whole social security sector and an electronically readable social identity card containing this identification key


Interoperability within social security

fonds de

séc. exist.

Interoperability within social security

onss

spf

ss

onssapl

inasti

FEDICT

&

National

Register

cpsm

spf

e & t

onafts

Crossroads Bank

for

Social Security

onem

adp

inami

fat

sickness funds

network

cimire

fmp

onp

onva

ossom


Reference directory

Reference directory

  • serves as a base for organization of information flows

  • structure

    • directory of persons: what persons in what capacities have personal files in what social security institutions for what periods

    • data availability table: what data are available in what social security institutions for what types of files

    • access authorization table: what data may be transmitted to what institutions for what types of files

  • functions

    • routing of information

    • preventive access control

    • automatic communication of changes to information


Information security

Information security

  • institutional measures

  • organizational and technical measures based on ISO 17799

  • legal measures


Institutional measures

Institutional measures

  • no central data storage

  • independent Control Committee

  • preventive control on legitimacy of data exchange by Crossroads Bank according to authorizations of the independent Control Committee

  • information security department in each social security institution

  • specialized information security service providers

  • working party on information security


Independent control committee

Independent Control Committee

  • assigned by Parliament

  • competences

    • supervision of information security

    • authorizing the data exchange

    • complaint handling

    • information security recommendations

    • extensive investigating powers

    • annual activity report


Information security department

Information security department

  • in each social security institution

  • composition

    • information security officer

    • one or more assistants

  • control on independence and permanent education of the information security officers is performed by the Control Committee

  • the Control Committee can allow to commit the task of the information security department to a recognized specialized information security service provider


Information security department tasks

information security department

recommends

promotes

documents

controls

reports directly to the general management

formulates the blueprint of the security plan

elaborates the annual security report

general management

takes the decision

is finally responsible

gives motivated feedback

approves the security plan

supplies the resources

Information security department: tasks


Contents of the security report

Contents of the security report

  • general overview of the security situation

  • overview of the activities

    • recommendations and their effects

    • control

    • campaigns in order to promote information security

  • overview of the external recommendations and their effects

  • overview of the received trainings


Specialized information security service providers

Specialized information security service providers

  • to be recognized by the Government

  • recognition conditions

    • non-profit association

    • having information security in social security as the one and only activity

    • respecting the tariff principles determined by the Government

  • control on independence is performed by the Control Committee


Specialized information security service providers1

Specialized information security service providers

  • tasks

    • keeping information security specialists at the disposal of the associated institutions

    • recommending

    • organizing information security trainings

    • supporting campaigns promoting information security

    • external auditing on request of the institution or the Control Committee

  • each institution can only associate with one specialised information security service provider


Working party on information security

Working party on information security

  • composition

    • information security officers of all institutions

  • task

    • coordination

    • communication

    • proposal of minimal security conditions

    • check list

    • recommendations to the Control Committee


Organizational technical measures

Organizational & technical measures

  • security policies

  • classification of information

  • security requirements towards the personnel

  • physical protection

  • management of communication and service processes

  • processing of personal data

  • logical access control

  • development and maintenance of systems

  • continuity management

  • internal and external control

  • communication to the public of the policy concerning security and the protection of privacy


Legal measures

Legal measures

  • obligations of the controller

    • principles relating to data quality

    • criteria for making data processing legitimate

    • specific rules for processing of sensitive data

    • information to be given to the data subject

    • confidentiality and security of processing

    • notification of the processing of personal data

  • rights of the data subject

    • right of information

    • right of access

    • right of rectification, erasure or blocking

    • right of a judicial remedy

  • penalties


Information servers

Information servers

  • information servers

    • directory of persons of the Crossroads Bank

    • National Register

    • Crossroads Bank Registers

    • work force register

    • wages and working time database (LATG) of the ONSS

    • employers directory (WGR) of the ONSS

    • database of contribution certificates

    • SIS-card and professional card registers

  • services offered

    • interactive consultation

    • batch consultation

    • automatic communication of updates


National register cbss registers past situation

National Register - CBSS Registers - past situation

National Register

Municipalities


National register cbss registers present situation

National Register - CBSS Registers –present situation

National Register

Municipalities


Preprocessed messages

Preprocessed messages

  • preprocessed messages

    • beginning/end of labour contract, beginning/end of self-employed activity

    • contribution certificates medical care (employees, self-employed, beneficiaries of social security allowances)

    • unemployment benefits – career break

    • allowances for incapacity for work (health care, accidents at work, occupational disease)

    • young unemployed

    • allowances to the handicapped

    • guaranteed income – social support

    • people suffering from long-term illness

    • social exemption

    • fiscal exemption

    • derived rights (e.g. tax reduction/exemption, free public transport, ...)

    • special contribution for social security

    • solidarity contribution on old age pensions

    • migrant workers


Preprocessed messages1

Preprocessed messages

  • services offered:

    • batch consultation

    • automatic communication of messages


Contribution certificate health care sector past situation

Contribution certificate health care sector –past situation

Employees

Employer

Sickness funds

Control

INAMI

ONSS


Contribution certificate health care sector present situation

Employees

Employer

KSZ-BCSS

Sickness funds

Control

ONSS

INAMI

Contribution certificate health care sector - present situation


Derived rights in tax affairs

Derived rights in tax affairs

  • a number of people are entitled to an increased refund of the costs for medical care

  • moreover, a number of municipalities and provinces grant these persons reductions or even exemptions of the taxes


Derived rights in tax affairs past situation

Derived rights in tax affairs - past situation

Sickness fund


Derived rights in tax affairs present situation

Derived rights in tax affairs - present situation

CBSS

sickness funds

network


Some figures

CBSS

Some figures

  • 339.137.455 exchanged messages in 2003

  • 15,1 million different persons known in directory of persons

  • on an average, every person is known in 6,6 sectors

  • response time on-line messages

question

question

answer

answer

96,1 % in < 1 sec

99,8 % in < 2 sec

99,2 % in < 4 sec


Social security card

Social security card

  • functions

    • reliable, electronically readable identification card in the hands of each social insured person, that contains the unique social security identification number

    • electronic support owned by every social insured person, containing information on his social security status needed by bodies not connected to the social security network

      • first application: proof of health care insurability status to health care professionals applying the third payer rule

  • protected memory chip card having a capacity of 8 kbits, respecting ISO 7816.1-7816.5

  • delivered to every insured person (10.000.000 cards)


S ocial security card

1234567890

key 2

Social security card

name

Christian name

date of birth

sex

social security number

period of validity of the card

card number

sickness fund

sickness fund registration number

insurance period

insurance status

social exemption status

key 1

other data to be added in the future,

if useful


S ocial security card example 1

Decryption card

CIN

CBSS

Social security card - example 1

Social identity card

in chemistries

and hospitals

Sickness fund 1

Sickness fund 2

Sickness fund 3


S ocial security card example 2

Social security card - example 2

EMPLOYER

ONSS

CBSS


Interoperability outside social security

R

Interoperability outside social security

Internet

Publilink

R

R

Access servers

R

FedMAN

FW

R

R

Internet

services

Other extranets

FW

R

Backbone

FW

FW

FW

FW

FW

FW

R

R

R

R

R

Crossroads bank for social security

R

R

R

R

R


Social security portal

Social security portal


Integrated service delivery

Integrated service delivery

  • common basic services (e.g. single sign on, notification

  • information

  • several categories of transactions

    • transactions at the beginning or the end of employment (DIMONA)

    • quarterly declaration of wages and working time

    • transactions when a social risk occurs

    • transactions in order to manage information about yourself

    • transactions in order to control the quality of the service delivery process

    • ...


Integrated service delivery ctd

Integrated service delivery (ctd)

  • harmonized concepts

  • harmonized data model and XML-schemes

  • self-service and personalization

  • customer relation management

  • contact center


Transactions at beginning end of employment

Transactions at beginning/end of employment

Simplification

Employment

contract

Work force

register

Special

work force

register

Indivudual

document

Students

contract

Online

consultation

ONSS

Inspection

Work force

register

Data-

base


Immediate declaration of employment

Immediate declaration of employment

  • can only be done electronically via

    • social security portal

    • FTP/MQSeries

    • interbanking network

    • vocal server

  • 24/7

  • offers the employer a key to on-line consultation and correction

    • of the database on employment

    • by using a electronic certificate, of the database concerning wages and working time and other derived databases

    • concerning his employees and the period of employment


Quarterly declaration wages working time

Activiteit 3

Activiteit 2

Activiteit 1

ONAFTS

ONEM

ONVA

INAMI

ONP

FMP

FAT

Quarterly declaration wages & working time

Simplification

Employer

one electronic

declaration

ONSS

old age pension

CBSS

holiday pay


Quarterly declaration wages working time1

Quarterly declaration wages & working time

  • can only be done electronically via

    • social security portal

    • FTP/MQSeries

    • interbanking network

  • 24/7

  • can, by using an electronic certificate

    • be consulted and corrected on-line by the employer

    • concerning his employees and the period of employment


Ele c troni cal declaration of social risks

Electronical declaration of social risks

  • past situation: multiple collection of information by using various, complex, not co-ordinated paper forms


Ele c troni cal declaration of social risks1

Electronical declaration of social risks

  • actual situation

    • limitation of the collected information to the information not yet available at other public services (abolition or at least significant simplification of forms)

    • unique collection of information from the employer

    • in a standardized way across all social security institutions

    • can be done on paper or electronically (24/7) via

      • social security portal

      • FTP/MQSeries

      • interbanking network

    • uniform instructions


Operational transactions

Operational transactions

  • quarterly multifunctional declaration of wages and working times to the National Office for Social Security (NOSS)

  • correction of the quarterly declaration to the NOSS

  • DIMONA-declaration

  • consultation of the work force register

  • consultation of the directory of employers

  • integrated electronical declaration of building yards

  • consultation of overdue payments of social security contributions by an employer

  • declaration of temporary employment of foreign employees in Belgium

  • declaration of temporary unemployment

  • consultation of the holiday database

  • declaration of an industrial accident, monthly report and resumption of work after an industrial accident


Operational transactions1

Operational transactions

  • declaration of the beginning of a part-time job with retention of rights to unemployment benefits (unemployment sector)

    • private sector

    • education, municipalities or provinces

  • monthly declaration of part-time work for the calculation of guaranteed income payments (unemployment sector)

    • private sector

    • education, municipalities or provinces

  • monthly submission of work as an employee employed in a protected workplace (unemployment sector)

  • monthly submission of work in the framework of an activation programme (unemployment sector)

  • declaration for the establishment of young people’s vacation rights (unemployment sector)

  • monthly declaration of young people’s vacation hours (unemployment sector)

  • annual submission of temporary unemployment

  • monthly submission of hours of temporary unemployment

  • authorized request for the temporary removal of a pregnant employee (sector of professional diseases)


Further evolution

Further evolution

  • beginning 2005

    • application for unemployment benefits

    • declaration of fulltime or half-time early retirement

    • declaration of the removal of a pregnant employee

  • at a date still to be fixed

    • electronic data exchange between sickness funds and employers necessary to deal with an application for benefits in case of incapacity for work, maternity leave, complete or partial leave from work as a measure to protect motherhood, leave for fatherhood

    • declaration of resumption of work after a period of incapacity for work

    • declaration of an employee’s holiday days

    • declaration of extension post-natal leave


European framework

European framework

  • Treaty of Rome: free movement of persons => need for co-ordination between social security schemes of the Member States

  • Co-ordination Regulations 1408/71 and 574/72:

    4 basic principles:

    • only one applicable national legislation per period

    • equal treatment: no discrimination based on nationality

    • aggregation of insurance, employment and residence periods

    • exportability of rights

  • co-ordination regulations imply a lot of information exchange between social security institutions of different Member States


Current situation

Current situation

  • a lot of information is still exchanged on paper forms (E-forms)

  • elaborated by the Administrative Commission on Social Security for Migrant Workers

  • with same structure and contents in all official languages of the European Union

  • 78 types of forms

  • exchange of paper forms appears cumbersome, complicated and expensive

  • this may deter possible migrant workers


Role of tess

Role of TESS

  • TESS = TElematics for Social Security

  • managed by Technical Commission on Data Processing

  • set up to develop telematic services for the implementation of the Union provisions on social security


Global aim

Global aim

  • the quality level of services provided by a social security institution to an insured person may not decrease because this person (e.g. migrant or frontier worker, tourist, student, pensioner, ...) made use of his right to move within the EU

  • therefore, administrative procedures should be simplified by interconnecting the information systems of the social security institutions involved

  • in order to improve the acquisition of rights, the award and the payment of benefits resulting from the application of the Regulations 1408/71 and 574/72


Staged implementation strategy

Staged implementation strategy

  • exploration of problems and solutions

  • building up of a reference system in the pension and the health care sector

  • expansion of the reference system to all institutions concerned from all sectors from all Member States


Exploration of problems and solutions

Exploration of problems and solutions

  • analysis of the major problems encountered with the current paper form exchanges

  • definition of common architecture rules

    • identification set

    • TESS domain for interoperability

    • forwarding point concept

    • use of standards

  • validation by a prototype in the old age pension sector between 7 institutions from 7 Member States

  • elaboration of the TESS Master Plan


Problems encountered with paper forms

Problems encountered with paper forms

  • difficulties identifying the insured person

  • difficulties determinating the competent social security institution in another Member State

  • problems of interpretation of the exchanged forms

  • inability to adapt the forms quickly

  • conflicts between data protection and the obligation to exchange information

  • difficulties in managing the exchange procedure

  • difficulties for the insured person in acquiring appropriate advice


Identification of the insured person

Problems

the data necessary for the identification varies from Member State to Member State and sometimes even from one sector of social security to another within the same Member State

each institution only registers the identification data it needs itself

Elements of solution

definition of a basic identification data set for each country

each institution that sends a form agrees to provide the identification set related to the destination state

each institution that receives a form agrees to be able to identify a person on the base of this set

Identification of the insured person


Designation of the competent institution

Problems

the criteria defining the competence of institutions vary from Member State to Member State and from one social security sector to another:

territorial criteria

employment criteria

free choice of the insured

Elements of solution

each institution that sends a form agrees to provide the adequate criteria for the designation of the competent institution in the destina-tion state

a unique entry point (forwarding point) per social security sector in each state is responsible for the routing to the competent institution in that state

Designation of the competent institution


Problems of interpretation

Problems

different alphabets

different languages

too much free text

basic concepts vary from Member State to Member State => problems of conceptual translation

insufficient knowlegde of the foreign and inter-national law which institutions are rarely confronted with

Elements of solution

maximal structuring of the possible answers

glossary of concepts containing links between the basic concepts of the different Member States

offices specialised in foreign and international law

the law of a Member State is always applied by an institution of that Member State

Problems of interpretation


Inability to adapt the forms quickly

Problems

the elaboration and adaptation procedures of the forms are lenghty and expensive => the official forms are inappropriate => unofficial variants are created and used

result:

administrative problems

delays for the insured persons

Elements of solution

to encourage the exchange of electronic forms

modular structure of the forms: directory of possible questions, related to the glossary of concepts

Inability to adapt the forms quickly


Data protection

Problems

some Member States forbid the export of data to other Member States which don’t guarantee an equivalent data protection

lack of coordination of organisational and technical data protection measures

Elements of solution

implementation of the directive 95/46/EC and 02/58/EC in each Member State

minimum organisational and technical security norms

Data protection


Managing the exchange procedure

Problems

no following up of exchanged forms

no statistics about the exchange procedures

Elements of solution

systematic acknowledge-ment of receipt of forms

interchange agreements

interchange management by statistics

Managing the exchange procedure


Identification set

Main Information

national registration key (NRK)

in the receiving Member State

surname at birth

current surname

Christian name

date of birth

place of birth

Complementary information in case of missing NRK

sex

last address in the receiving Member State

Identification set


Tess national domains

National Domain

National Domain

CI

CI

CI

CI

National

National

Domain

Domain

FP

FP

CI

CI

TESS

FP

FP

Domain

CI

CI

FP

FP

Legend

CI

CI

CI: Competent Institution

FP: Forwarding Point

CI

CI

National

Domain

National Domain

TESS & national domains


Today s situation

Today’s situation

  • the Master Plan is the basis for all of the work

  • an inventory of decisions describes all common architectures rules

  • tangible results are achieved with the operational exchange of E2XX and E5XX messages in the old age pension sector and the forms E125 and E127 in the health care sector

  • exchange of other E1XX messages in the health care sector is being developed

  • gradual evolution from EDIFACT to XML


Towards a network of service integrators

Towards a network of service integrators

Service

integrator

R/CPS

R/CPS

Services

repository

Extranet

region or community

Service

integrator

(CBSS)

Services

repository

SSI

Extranet

social

security

SSI

Internet

Municipality

FPS

SSI

Publilink ?

FPS

FEDMAN

Services

repository

Service

integrator

(FEDICT)

Province

City

FPS

Services

repository


Towards a network of service integrators1

Towards a network of service integrators

  • type of exchanged information

    • structured data

    • documents

    • images

    • multimedia

    • metadata

    • business processes

  • using web services


Towards a network of service integrators2

Towards a network of service integrators

  • useful functions of service integrators (FEDICT, CBSS, …)

    • secure messaging

    • business logic and work flow support

    • directory of authorized users and applications

      • list of users and applications

      • definition of authentication means and rules

      • definition of authorization profiles

        • which service is accessible to which type of user/application for which persons/companies in which capacities in which situation and for which periods

    • directory of data subjects

      • which persons/companies in which capacities have personal files in which institutions for which periods

    • subscription table

      • which users/applications want to receive automatically which services in which situations for which persons in which capacities


Towards a network of service integrators3

Towards a network of service integrators

  • key issues

    • evolution of standards

    • collaboration with vendors

    • not limited to public agencies

    • national, European & international standards

    • every partner is free to implement internally in his own way: black box philosophy


Portal sites actual situation

Portal sites: actual situation

intermediaries

employees

suppliers

  • customers

  • citizens

  • companies

partners

  • PORTAL B

  • single sign on

  • personalization

  • user groups

  • multi-channel

  • aggregation

  • PORTAL A

  • single sign on

  • personalization

  • user groups

  • multi-channel

  • aggregation

content

management

business

intelligence

business

intelligence

content

management

directory

  • back-end

  • systems, e.g.

  • ERP

  • groupware

  • DB’s

  • applications

directory

  • back-end

  • systems, e.g.

  • ERP

  • groupware

  • DB’s

  • applications


Portal sites

Portal sites

  • need to strike the right balance between roles in delivering e-government services: not a single, but many one-stop shops (public and private)

Content and Services

Public

Private

Private

Channel

PPP

Public

Source: Andrea Di Maio - Gartner


Portal sites1

Portal sites

  • public institutions need to concentrate on core activities, such as

    • information

      • modular

      • up to date

      • information blocks concerning public services

      • with standardized metadata

      • based on standardized thesauri

      • in generally accessible content management systems

      • with separation between content and metadata (reuse, don’t rewrite)

      • that can be submitted to automatical re-indexation

    • transactions

      • applications that can be easily integrated in private or public portal sites


Portal sites2

Portal sites

  • public portals should have added value

    • integration of services

      • information

      • work flow based on life events of the customers

      • integration with work flow of customers

    • coordinated basic services for own customers

      • single sign on

      • ticketing

      • logging

      • notification service


Portal sites to be situation

Portal sites: to be situation

intermediaries

employees

suppliers

  • customers

  • citizens

  • companies

partners

  • PORTAL A

  • single sign on

  • personalization

  • user groups

  • multi-channel

  • aggregation

  • PORTAL B

  • single sign on

  • personalization

  • user groups

  • multi-channel

  • aggregation

directory

directory

  • back-end

  • systems, e.g.

  • ERP

  • groupware

  • DB’s

  • applications

  • back-end

  • systems, e.g.

  • ERP

  • groupware

  • DB’s

  • applications

business

intelligence

content

management

content

management

business

intelligence


Portal sites3

Portal sites

  • other key issues

    • multidimensionality: accessibility of same services through different « views »

    • multi channel enabling

    • citizen/company relation management

      • integrated service delivery, across all used channels

      • personalization of service delivery

        • first step: personalized home page for every company on social security portal

      • evolution to push system

      • quality control

      • feedback mechanisms for permanent improvement of service delivery

    • contact center


Electronic identity card

Electronic identity card

  • retained functions

    • visual and electronic identification of the holder

    • electronic authentication of the holder via the technique of the digital signature

    • generation of electronic signature via the technique of the digital signature (non repudiation)

    • proof of characteristics of the holder via the technique of the digital signature on the initiative of the holder

    • only identification data storage

    • no electronic purse

    • no biometry


Electronic identity card content

Electronic identity card: content

  • visual

    • identification data: name, first names, sex, date and place of birth

    • National Register number

    • photograph

    • card number

    • validity period

  • electronic

    • serial number (sn)

    • National Register number (nrn)

    • card number (cn)

    • visual identification data + sn + nrn + cn (signed by National Register = sig1)

    • address + sig1 (signed by National Register = sig2)

    • photograph + sig1 (signed by National Register = sig3)


Organization model

Organization model

  • government chooses card producer and certification authority issuing the identity certificates as a result of a public call for tenders

  • the municipality calls the holder for the issuing of the electronic identity card

  • the municipality acts as registration authority for 2 certificates: authentication and electronic signature

  • 2 key pairs are generated within the card at production time and the private keys are stored within the chip of the card


Organization model1

Organization model

  • the 2 certificates are created by the certification authority, but published only when the holder agrees

  • the use of the private keys within the chip needs an activation of the card by a municipal official using his PUK2 and the PUK1 sent to the holder

  • first authentication within one session (first private key) and every generation of an electronic signature (second private key) requires the PIN code of the holder

  • the second private keys and the identity certificate on the electronic identity card can be used to generate an electronic signature within the scope of E-government applications which require such a signature


Organization model2

Organization model

  • the electronic identity card contains the necessary space to store other private keys associated to attribute certificates that holder can obtain at the certification authority of his choice


Organization model3

1

1

ERA

1

2

VRK

VRK

10

CM/CP/CI

3

CA

CA

Meikäläinen

Bull

Bull

Matti

PIN & PUK1

-

code

8

6

4

9

5

7

Organization model


No storage of electronic data on the card

No storage of electronic data on the card

  • why not ?

    • preventing perception of the card as a big brother

    • preventing loss of data, when the card is lost

    • preventing frequent updates of the card

  • stimulation of the controlled access to data over networks, using the card as an access tool, rather than storage of data on the card

  • thus, no integration of SIS-card and electronic identity card


Technical characteristics

Technical characteristics

  • security policy conform to the BelPIC document

  • secure infrastructure between National Register and service providers

  • smart card

    • support

      • format ID-1 (ISO 7816-1)

      • rainbowprint

      • fluorescent marks (UV)

      • an other substrat for impression

      • printing in OVI

      • micro-letter

      • kinegram

      • photograph

      • card number


Technical characteristics1

Technical characteristics

  • smart card (ctd)

    • chip: ISO 7816-2 to 9 (format, command) and PKCS#15 (structure file and identifier)

    • protocol : T=0

    • functions: PKCS#11 & ISO 7816-4-8-9

    • certificates: X.509 V3

    • concrete implementation: proposal of JavaCard SLE66CX322P - 32KB

  • identity certificate status validation: OCSP


Critical success factors

Critical success factors

  • E-government as a structural reform process

    • process re-engineering within and across public institutions

    • back-office integration for automatic granting of services

    • integrated and personalized front-office service delivery

  • support of and access to policymakers at the highest level

  • co-operation between all actors concerned based on repartition of tasks rather than centralization of tasks

  • quick wins combined with long term vision

  • focus on more efficient and effective service delivery rather than on the fight against fraud

  • respect for legal repartition of competences between actors

  • legal framework

  • creation of an institution that stimulates and co-ordinates


Most important barriers

Most important barriers

  • privacy and security

  • average public sector project is more complex than average private sector project, due to

    • interaction with a larger number of stakeholders (elected officials, public employees, members of interest groups, voters, tax payers, recipients of public services, other governmental institutions, other government levels, …)

    • execution in a less stable environment

  • complexity of BPR in a government environment

  • race for quick wins (cf surveymania) doesn’t stimulate development of well conceived systems based on re-engineering


Most important barriers1

Most important barriers

  • public sector tends, perhaps for reason of prestige, to favour tailor-made, high-risk, state-of-the-art solutions even when alternative, off-the-shelf, cheap, tried and tested systems are available

  • in the public sector, there is typically no financial margin of value to be added by innovation

  • intermediaries often perceive e-government as a threat

  • skills and knowledge


Most important barriers2

Most important barriers

  • need for radical cultural change within government, e.g.

    • from hierarchy to participation and team work

    • meeting the needs of the customer, not the government

    • empowering rather than serving

    • rewarding entrepreneurship within government

    • ex post evaluation on output, not ex ante control of every input


More info

More info

  • Crossroads Bank for Social Security

    http://www.ksz.fgov.be

  • FEDICT

    http://www.fedict.be

  • portal sites

    • federal portal: http://www.belgium.be

    • social security portal: https://www.socialsecurity.be

  • personal website

    • http://www.law.kuleuven.ac.be/icri/frobben


Th@nk you

[email protected] you !

Crossroads Bank for Social Security

Federal Public Service for ICT (FEDICT)


  • Login