Skip to main content

A Follow-up Audit Report on the Issuance of Birth Certificates at the Department of State Health Services

December 2012

Report Number 13-013

Overall Conclusion

The Department of State Health Services (Department) fully or substantially implemented 8 (57 percent) of 14 recommendations from An Audit Report on the Department of State Health Services' Issuance of Birth Certificates (State Auditor's Office Report No. 10-011, November 2009).

Of the eight recommendations fully or substantially implemented:

- The Department fully implemented two recommendations for ensuring that it issues birth certificates only to qualified applicants and maintaining application records for the required time frames.

- The Department fully implemented one recommendation to accurately record in its internal Remittance System the funds that its Vital Statistics Unit receives.

- The Department fully or substantially implemented three recommendations related to certain security-related policies and procedures.

- The Department substantially implemented two recommendations related to its information system controls for passwords and disaster recovery testing.

While the Department has made progress in implementing the prior audit recommendations, it should continue its efforts to improve controls related to (1) its monitoring of local registrars' compliance with applicable laws and regulations, (2) its compliance with its Internal Security Manual, and (3) reviewing user access to its Texas Electronic Registrar (TER) system. Specifically:

- The Department should strengthen its monitoring of local registrars by updating its policies and procedures, requiring local registrars to submit self-assessments, documenting its selection process for monitoring visits, and maintaining an accurate list of completed monitoring visits.

- The Department should ensure that its Vital Statistics Unit complies with policies and procedures related to the destruction of birth certificates and obtaining all required employee signatures for confidentiality and computer use agreements.

- The Department should deactivate or update TER access for users with inappropriate access to that system and periodically review user access to TER to ensure that it appropriately restricts access based on each user’s job responsibilities.

The Department did not implement a prior recommendation to establish a process for monitoring or reviewing transactions processed using the "no fee" function in TER. (The no fee function is a function in TER that allows users to process a birth certificate request without assessing a fee.) The Department's Vital Statistics Unit uses that feature primarily to correct errors, void requests, document client communications, and issue certificates for military and school purposes.

Auditors communicated other, less significant issues to the Department's management separately in writing.

Contact the SAO about this report.

Download the Acrobat version of this report. (.pdf)