Sign in Subscribe

Highlights from NAPHSIS: Building the Next Layer of Digital Verification for Vital Records

Read key insights from SpruceID Founder & CEO Wayne Chang’s NAPHSIS session on strengthening public trust through secure, interoperable, and resident-controlled digital vital records.

Highlights from NAPHSIS: Building the Next Layer of Digital Verification for Vital Records

At the 2025 NAPHSIS Identity & Security Conference, SpruceID Founder & CEO Wayne Chang delivered a forward-looking talk on one of the most urgent challenges facing public agencies today: how to strengthen trust in identity systems at a time when AI-driven fraud, rising service demands, and evolving privacy expectations are reshaping the digital landscape. His presentation, Identity, Privacy, and Trust: Building the Next Layer of Digital Verification, outlined why verifiable digital credentials (VDCs) are rapidly becoming essential public infrastructure, and how states can implement them in a secure, privacy-preserving, and interoperable manner.

Why Digitizing Vital Records and IDs Matters Now

Wayne opened by posing a simple but foundational question: Why digitize anything at all? His answer touched on five pillars that define the next decade of digital public services:

  • Ease of use and replacement: Physical documents can be lost, damaged, or destroyed; digital versions can be instantly reissued after verification and accessed from everyday devices.
  • Defense against AI-enabled fraud: Today, AI can convincingly fabricate photos, videos, and even “selfie-verification” attempts. But cryptographically signed verifiable digital credentials remain trustworthy because they rely on secure issuer keys, not visual inspection.
  • Better privacy: Verifiable digital credentials allow individuals to share only the information required, such as proving age over 21 without disclosing a birthdate or address.
  • Lower costs: Digital documents reduce printing, postage, and manual processing. Even physical documents can be upgraded for improved security using inexpensive techniques such as QR-code signatures.
  • Interoperability: Open standards ensure that documents work across agencies, jurisdictions, and applications, enabling broader adoption and system-wide improvements.

Lessons from State-Level Deployments

SpruceID’s work with major state programs, such as the California DMV and the State of Utah, illustrates how digital identity can be delivered at scale.

California: Mobile DL/ID Built for Privacy

California’s statewide mobile ID program is designed for both offline airport use and secure online verification. Wayne highlighted features such as short-lived credentials, selective disclosure, and full alignment with CCPA and DMV rulemaking, ensuring resident privacy at every step.

Utah: Multi-Agency Verifiable Digital Credentials

Utah’s program enables agencies such as Local Health Departments and the Department of Natural Resources to issue secure, revocable, offline-capable credentials. Like California, Utah embeds strict privacy requirements, complying with the Utah Consumer Privacy Act (UCPA) and prohibiting unnecessary tracking or data reuse.

Across both states, the core lessons are consistent: adopt open standards, prioritize privacy, ensure multi-vendor support, and design for long-term governance.

How Verifiable Digital Credentials Work

Wayne offered a clear walkthrough of how verifiable digital credentials function across issuance, storage, and verification. These credentials are:

  • Tamper-proof and instantly detectable if modified.
  • Verifiable online or offline, eliminating the need for AI-spoofable photo checks.
  • Presentable via NFC or QR code, enabling consistent experiences across devices.

He also demonstrated how a digitally signed vital record, such as a birth certificate, can be issued by a county, added to a compliant wallet (e.g., DMV, Apple, Google), and instantly verified by relying parties. This flow connects seamlessly with existing systems such as HL7 and NAPHSIS EVVE, offering a bridge from long-standing vital records infrastructure to modern, cryptographically secure formats.

Advancing Digital Vital Records in 2026

To accelerate adoption, Wayne outlined four actionable steps for states and agencies:

  1. Standardize data formats and protocols to ensure strong security and interoperability.
  2. Define a complete set of end-to-end use cases, spanning residents, counties, healthcare, benefits, and federal partners.
  3. Engage a diverse ecosystem of verifiers, including those outside government.
  4. Publish procurement guidelines and model legislation to create a healthy, multi-vendor market.

These steps position digital vital records not as experimental add-ons, but as essential public infrastructure.

Policy Context: U.S. and Global Momentum

Lastly, Wayne highlighted the accelerating policy landscape:

  • In the US, more than 17 states already have TSA-accepted mobile IDs, expected to double by 2026. Forecasts suggest that by 2030, 143 million Americans could hold a mobile ID.
  • Utah’s SB 260 provides a model for privacy-first digital ID legislation, covering selective disclosure, no tracking, open standards, and mandatory acceptance of physical IDs.
  • In the EU, eIDAS 2.0 mandates a national digital identity wallet for all Member States by 2026, with strict privacy protections and broad cross-border acceptance.

Governments across the globe are converging on the same principles: local control, open standards, strong privacy, and vendor diversity.

A Trust Layer for the Future

The session closed with an invitation for collaboration. Building trustworthy digital identity systems requires coordination across agencies, states, vendors, and the broader public-sector community. However, the payoff is clear: more secure systems, greater privacy for residents, reduced risk of fraud, and faster, more efficient public services.

SpruceID’s work demonstrates that this future is already underway, and that digital vital records can serve as a foundational trust layer for the next generation of digital government. Learn how SpruceID can help your state advance secure, privacy-preserving digital vital records. Contact our team to get started.

Contact Us

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions. We build privacy-preserving digital identity infrastructure that empowers people and organizations to control their data. Governments, financial institutions, and enterprises use SpruceID’s technology to issue, verify, and manage digital credentials based on open standards.