Files
baya-monorepo/product/research/verification.html
T
2026-06-24 01:32:46 +03:30

82 lines
16 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Nurse Identity &amp; Credential Verification — Balinyaar docs</title>
<link rel="stylesheet" href="../assets/doc.css">
</head>
<body>
<div class="layout">
<aside class="sidebar">
<a class="brand" href="../index.html"><span class="dot"></span> Balinyaar docs</a>
<p class="tagline">Trust-first home-nursing marketplace · Iran</p>
<nav><div class="group"><div class="label">Start here</div><ul><li><a href="../index.html">Docs home</a></li><li><a href="../overview/platform-summary.html">Platform summary &amp; ground truths</a></li></ul></div><div class="group"><div class="label">Business requirements</div><ul><li><a href="../business/index.html">Overview &amp; MVP scope</a></li><li><a href="../business/01-actors-and-onboarding.html">1. Actors &amp; onboarding</a></li><li><a href="../business/02-nurse-verification.html">2. Nurse verification</a></li><li><a href="../business/03-service-catalog-and-pricing.html">3. Service catalog &amp; pricing</a></li><li><a href="../business/04-search-and-matching.html">4. Search &amp; matching</a></li><li><a href="../business/05-booking-and-scheduling.html">5. Booking &amp; scheduling</a></li><li><a href="../business/06-evv-and-service-delivery.html">6. EVV / service delivery</a></li><li><a href="../business/07-cancellation-and-refunds.html">7. Cancellation &amp; refunds</a></li><li><a href="../business/08-payments-and-escrow.html">8. Payments &amp; escrow</a></li><li><a href="../business/09-installments-bnpl.html">9. Installments / BNPL</a></li><li><a href="../business/10-payouts.html">10. Payouts to nurses</a></li><li><a href="../business/11-reviews-trust-and-safety.html">11. Reviews, trust &amp; safety</a></li><li><a href="../business/12-messaging-and-emergencies.html">12. Messaging &amp; emergencies</a></li><li><a href="../business/13-tax-invoicing-and-legal.html">13. Tax, invoicing &amp; legal</a></li><li><a href="../business/14-notifications-and-admin.html">14. Notifications &amp; admin</a></li></ul></div><div class="group"><div class="label">Database model</div><ul><li><a href="../data-model/index.html">Overview &amp; decisions</a></li><li><a href="../data-model/diagrams.html">Diagrams</a></li><li><a href="../data-model/01-identity-and-access.html">1. Identity &amp; access</a></li><li><a href="../data-model/02-geography.html">2. Geography</a></li><li><a href="../data-model/03-services-and-pricing.html">3. Services &amp; pricing</a></li><li><a href="../data-model/04-verification-and-credentials.html">4. Verification &amp; credentials</a></li><li><a href="../data-model/05-booking-and-scheduling.html">5. Booking &amp; scheduling</a></li><li><a href="../data-model/06-payments-ledger-and-refunds.html">6. Payments, ledger &amp; refunds</a></li><li><a href="../data-model/07-payouts.html">7. Payouts</a></li><li><a href="../data-model/08-bnpl.html">8. BNPL / installments</a></li><li><a href="../data-model/09-messaging.html">9. Messaging</a></li><li><a href="../data-model/10-reviews-and-records.html">10. Reviews &amp; records</a></li><li><a href="../data-model/11-notifications.html">11. Notifications</a></li><li><a href="../data-model/12-audit-config-and-reference.html">12. Audit, config &amp; reference</a></li><li><a href="../data-model/13-partner-centers-and-future.html">13. Partner centers &amp; future</a></li></ul></div><div class="group"><div class="label">Payments deep-dive</div><ul><li><a href="../payments/index.html">Overview &amp; exec summary</a></li><li><a href="../payments/iranian-payment-reality.html">Iranian payment reality</a></li><li><a href="../payments/escrow-ledger.html">Escrow as a ledger</a></li><li><a href="../payments/bnpl-landscape.html">BNPL landscape &amp; finding</a></li><li><a href="../payments/cancellation-and-payout.html">Cancellation &amp; nurse payout</a></li><li><a href="../payments/integration-notes.html">Integration &amp; schema touchpoints</a></li><li><a href="../payments/sources.html">Recommendations &amp; sources</a></li></ul></div><div class="group"><div class="label">Research &amp; strategy</div><ul><li><a href="index.html">Overview &amp; exec summary</a></li><li><a href="market-and-competitors.html">Market &amp; competitors</a></li><li><a href="problems-and-risks.html">Problems &amp; risks</a></li><li><a class="active" href="verification.html">Verification (research)</a></li><li><a href="legal-landscape.html">Legal landscape</a></li><li><a href="go-to-market.html">Go-to-market &amp; sources</a></li></ul></div><div class="group"><div class="label">Notes &amp; more</div><ul><li><a href="../notes/open-questions.html">Open questions</a></li><li><a href="../notes/future-ideas.html">Future ideas</a></li><li><a href="../wireframes/index.html">Wireframes</a></li><li><a href="../fa/index.html">Farsi documents</a></li></ul></div></nav>
</aside>
<main class="main"><div class="content">
<div class="topbar"><button class="theme-toggle" type="button" onclick="__t()">theme</button></div>
<h1 id="nurse-identity-credential-verification">Nurse Identity &amp; Credential Verification</h1>
<p><a href="index.html">← Research overview</a></p>
<blockquote><p><strong>Related:</strong> the product requirement <a href="../business/02-nurse-verification.html">Nurse Verification</a> and the schema <a href="../data-model/04-verification-and-credentials.html">Verification &amp; Credentials</a> implement the pipeline described here.</p>
</blockquote>
<p><strong>The question "is this nurse really who they say, and really licensed?" splits into two checks that should be separate pipeline stages:</strong></p>
<ul>
<li><strong>License check</strong><em>are they a registered nurse?</em> (professional registry)</li>
<li><strong>Identity + background check</strong><em>are they who they claim, with no disqualifying record?</em> (KYC + criminal record)</li>
</ul>
<h2 id="31-global-reference-models-best-practices-to-emulate">3.1 Global reference models (best practices to emulate) <a class="anchor" href="#31-global-reference-models-best-practices-to-emulate" aria-hidden="true">#</a></h2>
<ul>
<li><strong>USA — Nursys / e-Notify (the gold standard):</strong> the only national license database, fed by state Boards of Nursing; **e-Notify <em>pushes</em> license/discipline status changes<strong> to enrolled employers via a documented </strong>API**. (<a href="https://www.ncsbn.org/nursing-regulation/licensure/license-verification.page">NCSBN</a>, <a href="https://www.nursys.com/EN/ENDefault.aspx">Nursys</a>) — <em>lesson: continuous monitoring, not one-time vetting.</em></li>
<li><strong>UK — NMC register + DBS:</strong> the NMC online register (free, updated daily, search by 8-char PIN) answers <em>"are they licensed?"</em>; the separate <strong>DBS</strong> criminal-record check answers <em>"are they safe?"</em><em>lesson: keep the two checks distinct.</em></li>
<li><strong>Background-check vendors (Checkr, Sterling):</strong> API-first, built to embed in gig/marketplace flows; a caregiver check bundles criminal history, license verification, healthcare sanctions/exclusions, abuse-registry, employment/education, and re-screening. (<a href="https://checkr.com/our-technology/background-check-api">Checkr</a>, <a href="https://apidocs.sterlingcheck.app/">Sterling</a>)</li>
</ul>
<p><strong>A robust pipeline = consent → identity verification → license verification (primary source) → criminal + abuse-registry checks → employment/education → ongoing monitoring.</strong></p>
<h2 id="32-iran-specific-tooling-the-operative-part">3.2 Iran-specific tooling (the operative part) <a class="anchor" href="#32-iran-specific-tooling-the-operative-part" aria-hidden="true">#</a></h2>
<p>Iran has a usable stack, but it's <strong>fragmented across regulators</strong>, and the most sensitive check (criminal record) is <strong>consent-gated to the individual</strong>, not freely pullable by a company.</p>
<h3 id="a-professional-license-is-this-a-real-nurse-two-authorities-check-both">A) Professional license — "is this a real nurse?" (two authorities, check both) <a class="anchor" href="#a-professional-license-is-this-a-real-nurse-two-authorities-check-both" aria-hidden="true">#</a></h3>
<ul>
<li><strong>MoH professional-competency license — پروانه صلاحیت حرفه‌ای</strong> at <strong>Rn.behdasht.gov.ir</strong> — the newer, <strong>more authoritative</strong> credential. Issuing it already vets the nurse's <strong>scientific, ethical, health, AND criminal-record (سوء پیشینه)</strong> standing, and the MoH states it is <strong>required even for private in-home nursing.</strong> <strong>[the single most important credential to demand — it bundles a criminal-record screen]</strong> (<a href="https://behdasht.gov.ir/">behdasht.gov.ir</a>, <a href="https://www.heyvagroup.com/shownews/12145/">heyvagroup</a>)</li>
<li><strong>Iranian Nursing Organization (سازمان نظام پرستاری) — نظام پرستاری number</strong> via <code>ino.ir</code> / <code>membership.ino1.ir</code>. Reportedly allows third-party lookup/validation of a nurse's membership number; use as a <strong>cross-check.</strong> (<a href="https://www.heyvagroup.com/shownews/11343/">heyvagroup</a>)</li>
<li><strong>No public B2B API was found for either</strong> — realistic use today is <strong>require upload + manual verification against the official record.</strong> (The physician council's public <code>membersearch.irimc.org</code> shows what an equivalent nurse search could look like.) <strong>[absence of API is "not found," not positively confirmed — verify via a B2B portal]</strong></li>
</ul>
<h3 id="b-identity-verification-the-easy-layer-turnkey-apis-exist">B) Identity verification — the <em>easy</em> layer (turnkey APIs exist) <a class="anchor" href="#b-identity-verification-the-easy-layer-turnkey-apis-exist" aria-hidden="true">#</a></h3>
<p>A competitive market of Iranian <strong>e-KYC vendors</strong> sells ready APIs — <strong>buy this, don't build it:</strong></p>
<ul>
<li><strong>Shahkar (شاهکار):</strong> government service matching a <strong>mobile SIM ↔ national ID (کد ملی)</strong>; run by the CRA. Result in &lt;1 sec. <strong>Access is gated</strong> (approval + agreement + indirect connection via the "سرو/Sarva" platform), so <strong>consume it via a reseller</strong> rather than integrating directly. (<a href="https://fa.wikipedia.org/wiki/سامانه_شاهکار">fa.wikipedia</a>, <a href="https://finnotech.ir/">Finnotech</a>)</li>
<li><strong>National-ID validity &amp; name matching (صحت‌سنجی کد ملی):</strong> name + surname + کد ملی → match.</li>
<li><strong>Face/liveness matching against the national-card or civil-registry (ثبت احوال) photo:</strong> offered by <strong>Finnotech, U-ID (یوآیدی), Jibbit (جیبیت), Farashensa (فراشناسا), Verify (ونیفای), Kavoshak (کاوشک)</strong> and others — liveness + face match + OCR, often 513M+ verifications of track record. (<a href="https://asretarakonesh.ir/index.php/2024/01/02/نگاهی-به-خدمات-۸-شرکت-ایرانی-فعال-در-حوز/">Asr-e Tarakonesh: 8 Iranian KYC firms</a>)</li>
<li>These vendors handle the regulator-gated upstream connections for you; a registered company signs up and consumes REST APIs.</li>
</ul>
<h3 id="c-criminal-record-گواهی-عدم-سوء-پیشینه-consent-gated-no-company-api">C) Criminal record — گواهی عدم سوء پیشینه (consent-gated, no company API) <a class="anchor" href="#c-criminal-record-گواهی-عدم-سوء-پیشینه-consent-gated-no-company-api" aria-hidden="true">#</a></h3>
<ul>
<li>The official "no criminal record" certificate, obtained by the <strong>individual</strong> online via <strong>adliran.ir</strong> using their personal <strong>ثنا (Sana)</strong> password, or in person via <strong>پلیس +۱۰</strong>. (<a href="https://www.heyvalaw.com/web/articles/view/1865/">heyvalaw</a>)</li>
<li><strong>A platform cannot pull it</strong> — there is <strong>no third-party/employer API</strong>; issuance is bound to the person's own ثنا password. <strong>Realistic design: require the nurse to obtain their own certificate and upload it, then re-request periodically</strong><em>and note it's already embedded in the MoH پروانه صلاحیت حرفه‌ای</em>, so demanding that license partly covers it.</li>
</ul>
<h3 id="d-supporting-rails">D) Supporting rails <a class="anchor" href="#d-supporting-rails" aria-hidden="true">#</a></h3>
<ul>
<li><strong>ثنا (Sana):</strong> the judiciary's e-identity/notification system — relevant mainly as the <strong>gateway to the عدم سوء پیشینه certificate.</strong></li>
<li><strong>سجام (Sejam):</strong> capital-market (securities) KYC — <strong>largely irrelevant</strong> here except as proof that strong non-in-person e-KYC rails exist in Iran.</li>
</ul>
<h2 id="33-recommended-verification-pipeline-for-your-platform">3.3 Recommended verification pipeline for your platform <a class="anchor" href="#33-recommended-verification-pipeline-for-your-platform" aria-hidden="true">#</a></h2>
<div class="table-wrap"><table><thead><tr><th>Stage</th><th>Goal</th><th>Iran tool / how</th><th>Programmatic?</th></tr></thead><tbody>
<tr><td><strong>0. Consent</strong></td><td>Lawful basis to verify + store data</td><td>Explicit in-app consent at onboarding</td><td>n/a</td></tr>
<tr><td><strong>1. Identity</strong></td><td>Match person ↔ کد ملی ↔ phone ↔ face</td><td><strong>Shahkar</strong> + <strong>national-ID validity</strong> + <strong>video/photo liveness vs. national card</strong>, via <strong>one KYC vendor</strong> (Finnotech / U-ID / Jibbit / Farashensa / Verify)</td><td><strong>Yes — off-the-shelf API</strong></td></tr>
<tr><td><strong>2. License</strong></td><td>Verify nursing credential at source</td><td><strong>MoH پروانه صلاحیت حرفه‌ای</strong> (Rn.behdasht.gov.ir) as primary <strong>+</strong> <strong>INO نظام پرستاری number</strong> (ino.ir) as cross-check</td><td><strong>Manual</strong> (no public API found) — require upload + verify</td></tr>
<tr><td><strong>3. Criminal record</strong></td><td>No disqualifying record</td><td><strong>عدم سوء پیشینه</strong> — nurse self-requests via adliran.ir/ثنا and uploads; <em>partly covered</em> by the MoH license</td><td><strong>No company API</strong> — consent-gated, nurse-uploaded</td></tr>
<tr><td><strong>4. Ongoing monitoring</strong></td><td>Catch revocations/expiry</td><td>Periodic re-verification of license validity + re-request of عدم سوء پیشینه (e.g. annually); re-run Shahkar on phone change</td><td>Semi-manual; emulate Nursys e-Notify</td></tr>
</tbody></table></div>
<p><strong>Practical rules:</strong> (1) <strong>Buy identity verification</strong> through one KYC provider — it shifts the regulator-gated Shahkar/ثبت احوال access burden onto a vendor that already holds the agreements. (2) <strong>Anchor the license check on the MoH پروانه صلاحیت حرفه‌ای</strong> (it's State-mandated for in-home nursing and bundles a criminal screen). (3) <strong>Treat the criminal certificate as nurse-supplied + consent-gated.</strong> (4) <strong>Build continuous monitoring</strong>, not one-and-done. (5) <strong>Mind data-protection exposure</strong> — routing through a licensed KYC intermediary keeps you compliant.</p>
<a class="back-to-top" href="#">↑ Back to top</a>
</div></main>
</div>
<script>
(function(){var k='balinyaar-docs-theme';var s=localStorage.getItem(k);
if(s)document.documentElement.setAttribute('data-theme',s);
else if(matchMedia('(prefers-color-scheme: dark)').matches)document.documentElement.setAttribute('data-theme','dark');})();
function __t(){var d=document.documentElement;var n=d.getAttribute('data-theme')==='dark'?'light':'dark';
d.setAttribute('data-theme',n);localStorage.setItem('balinyaar-docs-theme',n);}
</script>
</body>
</html>