The first COVID-related federal stimulus payments were sent in the spring of 2020. Unfortunately, payments were sent to millions of taxpayers who were deceased at the time of payment.
Not only did this draw attention to the process and data used to identify CARES Act stimulus recipients, it renewed attention on the shortcomings of the Social Security Administration Death Master File SSA (DMF or SSDMF). With the recent stimulus checks being sent to millions and the potential for more disbursements in 2021, accuracy of the data used to distribute these funds is critical.
In June of 2020, the Government Accountability Office (GAO) issued a report which included data on the economic impact payments made under the CARES Act and reviewed the implementation of the stimulus roll out. The report revealed that while the IRS routinely uses the full DMF to detect and prevent fraudulent tax refund claims, for the stimulus roll-out these records were not used to stop stimulus payments to deceased individuals by the Treasury and its Bureau of Fiscal Services (BFS). Why?
> First, because IRS legal counsel advised that the IRS did not have the legal authority to deny payments to those who filed a return in 2018 and 2019 even if they were deceased at the time of payment. Therefore, the DMF was not used to stop payments to decedents for the first 3 of the 4 payment batches (72 percent of the payments disbursed). As a result, according to the June 30, 2020 audit report issued by the Treasury Inspector General for Tax Administration, 1.151 million payments totaling $1.6 billion went to decedents.
> Second, the GAO report also noted that while the IRS has full access to the SSA Death Master List, Treasury and its Bureau of Fiscal Service (BFS) do not. They only have access to an abbreviated version. Forbes reports that “the abbreviated version of the DMF is only 60 percent complete”. After the legal interpretation about screening against the DMF was revised, the IRS provided the BFS with temporary access to the full DMF to screen out decedents for future payments.
CONGRESSIONAL INQUIRY INTO USE OF THE DMF
As a result of the erroneous payments to decedents last spring, a bipartisan group of lawmakers asked what access additional agencies have to SSA’s Death Master Files before sending out stimulus payments. The lawmaker group directed their questions the Treasury Department, IRS and the SSA. One question the group posed to the SSA was “Do Treasury and IRS utilize the (a) Death Master Files, (b) Full Death File, or (c) any other death database(s) to preview eligibility before sending out the CARES Act economic impact payments? The June 2020 GAO report provides the answer and proposed that Congress act to explicitly amend the Social Security Act to allow the Treasury Department access to the full DMF moving forward in order to prevent future payments to decedents and ineligible individuals.
WHAT IS THE DEATH MASTER FILE?
The Death Master File (DMF) is a comprehensive database maintained by the United States Social Security Administration (SSA) that contains records of individuals who have died and had a Social Security number at the time of their death. The DMF is an important tool for various organizations such as financial institutions, insurance companies, and government agencies, as it enables them to verify the death of an individual and prevent fraud or identity theft. The DMF includes basic information such as the deceased person’s name, Social Security number, date of birth, and date of death. While the DMF is primarily used for legitimate purposes, it has also been the subject of controversy due to concerns about identity theft and privacy violations. In recent years, the SSA has implemented various measures to restrict access to the DMF and prevent unauthorized use.
The Death Master File (DMF) is compiled by the SSA and distributed via the National Technical Information Service (NTIS). The DMF is also known as the United States Social Security Death Index (SSDI) and is searchable database. The DMF is derived from Social Security Administration’s database known as the Numident, (short for the Numerical Identification System), which is the SSA’s repository containing data on all SSDI deaths recorded since 1936.
A US Social Security Death Index search can yield the name, Social Security Number (SSN), date of birth, and date of death of deceased individuals dating back to 1936. The DMF contains over 83 million records of deaths of individuals who had SSNs. The death records are considered public under the Freedom of Information Act and in its current form has been searchable since 1980 for records back to 1962.
A common question is “How often is the Social Security Death Index updated?” The SSDI is updated monthly and weekly. The updated version can be purchased from the Department of Commerce’s National Technical Information Service (NTIS) by public and private industries—government, financial, investigative, credit reporting, and healthcare institutions.
The Social Security Administration is responsible for the Death Master Files. One of the Social Security Office of the Inspector General’s key objectives is to improve the prevention, detection and recovery of improper payments due to SSN misuse. The OIG’s audit work has resulted in recommendations to increase the effectiveness of the DMF to detect potential Social Security fraud and overpayments. For example, in 2016 an OIG audit found that certain personally identifiable information had been excluded from the DMF which resulted in deaths not being captured appropriately. The audit also revealed that over a 5-year period, 69,863 SSNs tied to $3.9 billion in income had name/SSN combinations that did not match SSA records. The OIG recommended that the SSA develop a methodology to incorporate the missing data to prevent the future misuse of SSNs.
While the publicly available DMF is not a complete current list of all deaths in the US, it remains the best source of death data available. There are multiple data sources including financial institutions, federal/state agencies, postal authorities, decedents’ families, health care organizations, and funeral homes. There can be a lag in reporting that affects the currency of the information available. The Social does not guarantee 100% accuracy of the DMF data so a Social Security Index search cannot be used to definitively validate that a person is alive.
COMMON NAMES FOR THE SSA DEATH MASTER FILE
While it is not uncommon for federal databases to be known by more than one name, the DMF has an unusually large number of other designations driven in part by the many industries who both contribute to and use the file. Some common names for the file include the following:
> Full DMF File
> Death Master Index
> Death Master File Social Security
> Master Death File
> Limited Access Death Master File
> Social Security Index
> Social Security Death Index
> Social Security Deaths List
> United States Social Security Death Index
> US Social Security Death Index
LEVELS OF ACCESS
In addition to the numerous designations used for the DMF, it is also important to know how access to the data differs. There are two versions of this file which offer different levels of access: the full DMF and the Limited Access Death Master File (LADMF).
Full DMF – Key facts:
- The full file includes Death Records from both Numident & death data received from the States.
- The full DMF file is available only to certain Federal and State Agencies and is shared in accordance with Section 205(r) of the Social Security Act. Under Section 205 ( r) , the requesting agency must disclose and justify the legal authority for its request and also ensure that safeguards are in place to protect the sensitive data of decedents contained in the full file.
Limited Access Death Master File (LADMF)- Key facts:
- The LADMF contains only death records from Numident – not state death records.
- This public file is distributed by the NTIS to certified subscribers (such as state/federal agencies who do not meet the criteria for access to the full DMF file as well as banks, credit companies and health care entities).
- The primary purpose of the public file is to identify and prevent the use of a decedent’s identity for fraudulent purposes such as falsifying a job application or some financial deception.
- The certification criteria can be found in the NTIS certification form.
- Certified subscribers must associate the use of the list with an approved purpose which can include fraud detection and prevention or a specified business purpose. According to NTIS,
“Certified persons, also called Subscribers, must have a legitimate fraud prevention interest, or have a legitimate business purpose pursuant to a law, governmental rule, regulation, or fiduciary duty in order to be certified under the program.”
USES OF THE MASTER DEATH FILE IN HEALTH CARE
The DMF data is used by a multitude of industries and institutions. However, for the healthcare insurers and institutions, the database is a particularly critical tool for medical research and potential identity fraud:
- Medical researchers and hospitals track former patients for their studies and to obtain death information.
- Healthcare compliance/fraud professionals validate provider information verify provider identity as it relates to state/federal government databases and registries.
- Credentialing departments, as part of initial and ongoing screening of provider licensure rule out identity fraud. Using the credentials of a deceased provider to prescribe drugs, goods and/or services is an all-too-common fraud scheme.
- HR departments validate identity of potential employees prior to hire to ensure that excluded individuals or entities are not using false or stolen SSNs to obtain employment, as part of the background screening process.
- Identification of fraudulent insurance billing practices such as services by a deceased provider or services rendered to a deceased member.
USE OF THE MASTER DEATH FILE IN OTHER INDUSTRIES
Notwithstanding its significant limitations, the public DMF remains a valuable data source for preventing fraud and abuse in other industries as well. For example, a bank might check against the DMF to ensure that the SSN provided on a loan request wasn’t connected to a deceased person. Also, it is useful for government agencies, such as SSA and the Veterans Administration, to identify when benefit checks should cease.
In the life insurance industry, there has been concern expressed because the SSA does not independently verify all reports of a death before including in the DMF, which may result in inaccuracies that can lead to both individuals as well as the life insurers who are issuing policies With state regulatory agencies combing the DMF data to identify instances in which life insurers have erred in not issuing funds to beneficiaries of those who have died, these inaccuracies can lead to false claims of insurers.
For companies such as Streamline Verify which offer its clients automated screening against state and federal exclusion lists, the DMF is a standard component of its work to rule out discrepancies with regard to employee, provider, vendor and contractor identity found in the course of checking the various federal and state databases.
A HISTORY OF CHANGES TO THE DMF
In the last 10 years, there have been some significant changes to the DMF both in access and usage.
2011: A significant change to the DMF occurred in 2011 which continues to have ramifications today. The federal government applied a drastic change to the way that it processed data on reported deaths in order to compile the public Death Master File. In November 2011 the SSA reviewed its obligations towards certain state records and announced that it had a statutory obligation to keep that information derived from state records confidential. As a result, SSA removed about 4.2 million existing death records because they were based on information from proscribed state records.
The reason is largely due to death data ownership. States have long held (and Congress concurs) that states own the vital records of people who die within their boundaries. The sale of those records to the federal government is a source of revenue for states. However, the SSA interprets Section 205(r) of the Social Security Act as barring it from sharing the costs it pays for state data with other federal partners and the same law prohibits SSA from sharing state data with the private sector and most non-benefit-paying federal agencies. The change was unexpected and did not receive much publicity. It effectively resulted in the development of two versions of the DMF – the publicly available version and the complete version.
2014: NTIS limited the access to the DMF to companies who are able to demonstrate sufficient infrastructure to protect the security of their data, including security systems, facilities and procedures. Companies that seek access to the DMF must submit a written attestation from an “Accredited Conformity Assessment Body” (ACAB) to that effect. The ACAB may conduct periodic audits to verify the continued security of the data. Organizations must also be able to demonstrate a legitimate purpose pursuant to a law, government ruling, regulation or fiduciary duty. Companies granted access to the DMF are subject to penalties for unauthorized disclosures or use of the DMF, which can include a $1,000 fine per unauthorized disclosure to a non-certified person.
2021: With the enactment of the Consolidated Appropriations Act, 2021 (P.L. 116-260), Section 205(r) in January of 2021, SSA is now authorized to share its state-reported death data with the Treasury Department’s DNP portal. The SSA is required to do so for a period of three years beginning three years after enactment. Under this Act, SSA is authorized to use state-reported death data for certain verification purposes for outside entities, including verification systems for employers and state driver’s license agencies.
Specific to the 2020 coronavirus stimulus payments to deceased recipients, the IRS is now saying that the money needs to be returned. If the checks were sent by mail, they should be voided and mailed back to the IRS. If the payments were made via direct deposit, the taxpayer should write a check to the government and mail it in. Widows/Widowers who received joint payments have been advised to return the portion that applies to the deceased spouse. However, as noted in the June 2020 GAO Report, the IRS does not have a plan to take additional steps to notify ineligible recipients on how to return payments.
Despite its complex history and the challenges to its data sources, the pubic Death Master File remains the most accurate and reliable way to screen for death records – even with the reduced number of deaths reported. As state data expand as a share of SSA’s death data, the public file will include progressively fewer new death reports and become less useful as an anti-fraud or identity authentication tool or for the tracking of research subjects.
Streamline Verify works to provide all legally available death records presented through the National Technical Information Service Death Master File with the highest possible degree of accuracy. While some professionals know about the effects of removing 4.2 million death records from the DMF in in 2011, many members of the public are not aware of these changes. Therefore, when clients turn to us to check on death status, they may be confused when a death they are inquiring about is no longer captured in the DMF. Services such as Streamline Verify can only share information included in the public Death Master File – if a file has been removed by the SSA, it will no longer be captured in any search.