New NTIS Guidelines Limit Access To the Death Master File

New NTIS Guidelines Limit Access To the Death Master File

The Importance of the Death Master File

Ghosting, or stealing the identity of a deceased individual is one of the oldest forms of identity theft. In the 1940s, Samuel Jones appropriated the identity of his deceased friend Wallace Ford, becoming an American Hollywood and Broadway star.  Don Draper, the main character in the TV series Mad Men, obtains his identity from a deceased superior officer during the Korean War.  Even Seymour Skinner, the grade-school principal in The Simpsons is a famous ghoster. Today, ghosting-related crimes, together with other forms of identity theft, cost leading government agencies, financial institutions, investigative firms, credit reporting organizations, medical researchers, hospitals, and other organizations, more than $50 billion every year.

The National Technical Information Services provides information and data services, and acts as the largest central repository for government-funded information, including the Death Master File (DMF), a master list put together in conjunction with the Social Security Administration, that includes the name, date of birth, SSN and date of death of individuals known to be deceased to the SSA. For hospitals and other medical institutions, having access to its more than 86 million records helps identify and prevent identity fraud from both patients and staff. Protecting itself from unscrupulous individuals is critical to organizations and institutions.

Access to the Death Master File is used by medical researchers, hospitals and medical treatment facilities to track former patients and study subjects, and to obtain death verification, by insurance companies to verify eligibility of benefits, and by financial institutions and insurance companies to avoid identity theft related damages.

The NTIS Final Rule

In a recent final ruling that replaces the interim final ruling enacted in March of 2014 calling for a restriction of access to the DMF, the NTIS has effectively limited the access to the DMF to companies who are able to demonstrate sufficient infrastructure to protect the security of their data, including security systems, facilities and procedures, and who receive documentation from an “Accredited Conformity Assessment Body” attesting to these safety measures. Organizations must also be able to demonstrate a legitimate purpose pursuant to a law, government ruling, regulation or fiduciary duty.

In order to be able to access the Death Master File under the new rule, institutions must now, submit themselves to a certification procedure. Unless an institution has been certified, the Act prohibits them from obtaining information during the three calendar year period following an individual’s death, also known as the Limited Access Death Master File. Furthermore, those who distribute the information to uncertified institutions or individuals are also liable to receiving penalties.

How can you become certified?

In order to become certified, organizations should complete the following steps:

  1. Review the sample certification and sample attestation forms to make sure they qualify to become certified.
  2. If the Accredited Conformity Assessment Body is owned, managed, or in any way controlled by the same institution or organization as the one being certified, an LADMF ACAB Firewall Status Application Form must also be submitted and the sample form reviewed.
  3. Pay the annual $1,575.00 LADMF Subscriber Certification Form processing fee. The fees are non refundable.
  4. Fill out and submit a LADMF Subscriber Certification Form. This application must be renewed yearly.
  5. Pay the $525.00 LADMF ACAB Systems Safeguards Attestation Form processing fee. Fee is payable every three years.
  6. Complete one of the following forms of attestation every three years:
    • Have an ACAB attest that the organization has systems, facilities, and procedures in place as required under Sec. 1110.102(a)(2) using the ACAB Systems Safeguards Attestation Form. The ACAB must complete the form, and submit it to dmfcert@ntis.gov.
    • If the organization is a state or local government department or agency, assessed by a State or Local Government Auditor General (AG) or Inspector General (IG) of the same state or local government as they are, the organization may have the AG or IG complete the State or Local AG or IG Systems Safeguards Attestation Form, and submit it to dmfcert@ntis.gov. Both forms are available at https://dmfcert.ntis.gov.
    • Organizations wishing to have a firewalled in-house organization attest, must pay an additional $200.00 and fill out and submit the LADMF ACAB Firewall Status Application Form every three years.
  7. Submit the appropriate Subscriber Agreement or Subscriber Agreement Amendment, or the Non-Federal Licensee Agreement or Non-Federal Licensee Agreement Amendment.

All required forms and additional details about the certification process can be found at https://dmfcert.ntis.gov. Certifications must be renewed annually.

Once all forms are submitted to and accepted by the NTIS, and fees are paid, the certification process takes two weeks.

What happens if you don’t get certified?

Individuals found to obtain or disclose information from the Limited Access Death Master File without authorization, are liable to the United States Treasury for a penalty of $1,000 per offense. Unless the disclosure is determined to be intentional, penalties imposed to any one person during a calendar year shall not exceed $250,000.

Streamline Verify is already a certified subscriber of the LADMF. As our customer, you can enjoy access to the records, rely on the accuracy of the information provided and prevent your organization from falling victim of the consequences of identity fraud, without having to become certified, therefore saving time and money.

About Frank Strafford