Don’t get audited to death.

The NTIS Final Rule requires rigorous auditing in order to be properly certified to screen the Death Master File. Luckily, we’ve done all that legwork for you.

As a client of Streamline Verify, you’ll check this compliance requirement off your list, minus the high audit costs, endless paperwork, or workflow disruption.

What is the DMF?

DMF stands for “Death Master File”. It’s an index of those who are deceased. This list includes names, SSNs, DOBs, and Dates of Deaths, and is used by corporations large and small to verify death.

UPDATED: The New Relevance of the Death Master File

Death Master File

The first COVID-related federal stimulus payments were sent in the spring of 2020. Unfortunately, payments were sent to millions of taxpayers who were deceased at the time of payment.

Not only did this draw attention to the process and data used to identify CARES Act stimulus recipients, it renewed attention on the shortcomings of the Social Security Administration Death Master File SSA (DMF or SSDMF).  With the recent stimulus checks being sent to millions and the potential for more disbursements in 2021, accuracy of the data used to distribute these funds is critical.

In June of 2020, the Government Accountability Office (GAO) issued a report which included data on the economic impact payments made under the CARES Act and reviewed the implementation of the stimulus roll out. The report revealed that while the IRS routinely uses the full DMF to detect and prevent fraudulent tax refund claims, for the stimulus roll-out these records were not used to stop stimulus payments to deceased individuals by the Treasury and its Bureau of Fiscal Services (BFS).  Why?

> First, because IRS legal counsel advised that the IRS did not have the legal authority to deny payments to those who filed a return in 2018 and 2019 even if they were deceased at the time of payment. Therefore, the DMF was not used to stop payments to decedents for the first 3 of the 4 payment batches (72 percent of the payments disbursed). As a result, according to the June 30, 2020 audit report issued by the Treasury Inspector General for Tax Administration, 1.151 million payments totaling $1.6 billion went to decedents.

> Second, the GAO report also noted that while the IRS has full access to the SSA Death Master List, Treasury and its Bureau of Fiscal Service (BFS) do not. They only have access to an abbreviated version. Forbes reports that “the abbreviated version of the DMF is only 60 percent complete”. After the legal interpretation about screening against the DMF was revised, the IRS provided the BFS with temporary access to the full DMF to screen out decedents for future payments.

CONGRESSIONAL INQUIRY INTO USE OF THE DMF

As a result of the erroneous payments to decedents last spring, a bipartisan group of lawmakers asked what access additional agencies have to SSA’s Death Master Files before sending out stimulus payments. The lawmaker group directed their questions the Treasury Department, IRS and the SSA. One question the group posed to the SSA was “Do Treasury and IRS utilize the (a) Death Master Files, (b) Full Death File, or (c) any other death database(s) to preview eligibility before sending out the CARES Act economic impact payments? The June 2020 GAO report provides the answer and proposed that Congress act to explicitly amend the Social Security Act to allow the Treasury Department access to the full DMF moving forward in order to prevent future payments to decedents and ineligible individuals.

WHAT IS THE DEATH MASTER FILE?

The Death Master File (DMF) is a comprehensive database maintained by the United States Social Security Administration (SSA) that contains records of individuals who have died and had a Social Security number at the time of their death. The DMF is an important tool for various organizations such as financial institutions, insurance companies, and government agencies, as it enables them to verify the death of an individual and prevent fraud or identity theft. The DMF includes basic information such as the deceased person’s name, Social Security number, date of birth, and date of death. While the DMF is primarily used for legitimate purposes, it has also been the subject of controversy due to concerns about identity theft and privacy violations. In recent years, the SSA has implemented various measures to restrict access to the DMF and prevent unauthorized use.

The Death Master File (DMF) is compiled by the SSA and distributed via the National Technical Information Service (NTIS). The DMF is also known as the United States Social Security Death Index (SSDI) and is searchable database. The DMF is derived from Social Security Administration’s database known as the Numident, (short for the Numerical Identification System), which is the SSA’s repository containing data on all SSDI deaths recorded since 1936.

A US Social Security Death Index search can yield the name, Social Security Number (SSN), date of birth, and date of death of deceased individuals dating back to 1936. The DMF contains over 83 million records of deaths of individuals who had SSNs. The death records are considered public under the Freedom of Information Act and in its current form has been searchable since 1980 for records back to 1962.

A common question is “How often is the Social Security Death Index updated?”  The SSDI is updated monthly and weekly. The updated version can be purchased from the Department of Commerce’s National Technical Information Service (NTIS) by public and private industries—government, financial, investigative, credit reporting, and healthcare institutions.

The Social Security Administration is responsible for the Death Master Files. One of the Social Security Office of the Inspector General’s key objectives is to improve the prevention, detection and recovery of improper payments due to SSN misuse.  The OIG’s audit work has resulted in recommendations to increase the effectiveness of the DMF to detect potential Social Security fraud and overpayments.   For example, in 2016 an OIG audit  found that certain personally identifiable information had been excluded from the DMF which resulted in deaths not being captured appropriately. The audit also revealed that over a 5-year period, 69,863 SSNs tied to $3.9 billion in income had name/SSN combinations that did not match SSA records. The OIG recommended that the SSA develop a methodology to incorporate the missing data to prevent the future misuse of SSNs.

While the publicly available DMF is not a complete current list of all deaths in the US, it remains the best source of death data available. There are multiple data sources including financial institutions, federal/state agencies, postal authorities, decedents’ families, health care organizations, and funeral homes. There can be a lag in reporting that affects the currency of the information available. The Social does not guarantee 100% accuracy of the DMF data so a Social Security Index search cannot be used to definitively validate that a person is alive.

COMMON NAMES FOR THE SSA DEATH MASTER FILE

While it is not uncommon for federal databases to be known by more than one name, the DMF has an unusually large number of other designations driven in part by the many industries who both contribute to and use the file. Some common names for the file include the following:

> SSADMF

> SSDMF

> SSNDMF

> SSDI

> LADMF

> Full DMF File

> Death Master Index

> Death Master File Social Security

> Master Death File

> Limited Access Death Master File

> Social Security Index

> Social Security Death Index

> Social Security Deaths List

> United States Social Security Death Index

> US Social Security Death Index

LEVELS OF ACCESS

In addition to the numerous designations used for the DMF, it is also important to know how access to the data differs. There are two versions of this file which offer different levels of access: the full DMF and the Limited Access Death Master File (LADMF).

Full DMF – Key facts:

  • The full file includes Death Records from both Numident  & death data received from the States.
  • The full DMF file is available only to certain Federal and State Agencies and is shared in accordance with Section 205(r) of the Social Security Act. Under Section 205 ( r) , the requesting agency must disclose and justify the legal authority for its request and also ensure that safeguards are in place to  protect the sensitive data of decedents contained in the full file.

Limited Access Death Master File (LADMF)- Key facts:

  • The LADMF contains only death records from Numident – not state death records.
  • This public file is distributed by the NTIS to certified subscribers (such as state/federal agencies who do not meet the criteria for access to the full DMF file as well as banks, credit companies and health care entities).
  • The primary purpose of the public file is to identify and prevent the use of a decedent’s identity for fraudulent purposes such as falsifying a job application or some financial deception.
  • The certification criteria can be found in the NTIS certification form.
  • Certified subscribers must associate the use of the list with an approved purpose which can include fraud detection and prevention or a specified business purpose.   According to NTIS, 

“Certified persons, also called Subscribers, must have a legitimate fraud prevention interest, or have a legitimate business purpose pursuant to a law, governmental rule, regulation, or fiduciary duty in order to be certified under the program.”

USES OF THE MASTER DEATH FILE IN HEALTH CARE

The DMF data is used by a multitude of industries and institutions.  However, for the healthcare insurers and institutions, the database is a particularly critical tool for medical research and potential identity fraud:

  • Medical researchers and hospitals track former patients for their studies and to obtain death information.
  • Healthcare compliance/fraud professionals validate provider information verify provider identity as it relates to state/federal government databases and registries.
  • Credentialing departments, as part of initial and ongoing screening of provider licensure rule out identity fraud. Using the credentials of a deceased provider to prescribe drugs, goods and/or services is an all-too-common fraud scheme.  
  • HR departments validate identity of potential employees prior to hire to ensure that excluded individuals or entities are not using false or stolen SSNs to obtain employment, as part of the background screening process. 
  • Identification of fraudulent insurance billing practices such as services by a deceased provider or services rendered to a deceased member.

USE OF THE MASTER DEATH FILE IN OTHER INDUSTRIES

Notwithstanding its significant limitations, the public DMF remains a valuable data source for preventing fraud and abuse in other industries as well. For example, a bank might check against the DMF to ensure that the SSN provided on a loan request wasn’t connected to a deceased person. Also, it is useful for government agencies, such as SSA and the Veterans Administration, to identify when benefit checks should cease.  

In the life insurance industry, there has been concern expressed because the SSA does not independently verify all reports of a death before including in the DMF, which may result in inaccuracies that can lead to both individuals as well as the life insurers who are issuing policies With state regulatory agencies combing the DMF data to identify instances in which life insurers have erred in not issuing funds to beneficiaries of those who have died, these inaccuracies can lead to false claims of insurers.

For companies such as Streamline Verify which offer its clients automated screening against state and federal exclusion lists, the DMF is a standard component of its work to rule out discrepancies with regard to employee, provider, vendor  and contractor identity found in the course of checking the various federal and state databases.  

A HISTORY OF CHANGES TO THE DMF

In the last 10 years, there have been some significant changes to the DMF both in access and usage.

2011: A significant change to the DMF occurred in 2011 which continues to have ramifications today. The federal government applied a drastic change to the way that it processed data on reported deaths in order to compile the public Death Master File. In November 2011 the SSA reviewed its obligations towards certain state records and announced that it had a statutory obligation to keep that information derived from state records confidential. As a result, SSA removed about 4.2 million existing death records because they were based on information from proscribed state records.

The reason is largely due to death data ownership.  States have long held (and Congress concurs) that states own the vital records of people who die within their boundaries. The sale of those records to the federal government is a source of revenue for states. However, the SSA interprets Section 205(r) of the Social Security Act as barring it from sharing the costs it pays for state data with other federal partners and the same law prohibits SSA from sharing state data with the private sector and most non-benefit-paying federal agencies. The change was unexpected and did not receive much publicity. It effectively resulted in the development of two versions of the DMF – the publicly available version and the complete version.

2014: NTIS  limited the access to the DMF to companies who are able to demonstrate sufficient infrastructure to protect the security of their data, including security systems, facilities and procedures. Companies that seek access to the DMF must submit a written attestation from an “Accredited Conformity Assessment Body” (ACAB) to that effect. The ACAB may conduct periodic audits to verify the continued security of the data.   Organizations must also be able to demonstrate a legitimate purpose pursuant to a law, government ruling, regulation or fiduciary duty. Companies granted access to the DMF are subject to penalties for unauthorized disclosures or use of the DMF, which can include a $1,000 fine per unauthorized disclosure to a non-certified person.

2021: With the enactment of the Consolidated Appropriations Act, 2021 (P.L. 116-260), Section 205(r) in January of 2021, SSA is now authorized to share its state-reported death data with the Treasury Department’s DNP portal. The SSA is required to do so for a period of three years beginning three years after enactment. Under this Act, SSA is authorized to use state-reported death data for certain verification purposes for outside entities, including verification systems for employers and state driver’s license agencies.

CONCLUSION

Specific to the 2020 coronavirus stimulus payments to deceased recipients, the IRS is now saying that the money needs to be returned. If the checks were sent by mail, they should be voided and mailed back to the IRS. If the payments were made via direct deposit, the taxpayer should write a check to the government and mail it in. Widows/Widowers who received joint payments have been advised to return the portion that applies to the deceased spouse. However, as noted in the June 2020 GAO Report, the IRS does not have a plan to take additional steps to notify ineligible recipients on how to return payments.

Despite its complex history and the challenges to its data sources, the pubic Death Master File remains the most accurate and reliable way to screen for death records – even with the reduced number of deaths reported. As state data expand as a share of SSA’s death data, the public file will include progressively fewer new death reports and become less useful as an anti-fraud or identity authentication tool or for the tracking of research subjects. 

Streamline Verify works to provide all legally available death records presented through the National Technical Information Service Death Master File with the highest possible degree of accuracy. While some professionals know about the effects of removing 4.2 million death records from the DMF in in 2011, many members of the public are not aware of these changes. Therefore, when clients turn to us to check on death status, they may be confused when a death they are inquiring about is no longer captured in the DMF. Services such as Streamline Verify can only share information included in the public Death Master File – if a file has been removed by the SSA, it will no longer be captured in any search.

New NTIS Guidelines Limit Access To the Death Master File

Symbol of internet security with binary character hand and padlock

The Importance of the Death Master File

Ghosting, or stealing the identity of a deceased individual is one of the oldest forms of identity theft. In the 1940s, Samuel Jones appropriated the identity of his deceased friend Wallace Ford, becoming an American Hollywood and Broadway star.  Don Draper, the main character in the TV series Mad Men, obtains his identity from a deceased superior officer during the Korean War.  Even Seymour Skinner, the grade-school principal in The Simpsons is a famous ghoster. Today, ghosting-related crimes, together with other forms of identity theft, cost leading government agencies, financial institutions, investigative firms, credit reporting organizations, medical researchers, hospitals, and other organizations, more than $50 billion every year.

The National Technical Information Services provides information and data services, and acts as the largest central repository for government-funded information, including the Death Master File (DMF), a master list put together in conjunction with the Social Security Administration, that includes the name, date of birth, SSN and date of death of individuals known to be deceased to the SSA. For hospitals and other medical institutions, having access to its more than 86 million records helps identify and prevent identity fraud from both patients and staff. Protecting itself from unscrupulous individuals is critical to organizations and institutions.

Access to the Death Master File is used by medical researchers, hospitals and medical treatment facilities to track former patients and study subjects, and to obtain death verification, by insurance companies to verify eligibility of benefits, and by financial institutions and insurance companies to avoid identity theft related damages.

The NTIS Final Rule

In a recent final ruling that replaces the interim final ruling enacted in March of 2014 calling for a restriction of access to the DMF, the NTIS has effectively limited the access to the DMF to companies who are able to demonstrate sufficient infrastructure to protect the security of their data, including security systems, facilities and procedures, and who receive documentation from an “Accredited Conformity Assessment Body” attesting to these safety measures. Organizations must also be able to demonstrate a legitimate purpose pursuant to a law, government ruling, regulation or fiduciary duty.

In order to be able to access the Death Master File under the new rule, institutions must now, submit themselves to a certification procedure. Unless an institution has been certified, the Act prohibits them from obtaining information during the three calendar year period following an individual’s death, also known as the Limited Access Death Master File. Furthermore, those who distribute the information to uncertified institutions or individuals are also liable to receiving penalties.

How can you become certified?

In order to become certified, organizations should complete the following steps:

  1. Review the sample certification and sample attestation forms to make sure they qualify to become certified.
  2. If the Accredited Conformity Assessment Body is owned, managed, or in any way controlled by the same institution or organization as the one being certified, an LADMF ACAB Firewall Status Application Form must also be submitted and the sample form reviewed.
  3. Pay the annual $1,575.00 LADMF Subscriber Certification Form processing fee. The fees are non refundable.
  4. Fill out and submit a LADMF Subscriber Certification Form. This application must be renewed yearly.
  5. Pay the $525.00 LADMF ACAB Systems Safeguards Attestation Form processing fee. Fee is payable every three years.
  6. Complete one of the following forms of attestation every three years:
    • Have an ACAB attest that the organization has systems, facilities, and procedures in place as required under Sec. 1110.102(a)(2) using the ACAB Systems Safeguards Attestation Form. The ACAB must complete the form, and submit it to [email protected].
    • If the organization is a state or local government department or agency, assessed by a State or Local Government Auditor General (AG) or Inspector General (IG) of the same state or local government as they are, the organization may have the AG or IG complete the State or Local AG or IG Systems Safeguards Attestation Form, and submit it to [email protected]. Both forms are available at https://dmfcert.ntis.gov.
    • Organizations wishing to have a firewalled in-house organization attest, must pay an additional $200.00 and fill out and submit the LADMF ACAB Firewall Status Application Form every three years.
  7. Submit the appropriate Subscriber Agreement or Subscriber Agreement Amendment, or the Non-Federal Licensee Agreement or Non-Federal Licensee Agreement Amendment.

All required forms and additional details about the certification process can be found at https://dmfcert.ntis.gov. Certifications must be renewed annually.

Once all forms are submitted to and accepted by the NTIS, and fees are paid, the certification process takes two weeks.

What happens if you don’t get certified?

Individuals found to obtain or disclose information from the Limited Access Death Master File without authorization, are liable to the United States Treasury for a penalty of $1,000 per offense. Unless the disclosure is determined to be intentional, penalties imposed to any one person during a calendar year shall not exceed $250,000.

Streamline Verify is already a certified subscriber of the LADMF. As our customer, you can enjoy access to our company’s LADMF Limited Access Death Master File subscription, rely on the accuracy of the information provided and prevent your organization from falling victim of the consequences of identity fraud, without having to become certified, therefore saving time and money.

Avoid Medicaid Recoupment: Verify Beneficiary Date of Death with the Death Master File

death master file
Crisis Concept. Money Flow in Black Hole extreme closeup

The CMS requires State Medicaid agencies to use the Social Security Administration’s Death Master File to screen and verify all providers. It should be noted that the CMS says its prudent for providers, CMO’s and state Medicaid agencies to use it to check for beneficiary deaths, as well. Florida didn’t use the Death Master File and, despite having systems and policies in place to identify deceased beneficiaries, still had trouble verifying a beneficiary’s date of death in time to stop managed care payments.

The State of Florida continued to make monthly payments to Medicaid managed care organizations for beneficiaries who had died, according to an audit report released by the Office of the Inspector General (OIG) .

Insurers and providers alike must learn from Florida’s experience and consider whether they have used all the tools available to them to verify date of death — especially the Death Master File. 

OIG’s Audit in Florida: Payments for Deceased Beneficiaries

The audit looked at a sample of records in which a managed care payment was made after a beneficiary’s date of death.

Florida Medicaid Management Information Systems

In a little over half of the cases sampled for the audit, payments were made even though the Florida Medicaid Management Information Systems (FMMIS) had a correct date of death. Either the date of death was not updated in time or the beneficiary was enrolled in managed care for that month despite having a date of death in the FFMIS. In the rest of the cases, Florida had conflicting or missing date of death information.

As a result of the OIG’s audit, Florida was required to recover over $26 million in payments from the managed care organizations and refund over $15 million to the federal government.

Challenges in Verifying the Date of Death

FMMISThe audit report stated that Florida had been using three data sources to learn about beneficiary deaths: the Florida Bureau of Vital Statistics, the Florida Department of Children and Families, and the Social Security Administration’s State Data Exchange (SDX) for SSI beneficiaries. The FMMIS has an algorithm that prioritizes conflicting data from these sources.

The problem? The FMMIS would leave the date of death blank until the inconsistency was resolved because the state didn’t want to incorrectly deny benefits. Without a reliable and timely way to resolve the inconsistencies, the state continued to make payments for beneficiaries who had died.

Using the Social Security Death Master File

One approach to timely resolution is to verify death data with the Social Security Administration Death Master File. The Death Master File includes the name, social security number, date of birth and date of death for anyone with a social security number who has died.

For the Florida audit, the OIG used the Death Master File to resolve inconsistencies they found. The U.S. Government Accountability Office said that states should use the Death Master File to check regularly for deceased beneficiaries. Organizations would be wise to take this recommendation and do regular checks before an audit is needed, avoiding payment recovery, a damaged reputation and loss of the public’s trust.

To use the Death Master File, your organization must be certified by the Social Security Administration. Alternatively, organizations can contract with a company to work with the Death Master File on their behalf. Streamline Verify already has the software needed to search the raw data files, keeping costs down for clients while ensuring quality. Learn more about Streamline Verify’s Death Master File search services.

Even careful organizations can run into trouble with verifying the date of death in time to prevent incorrect payments for services. The Death Master File is a good way to verify date of death and avoid Florida’s mistake.

Check out this great resource for all questions on the Florida OIG Exclusion List.

Why We’ve Added Death Master File to Our Repertoire

To save our clients from multi-million dollar settlements like this one.

social-security-death-master-fileThe Associated Press reports that a $4.5 million settlement has been reached with life insurers — great news for the states, but not such great news for the insurers who will be paying out that money.

The report (North Dakota to get $96,000 as part of multi-state settlements with life insurance companies) explains that life insurers were sued by various states for inappropriate use of the Social Security Administration’s Death Master File.  A related Valley News article notes,

“Life insurers have used the DMF for many years to search for and stop payments to annuity holders, but have not used the database to identify deceased life insurance policyholders to pay beneficiaries. Under the terms of the settlement, Guardian Life and Pacific Life will implement a number of business reforms to promptly identify when a policyholder has died and will use the DMF on a uniform and timely basis to search for deceased policyholders and make payments to their beneficiaries.”

Life insurers are now required to routinely search the Death Master File; and they’re not the only ones.  As lawmakers increase their focus on the Death Master File as an essential aspect of responsible compliance, more and more industries are adding regular death master file searches into their routines, adding an extra layer of protection in their compliance policies.

Learn More:  Death Master File FAQs and Resources  

How much does it cost to search the Death Master File (DMF)?

How much does it cost to search the Social Security Death Master File?  Here is a quick overview of your options.

How much does it cost to search the Death Master File (DMF)?

Some corporations conduct regular DMF searches as good compliance protocol; others are forced into it by newly enacted regulations.  But whatever the reason, the obvious first question for any corporation contemplating regular DMF searches is: How much will this cost?

If only the answer were as simple as the question.

A fast glance at the SSDMF website reveals a basic price list, but doesn’t really outline your options.  There is a list of pricing options for batch queries, but there is no mention made of large-scale searches that exceed the highest limit, nor is there comprehensive discussion of other, more cost-efficient options for those who must utilize the system on a grand scale.  The NTIS site is more revealing; but for those who want to cut to the chase without scrolling through all the fine print, here is the scoop in a nutshell.

Essentially, when it comes to DMF searches you have three options.

Option 1:  Batch or manual queries

This is the most elementary option.  Social Security Death Master File offers users the option of paying for a designated amount of queries, conducted by a specified number of users.  Utilizing this service is simple, in that users can simply export their data for automatic searches by the SSDMF.  The downside is that the process becomes prohibitively expensive for large scale users of the system, who can easily rack up a bill of hundreds of thousands of dollars by conducting regular queries against all of their members.

Furthermore, this option does NOT provide the user with access to the actual data within the Death Master File.  The query search simply checks for matches between the company data and SSDMF data; but company employees do not receive access to the complete Death Master File listing.

NTIS offers the option of purchasing the raw data contained in the DMF.  This is a one-time purchase that includes the complete DMF listing, consisting of more than 86 million records.  In addition to purchasing the Death Master File, users must also sign up to purchase regular updates of new listings, available in quarterly, monthly, or weekly updates.

This option is far more cost-effective for large-scale users, but ridiculously overwhelming for use on the small scale.  The downside to this option is that the raw data purchase does not include a method of searching. Buyers must prepare their own software applications in order to make use of the data.

A listing of products and pricing for DMF raw data may be accessed by clicking here.

Option 3: Third party vendor searches

Your final option is to subcontract with a third-party vendor.  Third party vendors typically purchase the raw data version of the DMF, and create a software program to go along with it.  Often, third party vendors can offer the best combination of cost-efficiency and convenience, by tailoring an automated query package to the client’s needs.

Want to know more?

Get a free consultation with no obligations attached.

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking

HEALTHCARE ESTABLISHMENTS NATIONWIDE COUNT ON STREAMLINE VERIFY

5

60%

Average workload reduction by implementing the Streamline Verify program

5

10K

Establishments trust Streamline Verify nationwide

5

2011

Serving the healthcare industry’s unique compliance needs since 2011

5

24X

Setting standards with hourly synchronization to primary source data