This is the accessible text file for GAO report number GAO-14-46 entitled 'Social Security Death Data: Additional Action Needed to Address Data Errors and Federal Agency Access' which was released on December 27, 2013. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: November 2013: Social Security Death Data: Additional Action Needed to Address Data Errors and Federal Agency Access: GAO-14-46: GAO Highlights: Highlights of GAO-14-46, a report to congressional requesters. Why GAO Did This Study: As the steward of taxpayer dollars, the federal government must guard against improper payments. Federal agencies may avoid paying deceased beneficiaries by matching their payment data with death data SSA maintains and shares. In addition, recent legislation has established additional requirements for federal agencies to use death data to prevent improper payments. However, the SSA Office of Inspector General has identified inaccuracies in SSA’s death data, which could diminish its usefulness to federal agencies. GAO was asked to examine SSA’s death data. This report explores (1) how SSA obtains death reports and steps it takes to ensure death reports are accurate; and (2) factors affecting federal agency access to SSA’s death data. In addressing these objectives, GAO interviewed SSA officials and representatives of entities reporting or using the death data. GAO reviewed applicable federal laws, SSA procedures, and reports. GAO also performed independent testing of SSA’s death data for certain errors. What GAO Found: The Social Security Administration (SSA) receives death reports from multiple sources, including state vital records agencies (states), family members, and other federal agencies to create its set of death records. In accordance with the Social Security Act (Act), SSA shares its full set of death data with certain agencies that pay federally- funded benefits, for the purpose of ensuring the accuracy of those payments. For other users of SSA’s death data, SSA extracts a subset of records into a file called the Death Master File (DMF), which, to comply with the Act, excludes state-reported death data. SSA makes the DMF available via the Department of Commerce’s National Technical Information Service, from which any member of the public can purchase DMF data. Certain procedures that SSA uses for collecting, verifying, and maintaining death reports could result in erroneous or untimely death information. For example, SSA does not independently verify all reports before including them in its death records. In accordance with its policy, the agency only verifies death reports for Social Security beneficiaries in order to stop benefit payments, and then, verifies only those reports from sources it considers less accurate, such as other federal agencies. GAO identified instances where this approach led to inaccurate data. For example, GAO’s analysis of a sample of death records SSA erroneously included in its death data found that these errors may not have occurred if SSA had verified them. In other cases, when data provided do not match SSA’s records, SSA typically does not record these deaths. According to federal internal control standards, agencies should conduct risk assessments of factors impeding their ability to achieve program objectives, such as data errors that could result in improper benefit payments. Agency officials told us SSA has not performed such risk assessments, but has initiated work on a full redesign of its death processing system. SSA lacks written guidelines other than the language in the Act for determining whether agencies are eligible under the Act to access the full death file, and it does not share with agencies how it determines the reasonable cost of sharing the data, which recipients of the full file are required to reimburse SSA. Because SSA has not developed or shared guidance on how it determines agency eligibility, this could create confusion among potential recipients regarding eligibility. Ensuring appropriate access is important because the DMF contains about 10 percent fewer records than the full death file, and officials expect that difference to increase over time. Additionally, there is a lack of transparency of cost information about the amounts recipients expect to pay. As a result of not knowing the factors that lead to the reimbursement amounts, agencies may not have sufficient information to make informed decisions. We found that SSA provided differing estimates for agencies’ reimbursement amounts. Some variation is due to legal requirements and a quid pro quo arrangement. For example, one agency does not reimburse SSA for the cost of providing the death data because it provides SSA with its own data, and the agencies have agreed that the expenses involved in the exchanges are reciprocal. However, for some agencies this variation could not fully be explained by the frequency with which they expected to receive the data. For example, two agencies expected to pay similar reimbursement amounts in 2013 despite expecting to receive the file at different frequencies. What GAO Recommends: GAO recommends that SSA assess risks associated with inaccuracies; develop and publicize guidance it will use to determine agency access under the Act; and share detailed reimbursement estimates. SSA partially agreed with the recommendations to assess risks and share detailed reimbursement estimates, but did not agree to develop and publicize guidance, stating that each request is unique. GAO believes that the recommendation remains valid as discussed in the report. View [hyperlink, http://www.gao.gov/products/GAO-14-46]. For more information, contact Dan Bertoni at (202) 512-7215 or bertonid@gao.gov. [End of section] Contents: Letter: Background: SSA Receives Death Reports from a Number of Sources, but Its Procedures for Handling Them Allow for Erroneous, Incomplete, and Delayed Death Information: Access to Death Data Varies and SSA Lacks Transparency in Communicating How it Determines Agency Eligibility and Reimbursement Costs: Conclusions: Recommendations for Executive Action: Agency Comments and our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: Comments from the Social Security Administration: Appendix III: GAO Contact and Staff Acknowledgments: Related GAO Products: Table: Table 1: Projected Reimbursement Amounts for Federal Agencies Receiving SSA's Full Death Data: Figures: Figure 1: Social Security Administration (SSA) Processing of Death Reports: Figure 2: Social Security Administration (SSA) Death Report Verification Procedures: Figure 3: Distribution of Social Security Administration (SSA) Death Information: Abbreviations: CMS: Centers for Medicare & Medicaid Services: DACUS: Death Alert Control and Update System: DMDC: Defense Manpower Data Center: DMF: Death Master File: EDRS: Electronic Death Registration System: IRS: Internal Revenue Service: NTIS: National Technical Information Service: Numident: Numerical Index File: OIG: Office of Inspector General: OMB: Office of Management and Budget: OPM: Office of Personnel Management: PBGC: Pension Benefit Guaranty Corporation: RRB: Railroad Retirement Board: SSA: Social Security Administration: SSN: Social Security Number: USDA: U.S. Department of Agriculture: VA: Department of Veterans Affairs: [End of section] GAO: United States Government Accountability Office: 441 G St. N.W. Washington, DC 20548: November 27, 2013: Congressional Requesters: The Social Security Administration (SSA) maintains death data-- including names, Social Security Numbers (SSN), dates of birth, and dates of death--for approximately 98 million deceased SSN-holders. Federal benefit-paying agencies generally can access this information and match it against data in their files to alert them to deceased benefit recipients, and therefore help identify and prevent improper payments. As the steward of taxpayer dollars, the federal government must guard against improper payments. Yet for fiscal year 2012, the Office of Management and Budget (OMB) reported federal agency improper payment estimates totaling almost $108 billion.[Footnote 1] For example, the Office of Personnel Management (OPM) improperly paid over $500,000 in retirement benefits to a deceased beneficiary's son over the course of 37 years, believing the beneficiary was still alive and receiving the payments himself.[Footnote 2] Despite the potential usefulness of SSA's death information, the SSA Office of Inspector General (OIG) and others have identified inaccuracies in the data. For example, in 2012 SSA's OIG reported that 1.2 million deceased Social Security beneficiaries were not included in SSA's death data.[Footnote 3] Such inaccuracies could adversely affect the usefulness of SSA's death information in helping agencies combat improper payments. You asked us to review issues related to SSA's death information, including its accuracy and usefulness to federal agencies. This report examines (1) how SSA obtains death reports for inclusion in the death data it maintains and steps it takes to ensure these reports are accurate; and (2) the factors affecting federal agency access to SSA's death data. To address these objectives, we reviewed applicable federal laws and SSA procedures, as well as relevant reports and evaluations. We interviewed SSA officials about how SSA obtains and processes death reports and maintains its death information. We also interviewed representatives of entities that provide death reports to SSA. We assessed SSA's processes for obtaining, processing, and sharing death information against standard criteria, such as Standards for Internal Control in the Federal Government.[Footnote 4] We performed independent testing of SSA's death data to identify specific types of errors, such as dates of birth that followed dates of death. We also reviewed a randomly selected but non-generalizable sample of 46 cases that SSA had removed from the death information to identify potential explanations for that action. Finally, we interviewed officials at other federal agencies that use SSA's death information about how they access it. Appendix I describes our scope and methodology in more detail. We conducted this performance audit from November 2012 through November 2013 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background: SSA's primary mission is to pay benefits under its Old-Age, Survivors, and Disability Insurance and Supplemental Security Income programs, in accordance with Titles II and XVI of the Social Security Act of 1935 (the Act), as amended.[Footnote 5] In addition, SSA issues the Social Security Number (SSN)--a unique identifier assigned to each person through a process known as "enumeration"--as a way of tracking individuals' work activities and the benefits paid to retired workers and eligible family members. In order to properly administer payments, SSA also tracks death information of SSN-holders. SSA issues SSNs and uses them to administer its programs, including tracking U.S. workers' earnings in order to determine the types and amounts of benefits individuals may be eligible for.[Footnote 6] As a result, SSA has also historically collected death information about SSN-holders so it does not pay Social Security benefits to deceased individuals and to establish benefits for survivors. The 57 vital records jurisdictions--the 50 states, New York City, the District of Columbia, and five territories--are responsible for registering deaths.[Footnote 7] Fifty-three of these jurisdictions, along with a number of other parties, provide SSA with decedents' names, dates of death, dates of birth, and SSNs. SSA receives state death data under contracts with the 50 states, New York City, the District of Columbia, and Puerto Rico.[Footnote 8] When SSA receives a report of death it matches that information against corresponding information in its databases, verifies the information for certain cases, and records the individual as deceased. Various entities, including federal agencies, can obtain SSA's death data. The complete file, which we refer to as "SSA's full death file," [Footnote 9] is available to certain eligible entities. A subset of the full death file, which SSA calls "the Death Master File (DMF)," is available to the public. The Social Security Act requires that SSA share its full death file, to the extent feasible, with agencies that provide federally funded benefits (for the purposes of this report, we refer to these as "benefit-paying agencies"), provided the arrangement meets statutory requirements.[Footnote 10] However, SSA may not include death data received from states in the DMF, which can be accessed publicly.[Footnote 11] Agencies may use the data to determine if individuals receiving benefits under their respective programs are deceased, and thus no longer entitled to those benefits. GAO has noted the value of using this information for guarding against improper payments. For example, in a June 2013 report, we recommended that the U.S. Department of Agriculture (USDA) match its payment records against SSA's full death file to prevent improper payments to deceased farmers.[Footnote 12] Given the focus on guarding against improper payments, there has been new emphasis on how agencies access critical data, such as death records, while maintaining the security of sensitive information such as SSNs. The Improper Payments Elimination and Recovery Improvement Act of 2012 established the Do Not Pay Initiative and requires federal agencies to review a number of databases, as appropriate, including the DMF, to verify eligibility prior to making payments with federal funds.[Footnote 13] A component within the U.S. Department of Treasury (Treasury) administers the Do Not Pay Business Center, which operates the centralized portal through which agencies can verify individuals' eligibility to receive payments. Recent legislative proposals have also sought to encourage federal agencies to use SSA's death information. For example, a Senate bill introduced in July 2013 would provide for federal agency access to the full death file for specified purposes, such as ensuring authorized payments and facilitating other agency functions, including public health or safety, law enforcement, tax administration, health administration oversight, and debt collection, as determined appropriate by the SSA Commissioner. [Footnote 14] At the same time, other proposals have sought to limit public access to SSA's death data. For example, proposed legislation introduced in the House in July 2013 seeks to deter identity theft and tax fraud by limiting public access to the DMF, according to the bill's sponsor.[Footnote 15] The current administration has also advanced a proposal that includes critical elements of both legislative proposals, and SSA officials have publicly supported their central provisions. SSA Receives Death Reports from a Number of Sources, but Its Procedures for Handling Them Allow for Erroneous, Incomplete, and Delayed Death Information: SSA Receives Death Reports From Multiple Sources to Create Its Set of Death Records: SSA receives death reports from a variety of sources, including states, family members, funeral directors, post offices, financial institutions, and other federal agencies.[Footnote 16] According to agency officials, SSA received about 7 million death reports in 2012. [Footnote 17] However, except for reports submitted by states, it does not collect data identifying how many reports come from each source. [Footnote 18] Officials also said nearly all death reports are received within 30 days of the date of death. Because of states' custodial role in collecting and maintaining death records, SSA considers states to be a critical partner in its collection of death information. Thirty-four states, the District of Columbia, and New York City submit their death reports through an Electronic Death Registration System (EDRS), which automates the electronic registering and processing of death reports in order to improve timeliness and accuracy. SSA considers reports submitted by states through EDRS to be the most accurate because these systems are used by most states to verify the name and SSN of the decedent with SSA databases before the report is submitted to SSA. To get death reports from the states, SSA has established contracts that set forth a payment structure to compensate states for the reasonable costs of providing these records, in accordance with the Social Security Act. [Footnote 19] Payments are higher for reports submitted via EDRS and pre-verified with SSA databases, and those that are submitted relatively soon after decedents' deaths. For example, for calendar year 2013, SSA paid $2.93 for each EDRS report that was pre-verified and submitted to SSA within 6 days of the date of death, compared to $0.82 for non-EDRS reports submitted within 120 days of the date of death. Because of the time saved through automated transmission of data and the use of pre-verification to ensure accuracy, SSA has encouraged the expanded use of EDRS. The contracts with the states provide that SSA will not share this information, except as authorized by federal law and section 205(r) of the Act. Some states and other sources provide death information voluntarily to SSA through methods other than EDRS. For example, funeral directors routinely submit a form that includes the decedent's full name and SSN, as provided by the decedent's family. In addition, family members often contact SSA field offices directly to report a death. SSA considers reports from families and funeral directors generally to be accurate because those sources have first-hand knowledge of the death and the decedent's identity. SSA views death reports from post offices, financial institutions, and other government agencies generally to be less accurate because SSA does not consider these sources to have first-hand knowledge of the death.[Footnote 20] Generally, death reports SSA receives--including name, SSN, date of birth, and date of death--are processed through its Death Alert Control and Update System (DACUS) (see figure 1).[Footnote 21] Among other purposes, DACUS is intended to ensure that death information is correctly recorded in other SSA records so payments to deceased beneficiaries can be stopped. As shown in figure 1, death reports from some sources are sent to DACUS directly, while reports from other sources are entered into DACUS by field office staff. Figure 1: Social Security Administration (SSA) Processing of Death Reports: [Refer to PDF for image: process illustration] SSA receives death information: Sources: EDRS states: Online verification system: SSA front-end processing: Death Alert, Control and Update System (DACUS). Non-EDRS states: SSA front-end processing: Death Alert, Control and Update System (DACUS). VA: SSA front-end processing: Death Alert, Control and Update System (DACUS). [End of figure] Families; Financial Institutions, Funeral directors; Post offices: Field offices: Death Alert, Control and Update System (DACUS). CMS: Death Alert, Control and Update System (DACUS). SSA claim systems: Death Alert, Control and Update System (DACUS). SSA matches and verifies death reports: Death Alert, Control and Update System (DACUS): Matches with social security benefit payment system; Matches with Numident: * No match: Additional checks; * No match: Death report not processed; * Verified: Death records in Numident; * Not verified[A]: Death records in Numident. SSA records and shares death information: Death records in Numident: * Full file: Federal benefit paying agencies; * DMF (public file): NTIS. EDRS: Electronic Death Registration System; VA: Department of Veterans Affairs; CMS: Centers for Medicare & Medicaid Services; DMF: Death Master File; NTIS: National Technical Information Service. Source: GAO analysis of SSA data. [A] See figure 2 for a description of reports that are not verified and those that are verified by SSA. Note: In addition to use by federal benefit-paying agencies, the full death file may be available for certain additional purposes under 42 U.S.C. § 405(r); however, those purposes were beyond the scope of this report. [End of figure] DACUS matches the information in the death reports with SSA's benefit payment systems to determine if the decedents are currently receiving Social Security program benefits (i.e. whether they are program beneficiaries).[Footnote 22] It then matches the information to SSA's database of all SSN-holders, known as the Numerical Index File (Numident).[Footnote 23] Information in death reports from certain sources (see figure 2) is also verified by field office staff. If the name, date of birth, gender and SSN all match a record on the Numident, SSA marks that record with a death indicator. The Numident is updated with death information on a daily basis. Numident records with new death indicators are then extracted for inclusion in the death data file also on a daily basis. SSA does not track how long it takes from the time it receives a death report until the death is recorded in the Numident. SSA Verifies Only Certain Death Reports Before Including Them in Its Death Records, and Does Not Include Others: SSA does not independently verify all death reports it receives. In accordance with policy, the agency only verifies death reports for Social Security beneficiaries, and then verifies only those reports from sources it considers less accurate. For example, SSA only verifies death reports for persons currently receiving Social Security retirement or disability benefits because, according to agency officials, it is essential to SSA's core mission to stop payments to deceased Social Security beneficiaries. As a result, death reports for non-beneficiaries are not verified. Officials told us it would be difficult to verify death reports for individuals who do not receive Social Security benefits because SSA would not likely have current contact information for these individuals or their family members. As shown in figure 2, SSA verifies death reports of Social Security beneficiaries received from other federal agencies; third parties that learn about the death, such as post offices and financial institutions; and states that do not submit reports via EDRS. SSA considers these sources to be less accurate because they do not have first-hand knowledge of the death and, unlike states using EDRS, do not perform any verification before submitting the death report to SSA. To verify reports, SSA field office staff typically contact families or other parties with first-hand knowledge of the death to confirm the fact and date of death and confirm the decedent's SSN. Figure 2: Social Security Administration (SSA) Death Report Verification Procedures: [Refer to PDF for image: process illustration] Social Security Program Beneficiary? No: Not verified by SSA staff; Yes: * Source of death report: Financial institutions; Post offices; CMS; Department of Veterans Affairs; Non-EDRS State vital record agencies: Verified by SSA staff. * Source of death report: Families; Funeral directors; EDRS State vital record agencies: Not verified by SSA staff. CMS — Centers for Medicare and Medicaid Services; EDRS — Electronic Death Registration System Source: GAO analysis of SSA data. [End of figure] SSA does not verify death reports submitted by families, funeral directors, or states using EDRS. According to SSA officials, families and funeral directors have first-hand knowledge of decedents' identities and deaths, and the information in death reports submitted through EDRS is typically already verified with SSA databases. They also noted, for example, that SSA would very quickly find out about an erroneous report because, if that beneficiary were still alive, he or she would quickly contact SSA once benefit payments stopped. SSA does not track the proportion of death reports it verifies or how long verifications take. Moreover, according to agency officials, SSA has never performed an analysis validating the accuracy of the various sources of death reports, but instead has based its decisions about which ones to verify on general experience over time. For example, officials told us that for death reports submitted by family members, general experience over many years has shown that a large portion of these reports are accurate. Some death reports, including those that SSA cannot match with a Numident record, are not included in SSA's death data. Agency officials told us that staff conduct some follow-up steps to see if they can match the information in these reports with other agency records, but if these efforts are unsuccessful, the reports are not included.[Footnote 24] SSA also does not attempt to follow up with the source of these reports. According to agency officials, it is unlikely the sources would know any additional information beyond what they already provided. Moreover, a subsequent death report for the same individual may arrive from another source.[Footnote 25] They also added that federal privacy laws may prevent SSA from providing identifying information on the decedent because the individual's living status is unclear. SSA does not track these cases, so officials were unable to tell us how often this occurs. There are also some deaths that SSA cannot reasonably be expected to include in its death information. These include deaths not reported to SSA because the identity of the decedent cannot be established or a body has not been recovered. While improper benefit payments to these individuals may occur, it would not be appropriate to attribute them to lack of a record in SSA's death data. After receiving death reports and updating the Numident with death information, SSA makes the information available, in the appropriate form, to federal agencies and other parties (see Fig. 3). Figure 3: Distribution of Social Security Administration (SSA) Death Information: [Refer to PDF for image: illustration] Death records in Numident: Full death file (over 98 million records): Contains deaths as reported by: * States; * Family members; * Financial institutions; * Post offices; * Funeral directors; CMS and VA. Federal benefit paying agencies with an agreement with SSA. DMF (over 87 million records): Contains deaths as reported by: * Family members; * Financial institutions; * Post offices; * Funeral directors; * CMS and VA. NTIS: Examples of users: * Individual members of the public; * Other federal agencies; * State government agencies; * Financial institutions; * Life insurance companies; * Credit reporting organizations; * Medical researchers; * Investigative firms; * Law enforcement. CMS: Centers for Medicare & Medicaid Services; VA: Department of Veterans Affairs; DMF: Death Master File; NTIS: National Technical Information Service. Source: GAO analysis of SSA data. Note: In addition to use by federal benefit-paying agencies, the full death file may be available for certain additional purposes under 42 U.S.C. § 405(r); however, those purposes were beyond the scope of this report. [End of figure] SSA provides the full death file, containing over 98 million records, directly to federal benefit-paying agencies that have an agreement with SSA for use in preventing improper payments to deceased beneficiaries or program participants. SSA also extracts Numident death records that are reported by non-state sources to create the DMF, which contains over 87 million records. SSA makes the DMF available publicly via the Department of Commerce's National Technical Information Service (NTIS), from which any interested party or member of the public--including other federal agencies--can make a one-time purchase, subscribe for periodic updates, or subscribe to an on-line query service. For example, financial institutions or firms conducting background investigations can purchase the DMF from NTIS and subscribe to receive monthly or weekly updates. SSA does not guarantee the completeness or accuracy of its death data, stating that SSA does not have a death record for all deceased individuals. SSA also informs users of its death data that all deaths should be verified before any action, such as stopping benefits, is taken. SSA's Verification and Other Procedures Do Not Ensure Accurate, Complete, or Timely Death Data For Federal Users: SSA's methods for processing death reports may result in inaccurate, incomplete, or untimely information for users of its death data. Consequently, this could lead to improper payments if benefit-paying agencies rely on this data. The specific procedures include (1) verifying a limited portion of death reports, (2) not including death reports that do not match with the Numident file, and (3) not performing additional reviews of reports of deaths that occurred years or decades in the past. Because SSA does not verify death reports from sources it considers most accurate, the agency risks having erroneous information in its death data, such as including living individuals or not including deceased individuals. Analysis we performed on records in the full death file that were erroneously included showed that most of these errors would not have occurred if SSA had verified the death reports when it received them. We identified nearly 8,200 deaths SSA deleted from its death data between February 2012 and January 2013. These data reflect cases where a death report matched a record in the Numident and SSA marked, then later removed, a death indicator for that record. SSA officials told us this could occur because the decedent turned out to be alive or was misidentified as another individual, or as a result of data entry errors. We drew a random but non-generalizable sample of 46 cases from this group and asked SSA to search its records to see if it could determine the reasons for deleting them from its death data. In 28 of these cases, SSA was able to identify a reason for deletion. [Footnote 26] Of these, 12 were false death reports filed while the reported decedent was still alive, and 4 involved decedents for whom identifying information--such as SSNs--of other people was mistakenly included in the death reports. Separately, SSA was also able to determine that 13 of the 46 cases were reported by either family members or funeral directors--sources SSA considers more accurate and from which it does not verify death reports.[Footnote 27] Nine of the 46 cases involved non-beneficiaries, which are also not verified. [Footnote 28] Another SSA practice--not contacting the source of a death report that does not match a Numident record--poses a risk to the data's completeness. As described earlier, if SSA staff cannot match a death report to a corresponding Numident record, they do not contact the source that submitted the report or undertake any other outside investigation to resolve the discrepancy. SSA's OIG has found that these omissions are substantial. In one case, data for about 182,000 deceased Supplemental Security Income recipients were not included in SSA's death data. In another, it found that as many as 1.2 million deceased Old Age and Survivors Insurance beneficiaries were not included in the death data. The OIG determined that these gaps occurred because SSA could not match the identifying information for these individuals included in the death reports or other SSA records with Numident records. Therefore, no death indicator was added to the Numident records. Samples of the cases drawn for the OIG's reviews showed that these individuals had been deceased for an average of nearly 17 years.[Footnote 29] As a result of this practice, other federal benefit-paying agencies relying on these data could make improper benefit payments. Finally, we also identified cases in which death reports submitted to SSA in early 2013 listed dates of death that were more than a year old. Specifically, we found about 500 records in which the date of death recorded had occurred in 2011 or earlier; in about 200 of these, the date of death was recorded to be 10 or more years before SSA received the death report. For example, in 11 of the cases, the date of death was in 1976; in another 11, the date was 2004. This is of concern because, if these dates of death are accurate, SSA and other agencies may have been at risk of paying benefits to these individuals for long periods after they died.[Footnote 30] SSA officials were not able to explain with certainty why this was occurring, but suggested some cases might be the result of data entry errors, and in others, deaths of non-beneficiaries may not be reported to SSA until spouses or families become eligible for survivor's benefits.[Footnote 31] They informed us that SSA payment systems would identify benefit payments the agency made after these deaths occurred. When these reports are sent to field offices for verification or other development, they added, it could take an extended period of time to complete because the contact information for someone who died years ago may not be available. We found other instances of potentially erroneous information in the death data that raise questions about its accuracy and usefulness. These included: * 130 records where the recorded date of death was before the date of birth; * 1,941 records where the recorded age at death was between 115 and 195; and: * 1,826 records where the recorded death preceded 1936, the year SSN's were first issued, although these decedents had SSNs assigned to them. Agency officials told us SSA has never investigated how these errors occurred or whether they may affect payments to Social Security and other federal program beneficiaries. They did not think these types of errors would have resulted in improper benefit payments because they involved persons recorded as deceased. SSA officials said some of these anomalies were likely associated with records added prior to the mid-1970's that were manually processed. For example, SSA staff could have incorrectly keyed in a date of birth that occurred after the reported date of death. Officials added that SSA has undertaken or will soon undertake several initiatives aimed at correcting these types of errors and preventing them in the future. Among those they said have already been implemented are the following: * SSA is using an edit check to identify records showing a date of birth that occurs after a date of death and taking corrective action before the report is processed further. SSA, however, has not decided whether to make corrections to these dates in records processed before the check was implemented. * In December 2012, SSA identified cases and terminated benefits for individuals over 115 years old whose Numident record showed they were deceased and who had their benefits suspended or were entitled only to Medicare benefits. SSA plans to repeat this match for fiscal year 2013. SSA officials told us that, as a result of this initiative, the agency corrected about 17,000 cases to reflect terminated benefits due to death. * In June 2013, SSA began making monthly comparisons of Numident records containing death information with its Title II and Title XVI payment records. It is sending alerts to field offices to resolve cases showing individuals who are receiving or scheduled to receive benefits in the near future even though they are listed as deceased. SSA officials told us, as a result of the initiative, the agency corrected about 14,500 payment records to reflect suspended or terminated payment status due to death. * In September, 2013, SSA began a data exchange with CMS to identify beneficiaries ages 90 to 99 who are still receiving Title II benefits but have not used Medicare for 3 years or more and have no other insurance or nursing home information in their records. Agency officials stated that they identified and referred to SSA regional offices for action about 18,600 cases. SSA also plans to introduce a computer code that can be used to terminate benefits for certain Title II beneficiaries who are 115 or older, whose benefits have been continuously suspended for 7 or more years, and for whom SSA does not have a death record. SSA officials informed us that the agency has not conducted a risk assessment to determine the impact of erroneous, incomplete, or untimely death information on SSA's ability to prevent improper benefit payments. According to federal internal control standards, federal agencies should conduct risk assessments of both internal and external factors that may impact their ability to achieve program objectives, and implement appropriate control activities in response. [Footnote 32] More specifically, these standards note that agency management should pursue a comprehensive identification of possible risks, put in place mechanisms to identify risks posed by external and internal factors, and undertake a thorough and complete analysis of the possible effect of the risks identified. The standards specifically include consideration of the potential for improper use of funds--which would encompass improper benefit payments. Agency officials told us they believe errors in the death data likely represent a small fraction of all death reports, leading to a relatively small number of improper payments. Agency officials did note that SSA has initiated efforts to address errors identified by the SSA OIG,[Footnote 33] and enhance the accuracy of its death information by fully redesigning how it processes death reports and compiles the data for dissemination. They also indicated that a risk assessment of the impact of death data errors may be conducted as part of the initiative but were unsure. Based on the description of the redesign project SSA staff provided us, we anticipate it will fill some of the gaps we identified in how SSA monitors its death reporting process, such as tracking the proportion of death reports that come from various sources and that SSA verifies. Access to Death Data Varies and SSA Lacks Transparency in Communicating How it Determines Agency Eligibility and Reimbursement Costs: SSA Lacks Written Guidance on Its Process for Determining Agency Access to Full Death Data: The Social Security Act requires SSA to share its full death file, to the extent feasible, with federal benefit-paying agencies for the purpose of preventing improper payments, if the agency reimburses SSA for its reasonable costs and the arrangement does not conflict with SSA's duties with respect to state data.[Footnote 34] However, SSA has no guidance on its process for determining an agency's eligibility. As of September 2013, seven federal benefit-paying agencies obtained SSA's full set of death information including the information reported by states, directly from SSA: [Footnote 35] * Centers for Medicare & Medicaid Services (CMS)[Footnote 36] * Department of Defense (Defense Manpower Data Center--DMDC): * Department of Veterans Affairs (VA): * Internal Revenue Service (IRS): * Office of Personnel Management (OPM): * Pension Benefit Guaranty Corporation (PBGC): * Railroad Retirement Board (RRB): According to SSA officials, agencies receiving access to the full death file must make a formal request and have agreements in place with SSA that outline the circumstances of each data-sharing arrangement. In order to determine whether they are eligible to receive access under the Act, officials told us that SSA asks the requesting agencies to explain how their proposed use of the information is in accordance with the allowable use outlined in the Act. Specifically, SSA bases its initial eligibility determinations on whether: (1) the agencies pay federally-funded benefits, and (2) the agencies propose to use the full death file to ensure proper payment of those benefits. According to officials, once SSA has determined an agency is eligible, it ensures the remaining statutory requirements regarding cost reimbursement and adherence to SSA's duties with respect to state data are met, and establishes an information exchange agreement with the agency. However, in making this determination, SSA officials told us they do not use any criteria more specific than the language of the Act to guide decision-making, nor have they developed guidance for the procedures they follow. SSA's determinations as to whether agencies meet these requirements have varied. In one example of an eligibility determination, officials told us they provide the full death file to IRS for purposes that include allowing IRS to confirm or deny taxpayers' requests for exemptions and standard deductions. In addition, officials told us SSA would generally have the authority to share the full death file with the OIG at benefit-paying agencies for the purpose of ensuring proper payment of federally-funded benefits. In fact, SSA officials approved a request for access to the full death file for the OIG at the Department of Health and Human Services.[Footnote 37] However, officials also told us that Treasury, which operates the Do Not Pay Business Center for a similar purpose as OIGs--preventing improper payments--is not eligible to receive the full death file. Officials provided no documentation outlining their rationale for this determination, but explained that one concern they had with providing Treasury with it was that they were not authorized to provide the state-reported death data to Treasury to distribute it to other agencies. Because SSA has some discretion in making such determinations and agencies' circumstances may differ, this variation in determinations may not represent inconsistency with the Act. However, since SSA does not make available written guidance describing the criteria it uses to make determinations as to whether the agencies meet the statutory requirements, there is no assurance that SSA's eligibility determinations under the Act are consistent across agencies. Without written guidance explaining SSA's criteria for approving or denying agencies' requests for the full death file, such as the factors SSA considers in deciding whether an agency provides federal benefits, potential recipient agencies may not know whether they are eligible. For example, officials at PBGC told us that they undertook a comprehensive review of all the agency's applicable legal authorities because they were unsure whether the benefits the agency paid met the requirements of the Act. According to federal internal control standards, agencies should have written documentation, such as this type of guidance, and it should be readily available for examination. The absence of written guidance may also pose a risk to the consistency of SSA's future determinations in the event of staff turnover, changes in administration, or any other disruption that could lead to a loss of institutional knowledge. In a September 2008 report, we found that there was a risk to the management and operational continuity of ongoing projects at SSA due to a lack of written policies and procedures.[Footnote 38] We found that during organizational change, project objectives, designs, and evaluation may be affected absent comprehensive written policies and procedures. Also, until recently, SSA did not have an officially designated organizational component for monitoring use of death data or making decisions on access to its full death data, which could have introduced additional uncertainty to those decisions. However, officials told us the agency created the Office of Data Exchange in January 2013 to clarify, simplify, and strengthen existing data exchange programs. As part of this effort, it is looking at how SSA makes decisions regarding access to its death data, as well as how it shares the data with other agencies, and is monitoring the data exchange agreements. Any agency that does not access SSA's full death file can instead access the publicly-available DMF. Agencies can purchase a DMF subscription through the Department of Commerce's National Technical Information Service (NTIS), which reimburses SSA for the cost of providing the file.[Footnote 39] In accordance with the Act, SSA excludes state-reported death records from the DMF. Federal entities that purchase the DMF from NTIS include, among others: [Footnote 40] * Department of Justice: * Department of Homeland Security: * Drug Enforcement Administration: * National Institute on Occupational Safety and Health: * Veterans Affairs medical facilities: The death information included in the DMF is less complete and likely less accurate than that contained in SSA's full death file, which may result in federal agencies that use the DMF receiving less useful information than agencies that use the full death file. According to SSA officials, agencies that purchase the DMF have access to 10 percent fewer records overall than agencies with access to the full death file due to the removal of state-reported deaths. Moreover, SSA officials said they expect the percentage of state-reported deaths as a proportion of all of SSA's death records to increase over time, which could lead to a greater portion of death data being removed each year to create the DMF. For example, for deaths reported in 2012 alone, the DMF included about 40 percent fewer death records than what was included in SSA's full death file. As a result, agencies that purchase the DMF will continue to access fewer records over time than those that obtain SSA's full death file. In addition, because the deaths reported through EDRS by states are generally more accurate, it is likely that federal agencies using the DMF would encounter more errors than agencies using SSA's full death file. In fact, the SSA OIG found that approximately 98 percent of deaths that SSA erroneously included in its death file were reported by non-state sources. [Footnote 41] It is not SSA's practice to proactively notify agencies that may be eligible for access to the complete set of death information. Officials explained that distributing death information to other federal agencies is not a part of SSA's mission, nor is it an activity for which SSA receives an appropriation. As a result, some agencies may not know to request the full death file directly from SSA and may be relying on the less complete, less accurate DMF to assist them in administering their programs. In at least one case, an agency administering federal benefit-paying programs was using the less comprehensive DMF to match against its payment systems until it received access to the full file in January 2013. In a June 2013 report, we found that two agencies within the U.S. Department of Agriculture (USDA) were not matching beneficiary lists against SSA's full death file.[Footnote 42] We spoke with program officials at another benefit-paying agency that uses the DMF--the Department of Labor's Division of Energy Employees Occupational Illness Compensation, within the Office of Workers' Compensation Programs--who told us they did not know until very recently that obtaining the full set of death data was an option. Reimbursement Amounts Vary and SSA Does Not Share How They are Calculated: Under the Act, one condition of receiving SSA's full death data is that the recipient agency reimburses SSA for the reasonable cost of sharing death data. However, factors including legal requirements and a quid pro quo arrangement have resulted in varying projected reimbursement amounts for different agencies (see table 1). Table 1: Projected[A] Reimbursement Amounts for Federal Agencies Receiving SSA's Full Death Data: Agency: Centers for Medicare & Medicaid Services; Projected fiscal year 2013 reimbursement amount: $9,900; Frequency of receipt: Weekly updates. Agency: Department of Defense/DMDC; Projected fiscal year 2013 reimbursement amount: $44,554; Frequency of receipt: Monthly updates, plus the fully file annually. Agency: Department of Veterans Affairs; Projected fiscal year 2013 reimbursement amount: $0[B]; Frequency of receipt: Weekly updates, plus the fully file annually. Agency: Internal Revenue Service; Projected fiscal year 2013 reimbursement amount: $87,156; Frequency of receipt: Weekly updates, plus the fully file annually. Agency: Office of Personnel Management; Projected fiscal year 2013 reimbursement amount: $0[C]; Frequency of receipt: Weekly updates, plus the fully file annually. Agency: Pension Benefit Guaranty Corporation; Projected fiscal year 2013 reimbursement amount: $70,000 (projected for FY2014)[D]; Frequency of receipt: Weekly updates, plus the fully file annually. Agency: Railroad Retirement Board; Projected fiscal year 2013 reimbursement amount: $9,000; Frequency of receipt: Monthly updates. Source: GAO compilation of agency data. Note: GAO receives SSA's full death file for audit purposes pursuant to our authority under 31 U.S.C. § 716. Note: NTIS receives the DMF from SSA on a weekly basis; in fiscal year 2012 its reimbursement amount was $148,186. [A] Reimbursement amounts are projected because SSA bills agencies in arrears. Therefore, SSA will bill agencies for the actual amount owed for fiscal year 2013 death data some time after the end of September 2013. [B] By statute, the Department of Veterans Affairs is not required to reimburse SSA. 38 U.S.C. § 5106. [C] The Office of Personnel Management and SSA have agreed that the expenses involved in their data exchanges are reciprocal. [D] The Pension Benefit Guaranty Corporation began receiving weekly updates of the full death file in July 2013. [End of table] Some agencies do not reimburse SSA at all. For example, VA is not required to provide reimbursement by statute, while OPM provides federal retirement data to SSA that is critical to its mission, and the agencies have agreed that the expenses involved in the exchanges are reciprocal.[Footnote 43] However, SSA officials were unable to point to any reciprocity study supporting this decision. For other agencies, some of these differences in projected reimbursement amounts cannot fully be explained by the frequency with which the agencies expect to receive the data. For example, as noted in Table 1, CMS expected to receive updates to the full death file weekly from SSA and CMS officials told us the agency expected to reimburse SSA $9,900 in fiscal year 2013. RRB similarly expected to pay $9,000, despite expecting to receive the file less frequently-- monthly, rather than weekly. At the same time, IRS expected to receive weekly updates to the full file plus the full file annually in fiscal year 2013, and PBGC expected to receive the file with the same frequency for fiscal year 2014. However, IRS expected to pay more than $87,000, while PBGC's expected reimbursement amount was $70,000. While the reimbursement amounts for agencies are sometimes included in the inter-agency agreements governing how SSA provides its full death file, the agreements lack information on how these amounts were determined. According to SSA officials, these agreements specify the permissible purpose for using the death data and limitations on sharing the data within the agency. However, according to officials we spoke with at several agencies that receive the full death file, SSA staff did not provide an explanation for reimbursement amounts. SSA officials told us they calculate a detailed breakdown of expenses in an internal document, but provide only a summary of these expenses in the estimates and billing statements they send to agencies. As a result, recipient agencies do not know the factors that lead to the reimbursement amounts they are charged, which could prevent them from making informed decisions based on the amount they are spending. According to federal internal control standards, financial information is something agencies should communicate for external uses, because it is necessary to determine whether agencies are meeting goals for accountability for effective and efficient use of resources. In addition, SSA officials told us that because the Act provides for SSA to be reimbursed for its costs, the agency will not negotiate the reimbursement amounts if a prospective recipient agency indicates unwillingness to pay the quoted amount. In one case, SSA officials told us that while it approved a request for access to the file from the OIG for the U.S. Department of Health and Human Services, the two entities never finalized an agreement because the OIG determined it wanted to look for a lower-cost option for obtaining death information. Conclusions: Federal benefit programs' need for accurate administrative data, such as death information, is increasingly evident in an environment of continuing budget shortages, where improper payments due to inaccurate information cost taxpayers billions of dollars in fiscal year 2012. Because of its mission, SSA is uniquely positioned to collect and manage death data at the federal level. SSA already has a responsibility to ensure that this information is as accurate and complete as possible for its own beneficiaries. Further, proposed legislation, if enacted, would require SSA to disseminate full death data to a number of additional eligible federal agencies. Only with more accurate and complete data can these agencies reduce the risk of paying deceased beneficiaries. However, because SSA has never analyzed the risk posed by errors or processes that could result in errors, it is not fully aware of steps that would be needed to address them. As a result, SSA and other federal agencies that use the full death data and the DMF are potentially vulnerable to making improper payments. Similarly, the absence of written guidelines for determining which agencies can access the full death data may impede federal agencies' ability to obtain that information in a timely and efficient manner. Finally, SSA's approach to calculating and charging agencies for death data lacks transparency about the fact that federal agencies pay varying amounts for the same information. In such a setting, there is a risk that federal agencies that could otherwise benefit from death information will decline to participate, whether due to confusion over SSA's access protocols or uncertainty concerning its financial reimbursement policies. Recommendations for Executive Action: In order to enhance the accuracy of and ensure appropriate agency access to SSA's death data, we recommend that the Social Security Administration's Acting Commissioner direct the Deputy Commissioner of Operations to take the following three actions: 1. To be more informed about ways to improve the accuracy and completeness of its death information, conduct a risk assessment of SSA's death information processing systems and policies as a component of redesigning SSA's death processing system. Such an assessment should identify the scope and extent of errors, and help SSA identify ways to address them. In addition, assess the feasibility and cost effectiveness of addressing various types of errors, given the risk they pose. 2. To clarify how SSA applies the eligibility requirements of the Social Security Act and enhance agencies' awareness of how to obtain access, develop and publicize guidance it will use to determine whether agencies are eligible to receive SSA's full death file. 3. To increase transparency among recipient agencies, share a more detailed explanation of how it determines reimbursement amounts for providing agencies with death information. Agency Comments and our Evaluation: We provided a draft of this report to the Social Security Administration (SSA), the National Technical Information Service, the Department of Treasury (Treasury), the Department of Defense, the Department of Labor, the Centers for Medicare & Medicaid Services (CMS), the Internal Revenue Service (IRS), the Office of Personnel Management, the Pension Benefit Guaranty Corporation, and the Office of Management and Budget (OMB) for review and comment. SSA officials provided written comments, which are reproduced in appendix II and described below. IRS officials provided technical comments that further supported the impact of late-reported deaths on federal users of SSA's death data, and we incorporated an example they provided into that discussion. The Department of Labor, the Office of Personnel Management, the Pension Benefit Guaranty Corporation, and OMB also provided technical comments, which we incorporated in the report as appropriate. CMS, the Department of Defense, Treasury, and the National Technical Information Service had no comments. In its comments, SSA partially agreed with our first and third recommendations and disagreed with our second. In response to our first recommendation, SSA agreed to perform a risk assessment as part of its death information processing system redesign project, but raised concerns about performing risk assessments for other users of the death data. In making this recommendation, we did not intend for SSA to perform risk assessments for other agencies' programs. However, we believe that by assessing the risks of inaccuracies in its death data, SSA's efforts could shed light on risks posed to other agencies' programs in addition to its own. To clarify this, we deleted the specific reference to other agencies. SSA also partially agreed with our third recommendation, stating that it has implemented improvements in its estimating procedures for future reimbursable agreements to ensure consistent estimates for all customers. However, the agency stated that it is not a typical government business practice to share these detailed costs for reimbursable agreements. We are encouraged that SSA has made efforts to standardize the estimates it shares with its federal partners, though we have not had the chance to evaluate their effectiveness, since these efforts were made recently. Also, we recognize that there may be limitations on the type of cost details SSA can provide to recipient agencies. However, we continue to believe that more transparency in conveying the factors that lead to the estimated and final reimbursement amounts recipient agencies are charged could help them make more informed decisions. SSA disagreed with our second recommendation, stating that each request to obtain the full death file is unique, and that officials must review them on a case-by-case basis to ensure compliance with various legal requirements. It also expressed concern that developing this guidance as we recommended would require agency expenditures unrelated to its mission in an already fiscally constrained environment. We appreciate that agencies may base their request for the full death file on different intended uses, and support SSA's efforts to ensure compliance with all applicable legal requirements. However, we continue to believe that developing this guidance could help to ensure consistency in SSA's future decision making by the new Office of Data Exchange, as well as enhance agencies' ability to obtain the data in a timely and efficient manner. We do not expect such guidance, which could include information such as the factors SSA considers in deciding whether an agency provides federal benefits, would restrict SSA's flexibility. SSA also outlined two general concerns with the body of the report. First, it expressed concern that we inaccurately described SSA officials' reasons for determining that the agency could not provide Treasury with full death data for the Do Not Pay Initiative. We made revisions to the report to more accurately describe SSA's reasoning. Second, SSA was concerned about the use of estimated reimbursement costs in Table 1 because these costs fluctuate throughout the year. SSA suggested instead using figures it provided reflecting the actual costs from fiscal year 2012. The agency also noted that Table 1 contains incorrect information related to the frequency at which the agencies receive the file. While we agree that actual costs are inherently more accurate than estimated costs, we chose to use estimated costs because this is the information federal agencies receive when they are deciding whether and how to obtain death data. In response to SSA's assertion that our table contains incorrect information, we have added information to the table regarding whether agencies expected to receive the annual file. We followed up with an official, who clarified that our previous table was incomplete because, for some of the agencies, it lacked information about receipt of the annual full file. SSA also provided technical comments, which we incorporated in the report as appropriate. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies of this report to the appropriate congressional committees and the heads of the agencies listed above. In addition, the report will be available at no charge on GAO's website at [hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202)512-7215 or bertonid@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix III. Signed by: Dan Bertoni: Director, Education, Workforce, and Income Security Issues: List of Requesters: The Honorable Thomas R. Carper: Chairman: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Tom Coburn, M.D. Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Claire McCaskill: Chairman: Subcommittee on Financial and Contracting Oversight: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Ron Johnson: Ranking Member: Subcommittee on Financial and Contracting Oversight: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Susan M. Collins: United States Senate: The Honorable Sam Johnson: Chairman: Subcommittee on Social Security: Committee on Ways and Means: House of Representatives: [End of section] Appendix I: Objectives, Scope, and Methodology: This report examines (1) how the Social Security Administration (SSA) obtains death reports for inclusion in the death data it maintains and steps it takes to ensure these reports are accurate; and (2) the factors affecting federal agency access to SSA's death data. To address these objectives, we reviewed applicable federal laws and SSA procedures, as well as relevant reports and evaluations, such as reports from multiple Offices of Inspectors General. We interviewed SSA officials regarding how SSA obtains and processes death reports and maintains and shares its death information. We also interviewed representatives of some entities that provide death reports to SSA. We obtained and reviewed available corroborating documentation such as the data sharing agreements SSA made with other federal agencies. To evaluate SSA's processes for obtaining, processing, and sharing death information, we reviewed standard criteria, such as the Standards for Internal Controls in the Federal Government.[Footnote 44] We performed independent testing of SSA's death data to identify specific types of errors such as dates of birth that followed dates of death. We also drew a randomly selected but non-generalizable sample of cases that SSA removed from the death information for further review in order to identify potential explanations for that action. Finally, we interviewed officials at other federal agencies that use SSA's death information about how they access and use it. We tested for specific types of errors within SSA's death data in several different ways using the full death information file; however, we did not attempt to identify all possible errors in the death data. Our reliability tests included identifying cases in which the date of birth was listed as occurring after the date of death. We also looked for cases involving deaths at very old ages--115 and higher--and cases of death that occurred before 1936 (when account numbers were first issued for administering Social Security programs) after observing such cases in a publicly-available version of the Death Master File (DMF). We then systematically tested for incidences of these occurrences in the full death information file. As part of our tests to identify deaths that occurred at age 115 or older and those that occurred before 1936, we examined the monthly update file of cases SSA added in March 2013, which represent new death reports received by SSA. In conducting our analysis, we found a total of 539 deaths were added to the death data during this month that reportedly occurred in years prior to 2012 (and another 9,462 that occurred in 2012). At SSA's request, we provided a sample of these cases to SSA staff to investigate. We selected and provided SSA lists of those cases in which the deaths were reported to have occurred in 1976 and 2004--a total of 22 cases. We chose these two years because each of these years included a sufficiently large number of cases to allow us to potentially identify patterns with respect to whether SSA had been paying benefits to deceased beneficiaries. We also chose two years that were nearly three decades apart to determine if there were any differences due to time period variation. SSA was unable to research these cases individually because of time constraints, but provided explanations of possible reasons why the agency receives reports this many years after a death. SSA also produces weekly and monthly update files listing deaths to be deleted from and death reports to be added to its death information files. To identify possible reasons for deleting deaths, we drew a random sample of 97 cases from the monthly update files produced from February 2012 through January 2013. [Footnote 45] If all cases in this sample were reviewed, we would have been able to make generalized observations about all of the deleted cases in this time period. We provided this list of cases listed in the order selected and requested SSA to research them--beginning at the top of the list--to determine if it had any record of the reason for deleting the case from its death data. To identify possible relationships with other characteristics, we also asked officials to provide, if available, the source of the death report, and whether or not the listed decedent was a Social Security beneficiary. We were satisfied we had a sufficient number of cases after SSA had completed work on 46 of the 97 cases. While still randomly-selected, this smaller sample was non- generalizable. In recognition of the time and resources SSA was committing to this work, we determined that the 46 cases would be sufficient to describe characteristics of these cases, even though we would not be able to make generalized statements about all deleted cases in our population. Of these 46 cases, SSA officials were able to determine reasons for deletion in 28 cases, source of the death report in 13, and determine the beneficiary/non-beneficiary status in all 46. They were able to identify all three of these characteristics in 11 of the cases.[Footnote 46] For all of the tests and sampling just described, we used the full death data file. We determined that the data we used was sufficiently reliable for our reporting purposes. The computer programming we used was checked by a second programmer for accuracy, giving us further assurance that the results we present in the report are reliable. To assess the factors affecting agencies' access to SSA's death data, we interviewed officials at seven federal agencies that used the death data--either the full death file or the Death Master File (DMF). We obtained the list of federal agencies that obtain the full death file directly from SSA, as well as the list of federal entities that purchase the public Death Master File (DMF) from the National Technical Information Service (NTIS). We obtained the former through prior discussions with SSA officials and congressional testimonies. For those federal entities that purchase the public DMF, we requested a list of federal customers from officials at NTIS. According to NTIS officials, they had to compile the list manually because, prior to our request, they had no business reason to separate federal customers from other customers. They described their manual compilation process as looking through the NTIS list of approximately 800 DMF subscription customers one-by-one and determining, for each one, whether it represented a federal customer by looking at the name and email address. Officials then sent us a list of 27 federal customers. [Footnote 47] Our primary criterion for selecting six of the seven agencies to interview was whether they administered programs that pay benefits. We selected the following four benefit-paying agencies that obtain SSA's full death file because we wanted to gain an understanding of agencies' experience with accessing and using the full death file: * Centers for Medicare & Medicaid Services (CMS): * Department of Defense/Defense Manpower Data Center (DMDC): * Internal Revenue Service (IRS): * Office of Personnel Management (OPM): We based this selection of four agencies on their reported improper payment amounts from 2012, focusing on those with higher amounts, such as CMS and IRS. We also selected one program within a benefit-paying agency--Department of Labor's Division of Energy Employees Occupational Illness Compensation within the Office of Workers' Compensation Programs--that was purchasing the DMF rather than obtaining the full file directly from SSA. We sought to understand this agency's general experience using the DMF, as well as whether it had ever tried to obtain the full file from SSA. Additionally, we selected the Pension Benefit Guaranty Corporation (PBGC) for interviews because it transitioned from purchasing the DMF to obtaining SSA's full death file during the course of our review, so officials had the unique perspective of receiving both files. For the seventh agency, we interviewed officials from the U.S. Department of Treasury's (Treasury) Do Not Pay Business Center, even though it does not pay benefits, because of its program goal to prevent improper payments. Also, we had learned that Do Not Pay officials had previously requested--and were denied--access to SSA's full death file, and we wanted to better understand the circumstances of that interaction. One limitation of the approach we used to identify all federal users of SSA's death data is the subjectivity with which NTIS officials judged its customers to be associated with federal agencies. As a result, the list we obtained of federal DMF customers may have been incomplete. However, based on our review of reports on improper federal payments and interviews with SSA officials, we are confident that the information we collected from officials at the agencies we selected accurately represents federal customers' experience obtaining and using SSA death data. We conducted this performance audit from November 2012 to November 2013 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. [End of section] Appendix II: Comments from the Social Security Administration: Social Security: Office of the Commissioner: Social Security Administration: Baltimore, MD 21235-0001: November 7, 2013: Mr. Dan Bertoni, Director: Education, Workforce, and Income Security Issues: United States Government Accountability Office: 441 G. Street, NW: Washington, DC 20548: Dear Mr. Bertoni: Thank you for the opportunity to review the draft report, "Social Security Death Data: Additional Action Needed to Address Data Errors and Federal Agency Access" (GAO-14-46). Our response to the audit report contents, findings, and recommendations are enclosed. We also provided technical comments directly to your staff. If you have any questions, please contact me at (410) 966-9014. Your staff may contact Gary S. Hatcher, our Senior Advisor for Records Management and Audit Liaison Staff, at (410) 965-0680. Sincerely, Signed by: Katherine Thornton: Deputy Chief of Staff: Enclosure Comments On The Government Accountability Office Draft Report, "Social Security Death Data: Additional Action Needed To Address Data Errors And Federal Agency Access" (GAO-14-46): General Comments: We appreciate the Government Accountability Office (GAO) study of our death data. It is important to us to maintain a high level of accuracy in our death data -levels of accuracy that GAO itself has commended. [Footnote l] We strive to improve our process for collecting and maintaining death information. We believe that the relatively small percentage of errors have a minimal impact on the agency or the Federal Government. We recognize, however, that errors can cause hardships to members of the public affected by them. To help reduce errors even further, over the years we have used technology to increase the timeliness and accuracy of our collection of death information. Since 2002, we have worked with the States to increase the use of Electronic Death Registration (EDR). EDR automates our receipt of death information and is highly accurate because the States first verify the name and Social Security number of deceased individuals against our records before they issue a death certificate. The use of EDR, currently in 34 States, New York City, and the District of Columbia, ensures that our death records include the most accurate and most current information. [Footnote 2] We are committed to continuing to share death information with our Federal partners to help them make accurate payments and combat fraud. However, because we are not the custodians of these data, and are not the repository for records of every death that occurs in the United States, and because every system of records is subject to human error, we require those agencies under our agreements to independently verify the information before they take action based on an individual's death as reported in our system. We are not the custodians of vital statistics records, nor should we be as that is the role of the State Bureaus of Vital Statistics. We collect death information from a variety of sources - about 2.5 million reports of death a year from States, funeral homes, family members, and others - to administer our programs. We use death information to stop benefit payments to beneficiaries who die and pay benefits to survivors of insured persons. It is important to note that the death information we collect through EDR is State information, which, under section 205(r) of the Social Security Act (Act), we are authorized to disclose only for specific purposes. Under section 205(r)(3), we may provide to Federal benefit- paying agencies all of our death information, including the death information we receive from the States. Like us, these agencies need death information to ensure the accuracy of their benefit payments and prevent fraud, waste, and abuse. On Page 17 of the draft report, GAO misrepresents our response as to why we determined we could not provide the full Death Master File (DMF) to the Department of Treasury (Treasury) for the Do Not Pay (DNP) initiative. GAO states that our concern with providing Treasury the full DMF for DNP was, " ... that Treasury is not authorized to distribute the state reported death data to other agencies." In January 2013, we explained that, "Section 205(r) of the Act requires us to provide State death data to agencies to ensure proper payment of federally-funded benefits. Neither the Act nor any other Federal law authorizes us to provide State death data to the Department of Treasury to disseminate on our behalf. We cannot transfer our statutory obligation to the Department of Treasury or any other Federal agency without legal authority to do so." We are concerned with the table shown on page 21 in the draft report. It is confusing and misleading to use estimated costs in this table as the figures fluctuate throughout the year. The actual closed costs for a particular year do not change. The table on page 5 of this document shows we charged agencies receiving the information at the same frequency the same amounts. GAO's table also contains incorrect information on the frequency at which various Federal agencies receive the file. We strongly urge you to use the chart on page 5 of this document, which shows the actual costs charged to the various agencies and the correct frequency of receipt for fiscal year (FY) 2012. To address transparency and accuracy concerns, in FY 2013 we completed an extensive review of our DMF estimating procedures. For FY 2014, we implemented improvements to ensure consistent estimating for all customers. With this improved process, customers receiving the same data at the same frequency received the same estimated costs for FY 2014. The new process also ensures that the estimated costs will be closer to actual costs. It is important to note that we cannot determine the actual costs at the beginning of the fiscal year because death data volumes fluctuate. The chart on page 6 of our response shows we estimate customer costs consistently for identical types of services. In summary, the death information we collect and our system for storing such data, are intended for a single purpose, which is to correctly administer our programs. Any other purpose is controlled by statute. The expansion of our role regarding death information is an important topic for public policy discussion, which should include a thorough examination of the availability and appropriate use of information collected by the States. Responses To The Recommendations: Recommendation 1: To be more informed about ways to improve the accuracy and completeness of its death information, conduct a risk assessment of SSA's death information processing systems and policies as a component of redesigning SSA's death processing system. Such an assessment should identify the scope and extent of errors, and help SSA identify ways to address them. In addition, assess the feasibility and cost effectiveness of addressing various types of errors, taking into consideration the risk they pose to SSA and other agencies. Response: We partially agree. We will perform a risk assessment as part of our death information processing system redesign project and continue to assess risks as part of our routine Federal Information Security Management Act review. We created a system to store death records to support our programmatic needs, i.e., terminating beneficiary payments and providing survivor benefits to families of deceased individuals. Therefore, our assessments will focus on the risks to us. We do not agree to include a risk assessment for other agencies. We do not have detailed information on the policies, data requirements, and risks of other agencies. Other agencies should evaluate and consider the risk of using the data for their own purposes and determine the level of risk that is acceptable to their organization. Conducting an expanded risk assessment would be an undue burden on our resources and would negatively impact our mission-critical work. Recommendation 2: To clarify how SSA applies the eligibility requirements of the Social Security Act and enhance agencies' awareness of how to obtain access, the agency should develop and publicize guidance it will use to determine whether agencies are eligible to receive SSA's full death file. Response: We disagree. We must review all requests on a case-by-case basis to ensure compliance with the Privacy Act, 5 U.S.C. 552a, the Act, and other controlling disclosure statutes. Requests for information from us are based on the needs of each requester and usually unique. The report acknowledges that we recently created a new office to review data exchange agreements with other agencies to help unify our data exchange activities. The new office, serving as a central point of contact for partner agencies, will help ensure our exchanges meet our program and business needs, and function across governmental boundaries. Any Federal agency that would like to explore accessing the full DMF, which includes State death records, should submit a request to [hyperlink, ogc.opd.controls@ssa.gov. We would be happy to review the request, and if it satisfies the requirements of section 205(r)(3) of the Act, we will, to the extent feasible, enter into an Information Exchange Agreement covering terms, conditions, and reimbursement for the exchange. In addition, implementing this recommendation would result in agency expenditures unrelated to our mission at a time when resources are strained. Recommendation 3: To increase transparency among recipient agencies, SSA should share a more detailed explanation of how it determines reimbursement amounts for providing agencies with death information. Response: We partially agree. We comply with Office of Management and Budget (OMB) Circular A-25, User Charges, and charge "full cost" for goods or services we provide. We ensure charges are sufficient to recover the full cost to provide goods, resources, or services, as defined by the Federal Accounting Standards Advisory Board. We provide estimated cost information to our Federal partners as part of the reimbursable agreement. In FY 2013, we refined our process for death data cost estimates and established consistent standardized costs, which we will reflect in future reimbursable agreements (see table on page 6). Using the OMB Circular A-25 framework, we review all reimbursable requests on a case-by-case basis to determine our full costs. Such costs include all direct and indirect expenses to any part of the Federal Government to provide goods, resources, or services. Our typical reimbursement cost estimates include categories such as salaries and other direct costs (including Information Technology costs), office overhead, agency overhead, Information Technology Special Project charges, and a contingency amount to cover unforeseen costs. As a government-wide business practice, Federal agencies do not share detailed costs for reimbursable agreements. Table: Reimbursement Amounts for Federal Agencies Receiving SSA's Full Death Data: Agencies that Received the Full File in FY 2012: Centers for Medicare & Medicaid Services (CMS); FY 2012 Reimbursement Amount (Actual Costs): $32,599; Frequency of Receipt: Weekly Updates. Agencies that Received the Full File in FY 2012: Department of Defense, Defense Manpower Data Center (DoD, DMDC); FY 2012 Reimbursement Amount (Actual Costs): $8,225; Frequency of Receipt: Full File Annually and Monthly Update. Agencies that Received the Full File in FY 2012: Railroad Retirement Board (RRB); FY 2012 Reimbursement Amount (Actual Costs): $8,225; Frequency of Receipt: Monthly Updates. Agencies that Received the Full File in FY 2012: Department of Veterans Affairs (VA); FY 2012 Reimbursement Amount (Actual Costs): See Note 1 below; Frequency of Receipt: Full File Annually and Weekly Updates. Agencies that Received the Full File in FY 2012: Internal Revenue Service (IRS); FY 2012 Reimbursement Amount (Actual Costs): $74,751; Frequency of Receipt: Full File Annually and Weekly Updates. Agencies that Received the Full File in FY 2012: Office of Personnel Management (OPM); FY 2012 Reimbursement Amount (Actual Costs): See Note 2 below; Frequency of Receipt: Full File Annually and Weekly Updates. Notes: 1. Pursuant to section 5106 of title 38, United States Code, we provide the full DMF annually and with weekly updates to the VA at no cost. 2. OPM does not pay for access to the full DMF, which we provide annually and with weekly updates. Instead, we exchange information in a reciprocal relationship using matching agreements. 3. Pursuant to section 716 of title 31, United States Code, GAO has authority to obtain the full file for investigative purposes. We provide the file to GAO upon request and without reimbursement. 4. Our agreement with DoD, DMDC allows it to receive the full file annually, plus monthly updates, DoD, DMDC's systems are not configured to receive files as large as the annual full file. Once DoD, DMDC is able to receive the full file, we will begin transmitting it to them and will reconcile our estimated and actual costs. 5. Our Reimbursable Agreements stipulate that we are reimbursed on a quarterly basis for the cost incurred for providing the information requested. At least quarterly, the parties will reconcile balances related to revenue and expenses for work performed. [End of table] Table: Death Master File Customers FY 2014: Customer: RRB; Version: Public + State; Frequency: Monthly updates; Estimated Cost: $8,289. Customer: GAO; Version: Public + State; Frequency: Monthly updates; Estimated Value: $8,289; No Cost. Customer: Federal Retirement Thrift Investment Board; Version: Public + State; Frequency: Monthly updates & 1 full file; Estimated Cost: $30,422; Comments: Partial Year Estimate. Customer: DoD, DMDC; Version: Public + State; Frequency: Monthly updates & 1 full file; Estimated Cost: $31,804. Customer: CMS; Version: Public + State; Frequency: Weekly updates; Estimated Cost: $33,740. Customer: IRS; Version: Public + State; Frequency: Weekly updates & 1 full file; Estimated Cost: $57,254. Customer: Pension Benefit Guaranty Corporation; Version: Public + State; Frequency: Weekly updates & 1 full file; Estimated Cost: $57,254. Customer: VA; Version: Public + State; Frequency: Weekly updates & 1 full file; Estimated Value: $57,254; Comments: No Cost. Customer: OPM; Version: Public + State; Frequency: Weekly updates & 1 full file; Estimated Value: $57,254; Comments: Reciprocal Exchange. Customer: National Technical Information Service; Version: Public; Frequency: Monthly & weekly updates & 4 full files; Estimated Cost: $126,827. Notes: 1. Last updated September 30, 2013. 2. There are two DMF versions, Public + State and Public. By law, we may only disclose death data received from the States to those Federal benefit-paying agencies. [End of table] Appendix II Footnotes: [1] GAO, Social Security Administration: Preliminary Observations on the Death Master File, [hyperlink, http://www.gao.gov/products/GAO-13-574T] (Washington, D.C.: May 8, 2013) [2] Although not a Social Security Administration legislative proposal, the President's fiscal year 2014 Budget includes an increase of $22 million in Public Health Service Evaluation transfers for the Vital Statistics System supported within the Centers for Disease Control and Prevention (CDC). The intent of the provision is to allow CDC to gradually phase in electronic death records in the 21 remaining jurisdictions over 4 years. [End of section] Appendix III: GAO Contact and Staff Acknowledgments: GAO Contact: Dan Bertoni, Director (202) 512-7215 or bertonid@gao.gov: Staff Acknowledgments: In addition to the contact named above, Lori Rectanus, Acting Director; Jeremy Cox, Assistant Director; Keira Dembowski; Joel Marus; and Sara Pelton made significant contributions to this report. Also contributing to this report were Sarah Cornetto, Holly Dye, Justin Fisher, Alex Galuten, Mitch Karpman, Mimi Nguyen, Almeta Spencer, Walter Vance, Michelle Loutoo Wilson, and Amber Yancey-Carroll. [End of section] Related GAO Products: GAO, Farm Programs: USDA Needs to Do More to Prevent Improper Payments to Deceased Individuals, [hyperlink, http://www.gao.gov/products/GAO-13-503] (Washington, D.C.: June 28, 2013). GAO, Management Report: Improvements Are Needed to Enhance the Internal Revenue Service's Internal Controls, [hyperlink, http://www.gao.gov/products/GAO-13-420R] (Washington, D.C.: May 13, 2013). GAO, Social Security Administration: Preliminary Observations on the Death Master File, [hyperlink, http://www.gao.gov/products/GAO-13-574T] (Washington, D.C.: May 8, 2013). [End of section] Footnotes: [1] An improper payment is any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements. It includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except for such payments where authorized by law), and any payment that does not account for credit for applicable discounts. Improper payment estimates reported by federal agencies are not intended to be an estimate of fraud in federal agencies' programs and activities. See section 2(g) of the Improper Payments Information Act of 2002, as amended, codified at 31 U.S.C. § 3321 note. Office of Management and Budget guidance also instructs agencies to report as improper payments any payments for which insufficient or no documentation was found. [2] Office of Personnel Management, Office of the Inspector General, Stopping Improper Payments to Deceased Annuitants (Washington, D.C.: Sept. 14, 2011). [3] Social Security Administration, Office of Inspector General, Title II Deceased Beneficiaries Who Do Not Have Death Information on the Numident, A-09-11-21171 (Baltimore, MD: July 2012). The OIG found that Social Security benefit payments to a sample of these deceased individuals had been terminated. [4] GAO, Government Operations: Standards for Internal Control in the Federal Government, AIMD-00-21.3.1 (Washington, D.C.: Nov. 1, 1999). These standards, issued pursuant to the requirements of the Federal Managers' Financial Integrity Act of 1982, Pub. L. No. 97-255, 96 Stat. 814, provide the overall framework for establishing and maintaining internal control in the federal government, and for identifying and addressing major performance and management challenges and areas at greatest risk of fraud, waste, abuse, and mismanagement. [5] Unless otherwise specified, in this report we refer to these benefits collectively as "Social Security benefits." [6] The Bureau of Internal Revenue, in the U.S. Department of the Treasury, began issuing account numbers to each employee covered under the Act in 1936. T.D. 4704, 1 Fed. Reg. 1741 (Nov. 7, 1936). As currently amended, the Act requires SSA to establish and maintain wage and income records, and comply with certain requirements for the issuance and use of SSNs. 42 U.S.C.§ 405(c). [7] Vital records are permanent legal records of life events and include live births, deaths, fetal deaths, marriages, and divorces. The five U.S. territories are American Samoa, the Commonwealth of Puerto Rico, Guam, the Northern Mariana Islands, and U.S. Virgin Islands. [8] Section 205(r) of the Social Security Act requires SSA to establish a program under which states voluntarily contract with SSA to periodically provide it with death information, and further requires that this information be used to compare with, validate, and correct the records used to administer Social Security programs. Each state may be paid the reasonable costs for providing death information to SSA. See 42 U.S.C. § 405(r)(1)-(2). We define "state" consistent with the definition in the Social Security Act, which includes the District of Columbia and the Commonwealth of Puerto Rico. 42 U.S.C. § 1301(a). [9] Use of the term "full" is not meant to indicate a file that contains all deaths, but a file that includes the deaths reported by states. SSA does not guarantee the completeness or accuracy of its death data, stating that SSA does not have a death record for all deceased individuals. [10] 42 U.S.C. § 405(r)(3). Under the Act, SSA is required to provide the data under a cooperative arrangement with benefit-paying agencies for the purpose of ensuring proper payment of those benefits, provided that the recipient agency reimburses SSA for its reasonable costs, and the arrangement does not conflict with SSA's duties with respect to the state death information. Benefit-paying agencies may be state agencies, and the Act also authorizes SSA to use or provide for the use of records from its full death file for certain other purposes, such as statistical and research activities conducted by federal and state agencies, 42 U.S.C. § 405(r)(5). However, in this report we discuss only federal agencies' use of the data to prevent improper payments. [11] The Social Security Act prohibits SSA from using death information it obtains from the states for purposes other than those described in section 205(r) of the Act, and exempts that information from disclosure under the Freedom of Information Act and the requirements of the Privacy Act. 42 U.S.C. § 405(r)(6). [12] GAO, Farm Programs: USDA Needs to Do More to Prevent Improper Payments to Deceased Individuals, [hyperlink, http://www.gao.gov/products/GAO-13-503] (Washington, D.C.: June 28, 2013). USDA generally agreed with our report's findings and recommendations and, as of May 2013, had begun implementing formal, systematic procedures to prevent subsidies on behalf of deceased individuals consistent with our recommendation. [13] Pub. L. No. 112-248, § 5, 126 Stat. 2390, 2392 (2013). Prior to the enactment of this law, a 2010 presidential memorandum had directed agencies to follow similar procedures to prevent improper payments. Enhancing Payment Accuracy Through a "Do Not Pay List," 75 Fed. Reg. 35,953 (June 23, 2010). OMB and the Department of the Treasury were the lead agencies in implementing the directive. See Reducing Improper Payments Through the "Do Not Pay List," OMB Memorandum M-12-11 (Apr. 12, 2012). [14] Improper Payments Agency Cooperation Enhancement Act of 2013, S. 1360, 113th Cong. § 2 (2013). [15] Alexis Agin Identify Theft Protection Act of 2013, H.R. 2720. 113th Cong. (2013). See 159 Cong. Rec. H4607 (daily ed. July 18, 2013) (statement of Rep. Johnson). [16] The Department of Veterans Affairs (VA) and Centers for Medicare & Medicaid Services (CMS) provide death reports to SSA. SSA officials we met with stated that they were not aware of any formal agreements that outlined these arrangements. [17] These reports pertained to approximately 2.5 million individuals in the Numerical Index File (Numident), an agency database of all SSN- holders, according to SSA officials. [18] SSA officials explained that death reports from states are tracked and noted in decedents' Numident records in order to ensure these records are not included in the DMF. [19] 42 U.S.C. § 405(r)(1)-(2). [20] According to officials and SSA's operating procedures, post offices and financial institutions typically become aware of a death when a benefit payment is returned. CMS and VA report deaths of their program beneficiaries to SSA through electronic data transfers. [21] Death reports from sources other than states and federal agencies are generally provided to SSA field offices. [22] The payment systems are for the Old Age, Survivors, and Disability Insurance program and the Supplemental Security Income program. [23] The Numident file contains identifying information associated with SSN-holders and there is one record for each SSN-holder. [24] SSA requires that the name, SSN, date of birth, and gender recorded on the death certificate match a corresponding record in the Numident before posting the death in the Numident record. The death will not be posted in the Numident if any one of those data elements does not match. [25] Although it may receive multiple death reports for the same individual, SSA only records the source it considers to be the most accurate as the source of the death report in decedents' Numident records. For example, if SSA first receives a death report from a family member and subsequently receives a report from a state via EDRS for the same individual, the original report is overridden and SSA records only the state as the source of the death report because SSA considers the state EDRS record to be more accurate. [26] SSA researched 46 cases. In 18 of these, it was unable to determine from its records the reason for deleting the case from its death data. [27] In two of these cases, SSA was unable to determine the reason for deleting the cases from its death data. [28] In four of these cases, SSA was unable to determine the reason for deleting the cases from its death data. [29] Social Security Administration, Office of the Inspector General, Title XVI Deceased Recipients Who Do Not Have Death Information on the Numident, A-09-12-22132 (Baltimore, MD: May 3, 2013); and Title II Deceased Beneficiaries Who Do Not Have Death Information on the Numident, A-09-11-21171 (Baltimore, MD: July 9, 2012). The OIG found that Social Security benefit payments to a sample of these deceased individuals had been terminated. [30] Late-reported deaths can cause other problems for federal agencies that use SSA's death data. For example, under one Internal Revenue Service (IRS) program, overdue taxes are collected through levies on certain federal payments. These levies can be assessed against certain Social Security benefits, but if the beneficiary dies, IRS returns any levied payments made after the death. IRS officials told us that the majority of returned payments from October 2011 through June 2012 in which the original levy payment was more than nine months old were for Social Security payments made to deceased individuals. In some cases, the deaths were reported (and the levies returned) too late for IRS to pursue the delinquent taxes through the collections process. [31] According to SSA officials, there is no requirement to file a death report of a non-beneficiary with SSA; however, in order to receive survivor's benefits, the death of the primary beneficiary must be recorded in his or her Numident record. Therefore, if a death report had not been filed while the decedent was not eligible for benefits, surviving spouses or family members will need to file one in order to be eligible for survivor's benefits. [32] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. [33] See, for example, Social Security Administration, Office of the Inspector General, Title XVI Deceased Recipients Who Do Not Have Death Information on the Numident, A-09-12-22132 (Baltimore, MD: May 3, 2013); and A-09-11-21171. [34] 42 U.S.C. § 405(r)(3). [35] GAO also receives SSA's full death file directly from SSA for audit purposes pursuant to our authority under 31 U.S.C. § 716. [36] According to SSA officials, CMS also shares the full death file it obtains from SSA with the U.S. Department of Health and Human Services' Health Resources and Services Administration, under an information exchange agreement between CMS and SSA, as authorized by 42 U.S.C. § 405(r)(9). [37] However, the agency determined it would instead seek out less costly sources of the data. [38] GAO, Social Security Disability: Management Controls Needed to Strengthen Demonstration Projects, [hyperlink, http://www.gao.gov/products/GAO-08-1053] (Washington, D.C.: Sept. 26, 2008). [39] NTIS distributes a range of federally-funded scientific and technical information. [40] We cannot be sure that we have a comprehensive list of federal DMF customers because, prior to our request, NTIS did not maintain such a list. In fulfilling our request, NTIS manually generated a list by judging customers' federal status using email addresses as the sole criterion. [41] Social Security Administration, Office of Inspector General, Sources of Erroneous Death Entries Input Into the Death Master File, A- 06-09-29095 (Baltimore, MD: February 4, 2009). [42] [hyperlink, http://www.gao.gov/products/GAO-13-503]. [43] VA does not provide reimbursement because it is statutorily exempted from doing so. The statute specifies that the cost of providing information to the Secretary of Veterans Affairs for the purposes of determining eligibility for or amount of veterans' benefits is to be borne by the agency providing the information; in this case, SSA. 38 U.S.C. § 5106 [44] GAO, Government Operations: Standards for Internal Controls in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: Nov. 1, 1999). These standards, issued pursuant to the requirements of the Federal Managers' Financial Integrity Act of 1982, Pub. L. No. 97- 255, 96 Stat. 814, provide the overall framework for establishing and maintaining internal control in the federal government, and for identifying and addressing major performance and management challenges and areas at greatest risk of fraud, waste, abuse, and mismanagement. [45] There were a total of 8,197 unique deleted records from this time period. [46] In 16 cases, SSA was only able to determine beneficiary/non- beneficiary status. [47] This list represented fewer than 27 federal agencies, as multiple offices or bureaus that fall under the same federal agency appeared in several cases. For example, two entities within the Department of Homeland Security--Customs and Border Protection and Citizenship and Immigration Services--were included in the list. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]