Examining Federal Improper Payments and Errors in the Death Master File
Good afternoon, Chairman Johnson, Ranking Member Carper, and Members of the Committee. Thank you for the invitation to testify today, to discuss Federal agencies’ efforts to reduce improper payments, with a focus on the Social Security Administration’s (SSA) death data. Eliminating improper payments continues to be a critical undertaking for the Federal Government, as agencies explore methods to improve payment accuracy and prevent wasteful spending.
Federal agencies reported more than $124 billion in improper payments in fiscal year (FY) 2014—a significant increase from FY 2013, when agencies reported $106 billion in payment errors.1 This upturn, the first in recent years, is a stark reminder that as Government employees, our primary goal must be to ensure that taxpayer dollars are spent wisely and effectively and that government benefits are administered correctly. Improper payments can refer to a number of government transactions, but at Social Security we are primarily concerned with benefits paid to ineligible individuals. Improper payments occur for many reasons—certainly fraud, but also poor understanding of reporting responsibilities or inability to report, administrative errors, and other reasons. Moreover, it’s important to consider that not all improper payments are overpayments; underpayments are also considered improper.
Federal agencies and their inspectors general have worked closely with the Office of Management and Budget and the Treasury to identify and reduce improper payments in recent years. Congress most recently passed the Improper Payments Elimination and Recovery Improvement Act in 2012, which included a “Do Not Pay” provision. The initiative calls for agencies to review available databases of deceased or ineligible individuals—such as SSA’s Death Master File (DMF)—to prevent improper payments by verifying recipient eligibility before releasing Federal funds. To identify and prevent its own and other agencies’ improper payments, SSA must collect and maintain accurate death records.
Death Master File
SSA creates a “Numident” record for each person issued a Social Security number; the Agency then annotates that record with a death indicator when that person dies and SSA is notified. Because of a 1978 Freedom of Information Act (FOIA) lawsuit—Perholtz vs. Ross—SSA in 1980 was required to make records of deceased Social Security numberholders available to the public; the result was the creation of the DMF, an extract of Numident data. Each DMF record usually includes the following: Social Security number (SSN), full name, date of birth, and date of death. SSA does not receive death information for all individuals, thus SSA does not guarantee the DMF’s completeness. A person’s absence from the file does not necessarily mean the person is alive.
SSA provides a “public” version of the DMF to the Department of Commerce’s National Technical Information Service (NTIS), which sells the data to public and private entities—government, financial, investigative, credit reporting, and medical customers. Those customers use the data to verify deaths and to prevent fraud, among other uses. The “public” DMF contains more than 88 million records.2
SSA also distributes a “public plus state” version of the DMF under agreements with nine benefit-paying Federal agencies, including the Centers for Medicare & Medicaid Services and the Internal Revenue Service.3 The “public plus state” DMF contains more than 100 million records.
The OIG has conducted significant audit work and made many recommendations related to the DMF to ensure that SSA improves the accuracy of its death data to make proper payments, and protects personally identifiable information and death data to prevent potential misuse.
Death Master File Accuracy
We recently issued a report that raises questions about the completeness of the DMF, which, as I mentioned, certain benefit-paying agencies and other public and private entities depend on to ensure payment accuracy and reduce fraud. As the report details, our auditors identified 6.5 million numberholders age 112 or older who did not have death information on the Numident.4 We initiated this review after a financial institution reported a man opened bank accounts with several different SSNs, two of which belonged to numberholders born in 1886 and 1893; while the numberholders were likely deceased, neither Numident record contained a date of death and, thus, the records would not appear on the DMF.
SSA issued a vast majority of these SSNs (about 6.4 million) to individuals—who had not previously been issued an SSN—when they or their family members filed benefit claims before 1972. They were likely born before SSA was established in 1935, had earnings and contributed to Social Security, and then needed an SSN so they, or their family members, could file a benefit claim. SSA did record dates of death on about 1.4 million of the numberholders’ payment records, but did not record the deaths on any of the numberholders’ Numident records, so they were not included on the DMF.
Almost all of the 6.5 million numberholders were, in fact, born before June, 1901, did not have recorded earnings, and did not receive payments from SSA, so these individuals were very likely deceased. Their absence from the DMF could result in erroneous payments made by Federal benefit-paying agencies that rely on the DMF to verify recipient eligibility, and it could also hinder State and local government and private industry—banks, insurance companies, and others—from identifying identity theft and other types of fraud.
Also, we matched the 6.5 million SSNs against SSA’s Earnings Suspense File (ESF)—the Agency’s repository for unmatched wage reports—and E-Verify—the Department of Homeland Security (DHS) program that determines if newly hired employees are authorized to work in the United States. The match identified thousands of instances of potential SSN misuse. For example, we determined that:
- SSA transferred to the ESF about $3.1 billion in earnings reported under about 67,000 of the SSNs, from tax years 2006 through 2011.
- SSA received 4,000 E-Verify inquiries using SSNs of about 3,900 numberholders, during calendar years 2008 through 2011.
We made several recommendations to SSA to update the records we identified and resolve these discrepancies. The Agency said it would explore the legal and technical feasibility, and the cost, to establish a process to update about 5 million Numident records identified without a death entry, by the end of FY15. However, SSA said updating the remaining 1.4 million Numident records, based on old payment record information, would be time-consuming, possibly lead to inaccurate Numident information, and detract from its ability complete other mission-critical work.
These 6.5 million numberholders might not receive Social Security payments, and overpayments might not occur, but their absence from the DMF represents a significant void in SSA’s death records.
It is equally important that appropriate controls protect living individuals who are mistakenly listed as deceased in SSA’s records, and ensure DMF accuracy. In a 2011 follow-up report, we examined whether SSA took corrective actions we made in a 2008 report on the DMF. In the 2008 report, we determined that, over a three-year period, SSA’s publication of the DMF had resulted in the potential exposure of personal information for more than 20,000 people who were erroneously listed as deceased.
At the time of the 2011 report, SSA did not implement two OIG recommendations:
- SSA did not attempt to limit the amount of data included on the DMF, citing the Perholtz consent judgment and potential litigation under FOIA. SSA added that a deceased individual does not have a privacy interest, according to FOIA.
- SSA did not implement a risk-based approach for distributing DMF information, so that the Agency could identify and correct erroneous death entries before releasing the records.
Since then, however, progress has been made to limit personally identifiable information on the DMF and ensure file accuracy. In November 2011, SSA removed the deceased’s last known state and zip code of residence from the public DMF. Also, the Bipartisan Budget Act of 2013 calls for Commerce’s NTIS to delay including an individual’s death information on the public DMF for three years after the death—to reduce potential instances of fraud and identity theft. NTIS, though, could “certify” certain entities and grant them immediate access to the public DMF, without delay, for legitimate anti-fraud or business purposes. Certified users could be audited periodically and fined or assessed other penalties if they’ve disclosed information inappropriately or misused the data. NTIS is currently finalizing the certification program for access to the public DMF.
According to SSA, there are fewer than 1,000 cases each month in which a living individual is mistakenly included on the DMF. SSA has said that when the Agency becomes aware it has posted a death report in error, SSA moves quickly to correct the situation, and the Agency has not found conclusive evidence of past data misuse attributed solely to these errors. However, we remain concerned about this issue, because erroneous death entries can lead to benefit termination—and government underpayments—and cause severe financial hardship and distress to affected individuals.
We have long believed that public DMF updates, some with SSNs belonging to living people, are a potential source of information that would be useful in perpetrating SSN misuse and identity theft. We are encouraged by the steps to limit certain personal data on death records and to delay the inclusion of death data on the public DMF; we believe these steps could mitigate the issues described.
The completeness and integrity of SSA’s death records can help reduce improper payments across the government; of course, we also believe the Agency must accurately process the death reports it receives to timely terminate payments to deceased beneficiaries and avoid overpayments. SSA receives about 2.5 million death reports each year from many sources, including family members and funeral homes. In addition, SSA obtains death information from other Federal agencies, including the Departments of Health and Human Services and Veterans Affairs (VA), as well as from State agencies. However, depending on the source of the death information, SSA must verify the accuracy of the death information before it can terminate benefits. SSA collects and processes death data through its Death, Alert, and Control Update System (DACUS) and is currently making enhancements to this system to improve its recordkeeping.
SSA also continues to work to expand the use of Electronic Death Registration (EDR). Under EDR, SSA verifies the deceased’s name and SSN with the State at the beginning of the death registration process, thereby allowing SSA to take immediate action on the deceased’s benefits without needing to verify the accuracy of the death report. Currently, 39 vital statistics jurisdictions—37 States, the District of Columbia, and New York City—out of 57 total, have implemented EDR.
We regularly review SSA’s progress in limiting improper payments to deceased individuals. In a 2013 report, we found SSA paid about $31 million to more than 1,500 beneficiaries that had death certificate information on the Numident, a reliable indicator the beneficiary was deceased. At the time, we recommended to SSA systems enhancements that could prevent these errors; SSA now matches its two payment databases against the Numident every month to process appropriate benefit terminations due to death, recover overpayments, and refer fraud allegations to the OIG. This is a high-priority issue, thus we conduct this type of audit every three to five years, with a focus on limiting improper payments to the deceased. In fact, we’ve planned a follow-up report to identify deceased beneficiaries with inconsistent death data on the Numident and SSA’s payment records.
Our auditors have also done innovative work to help the Agency reduce improper payments to the deceased. In 2012, we showed that a match of SSA and Medicare data could allow SSA to identify deceased beneficiaries based on their enrollment in, but non-usage of, Medicare. Based on an OIG recommendation, SSA recently established the Medicare Non-Utilization Project (MNUP) to exchange data with the Centers for Medicare & Medicaid Services to identify deceased beneficiaries, terminate benefits, and refer suspected fraud to the OIG.
Deceased Payee Fraud
Recently, our special agents have completed a significant number of investigations of individuals who have concealed a family member or other person’s death to collect the deceased’s Social Security benefits. Specifically, in FY14, we completed investigations on about 630 people who misused benefits intended for the deceased, and those investigations generated more than $55 million in recoveries, restitution, and projected savings to SSA.
This is a high investigative priority; these cases can lead to significant SSA recoveries and projected savings, and Federal prosecution efforts help deter others from committing this crime. SSA attempts to verify aged beneficiaries are still alive though the MNUP, as just described, and the Centenarian Project; when SSA can’t contact the beneficiary or has suspicions about the beneficiary’s whereabouts, the Agency refers the case to us for investigation.
- After receiving a MNUP referral from the Quincy, Massachusetts SSA office, we investigated Mary Murphy, whose mother, a Social Security widows’ beneficiary, died in October 1977. From November 1977 through December 2013, Murphy converted to her own use her mother’s Social Security and Federal civil service widow’s benefits. In October 2014, after Murphy, 63, pleaded guilty to government theft, a judge sentenced her to 18 months’ home confinement, and ordered her to repay $206,000 to SSA and $143,000 to the U.S. Office of Personnel Management, along with a $40,000 fine. Murphy made full restitution of about $350,000 at her sentencing.
- After receiving a Centenarian Project referral from the Phoenix, Arizona SSA office, we investigated Charles Linton, whose mother, a Social Security and VA beneficiary, died in February 1997. The investigation revealed Linton continued to receive and convert to his own use the government benefits intended for his deceased mother. In February 2015, after Linton, 68, pleaded guilty to government theft, a judge sentenced him to eight months in prison and ordered him to repay $205,000 to SSA and $22,000 to VA.
As I’ve described, complex issues surround the processing and utilization of SSA’s death records; however, it’s simple to see that, above all, SSA must strive to maintain complete and accurate death records, regardless of their use.
The OIG has done significant work and made many recommendations to help SSA ensure DMF accuracy and protect individuals’ personal information from fraud and abuse, with the ultimate goal of improving SSA’s and other Federal agencies’ payment accuracy. At the same time, we’re focused on pursuing deceased payee fraud—and developing tools to prevent this crime—to recover and prevent SSA overpayments.
We’ll continue to work with SSA and your Committee to address the issues discussed today. Thank you again for the invitation to participate in this discussion. I am happy to answer any questions.
 GAO, Opportunities to Reduce Fragmentation, Overlap, Duplication, and Improper Payments and Achieve Other Financial Benefits, March 2015.
 In November 2011, SSA changed the DMF records it provides to NTIS. The Social Security Act prohibits SSA from disclosing state death records the Agency receives through its contracts with the states, except in limited circumstances.
 This Committee recently voted out S. 614, the Federal Improper Payments Coordination Act of 2015, that would expand the availability of the Do Not Pay Initiative to include access to the databases States, their contractors, subcontractors, or agents of a State, and the Federal judicial and legislative branches.
 In September 2014, the Gerontology Research Group reported that 42 known living individuals worldwide reached age 112.
 The OIG completed deceased payee fraud investigations on 359 people in FY13, and 367 people in FY12.
 Through the Centenarian Project, SSA interviews beneficiaries who are at or near age 100, or the beneficiaries' representative payees, to verify the beneficiary is alive.