|
Chapter 6: Program Integrity
|
program
\ 3: a plan or system under which action may be taken toward
a goal [1]
integrity \ 1: firm adherence to a code of esp. moral or artistic
values: INCORRUPTIBILITY
2: an unimpaired condition: SOUNDNESS [2] |
he
American public depends on the Social Security Program administrators
to quickly and accurately provide benefits, properly record workers’
earnings, and effectively safeguard its benefit programs from
fraud, waste and abuse. Failure to do this would seriously
undermine the public’s confidence in government and its ability
to effectively administer programs and protect taxpayer dollars.
Social
Security has been one of the most successful programs ever undertaken
by the Federal Government. Since its inception, it has enjoyed
unprecedented public support. Yet the Agency found itself
in a peculiar situation in the early 1990s: a popular program
encased in an unpopular government.
As
a rule in 1993, public confidence in government was low when President
Clinton served his first term in office. The Social Security
Administration (SSA), then an Agency under the Department of Health
and Human Services, endured a similar lack of public confidence.
SSA was the subject of a barrage of reports and periodicals describing
problems such as lengthy delays in processing Federal disability
benefit claims; making payments to beneficiaries with addictions
to drugs and alcohol; perceived potential closings of field offices,
providing poor phone service; realizing a surge in disability
claims while downsizing its workforce; and issuing confusing letters
to its customers to name just a few.
The Government
Performance and Results Act of 1993 (GPRA), signed into law by
President Clinton on August 12, 1993, enabled SSA to reduce or
eliminate the problems mentioned above. The Act mandated
federal agencies submit long-range (at least five years) strategic
plans focusing on results, quality and customer service—outcomes
rather than outputs, effectiveness rather than efficiency.
Agencies were required to report to both the President and the
Congress on the degree to which strategic goals were met.
The overriding purpose of GPRA was to improve the Federal Government’s
performance.
The winds of
GPRA were blowing strong even before its enactment. Anticipating
both the new law and the arrival of the first confirmed Commissioner
of Social Security since independence, Acting Commissioner Lawrence
H. Thompson reviewed SSA’s planning processes to build on past
experiences and conform to the dictates of GPRA. On August
4, 1993, Mr. Thompson elicited the Executive Staff’s candid assessment
of both the planning and budgeting processes, and solicited their
specific recommendations on how SSA could improve these processes.
This “mid-course” review was seen as a critical “next step” to
meeting the growing external demands and expectations of the GPRA
statutes.
On September
11, 1993, President Clinton issued Executive Order 12862, which
directed public officials to revolutionize processes within the
Federal Government to provide service to the public that met or
exceeded the best service available in the private sector.
The Executive Order also supported GPRA by requiring each Federal
agency to publish a customer service plan, based on specific customer
service standards, by September 8, 1994. High performance
was paramount to restoring public confidence and maintaining Agency
integrity.
Shirley
Chater became the Commissioner of Social Security on October 8,
1993 accepting the monumental task of restoring the public’s faith
in the Agency using the provisions of GPRA and E.O. 12862.
The Commissioner’s strong support of strategic decision making
helped re-enforce the importance of planning.
Commissioner
Chater charged a workgroup to develop a plan to rebuild the confidence
of the American public in Social Security. The workgroup
was comprised of representatives from all of the Deputy Commissioners.
They analyzed data, recapitulated the major public confidence
issues, identified gaps in Agency knowledge, and recommended a
strategy for rebuilding public confidence in Social Security.
This strategy was called,“THE CHALLENGE OF CHANGE: Rebuilding
Public Confidence in Social Security.”
The
group focused on two major areas. The first was to document
confidence levels and determine the issues that drove confidence
down. The workgroup found that the low levels of confidence
cut across all demographic groups and also discovered that the
Agency needed to broaden its knowledge about the confidence of
its own employees.
The workgroup
discovered that there were a variety of reasons why people had
little confidence in Social Security. They generally fit
into the following seven broad categories:
1. Trust
fund insolvency [3] (“It won’t be there
for me.”);
2. Moneys
worth (“I could do better investing on my own.”);
3. The
role and significance of the trust funds (“The trust funds are
worthless IOUs.”);
4. Broken
promises (“Congress will change the rules by the time I retire
and I won’t get anything.”);
5. “Undeserving”
people getting benefits (“Drug addicts and immigrants are getting
money they don’t deserve.”);
6. Service
delivery issues (“I just get busy signals from the 800 number.”);
and,
7. General
distrust of government (“Government is wasteful and inefficient.”).
The second focal
area was the development of a short-range plan and a long-term
strategy to address the issues and rebuild confidence in the Agency.
The strategy included six specific objectives identified as follows:
1. Increase
the public’s knowledge about Social Security and counter existing
misinformation.[4]
2. Restore
the public’s confidence in the trust funds by restoring the long-range
actuarial balance of the trust funds.
3. Ensure that the Social
Security program is well designed and meets sound public policy
objectives.
4. Make
Social Security more responsive to public input.
5. Increase
the knowledge and understanding of SSA employees about the issues
confronting Social Security.
6. Reinvigorate
public affairs throughout SSA.
The workgroup presented its findings to the Commissioner approximately
one year after its inception. The findings equipped the
Commissioner with information that she used to begin steering
the organization out of a “sea of doubt” to an “ocean of assuredness.”
The course and speed of the Agency was about to change.
In January 1994,
the Commissioner revised the three Agency-level strategic goals
to the following:
·
Rebuild Public Confidence in Social Security
·
Provide World-Class Service
·
Create a Nurturing Environment for SSA Employees
In November 1998, the Agency’s ability to accomplish the first
two goals would be tested after the discovery of a 1978 computer
software design error by Agency employees. Approximately
426,000 beneficiaries were underpaid nearly $478 million.
The Agency braced itself for a deluge of inquires primarily from
the toll-free phone service lines, which already answered nearly
60 million calls per year. SSA quickly responded by assuring
the public that all of the money would be repaid within six months.
Although $478 million was a sizable sum, payments affected less
than one percent of SSA beneficiaries and were comparatively small
to the $325 billion in benefits paid by the Agency.
The Social Security Administration’s staffing decreased by approximately
20,000 employees or 17 percent for the ten-year period immediately
preceding the enactment of GPRA and issuing Executive Order 12862.
The Agency was expected to administer programs with reduced staffing,
do it better, and change its practices to restore organizational
integrity. Due to the changing demographics of its customer
base, workloads were increasing in volume and in complexity.
In the early to mid 1990s, disability claims became the fastest
growing workload in the Federal Government; disability claims
grew in excess of 70 percent. GPRA and the challenges of
Executive Orders 12862 and 12871 placed enormous demands on SSA.
In some regards, SSA was ill-equipped to execute actions to make
the necessary improvements defined by GPRA. It was evident
that major changes would have to be made.
In August 1994 the President signed legislation (H.R. 4277) establishing
SSA as an Independent Agency, with unanimous consent in the Senate
and House of Representatives. SSA became independent
on March 31, 1995, and this was a major step in restoring the
public’s confidence. The new Social Security Administration
was far more efficient, vigilant, and responsive. Commissioner
Chater reorganized and consolidated various planning elements
into a single component, the Office of Strategic Management (OSM),
responsible for strategic planning activities.
The Agency’s accountability
became more evident with the advent of Independent Agency.
Several components played key roles in assisting the Agency in
improving its stewardship and maintaining its integrity, which
were two major elements required in regaining the public’s confidence.
They were the Advisory Board, Office of Strategic Management (OSM),
Office of the Deputy Commissioner for Finance, Assessment and
Management (DCFAM), and Office of the Inspector General (OIG).
Kenneth S. Apfel
was sworn in as the Commissioner of Social Security on September
28, 1997. Under his leadership, there were a variety of
major accomplishments to safeguard the Agency’s integrity and
improve stewardship.
The Agency released
a comprehensive Disability Management Report that had four goals.
One goal was to safeguard the integrity of the disability program.
The Foster Care Independence Act was signed into law by the President
on December 14, 1999, giving the Commissioner greater power to
protect the trust funds through the use of electronic information.
Social Security’s FY 1999 Accountability Report included the first
GPRA Annual Performance Report. SSA was the first Agency
to publish the statutorily required report. Under Commissioner
Apfel’s leadership, the Agency established an Electronic Service
Delivery Project to explore among other things more cost effective
and secure means for providing service that would further move
the Agency toward achieving the expectations of GPRA.
Program integrity
was significantly improved through the combined initiatives of
SSA and OIG supported by legislation passed during the Clinton
Administration.
Stewardship
The
Social Security Independence and Program Improvements Act of 1994
established SSA’s own Office of the Inspector General. Until
a new SSA Inspector General (IG) could be nominated and confirmed,
the Department of Health and Human Services’ (HHS) IG, June Gibbs
Brown, was appointed to manage her office as well as the newly
established SSA OIG. The HHS’s OIG transferred 259 staff,
including three senior executive service positions, necessary
equipment and funding to create the office.
The OIG was
required by the Inspector General Act of 1978 (IG Act), as amended
to:
·
Conduct and supervise independent and objective audits
and investigations relating to Agency programs and operations.
·
Promote economy, effectiveness, and efficiency within the
Agency.
·
Prevent and detect fraud, waste, and abuse in Agency programs
and operations.
·
Review and make recommendations regarding existing and
proposed legislation and regulations relating to Agency programs
and operations.
·
Keep the Commissioner and the Congress fully and currently
informed of problems in Agency programs and operations.
·
Empower the IG with the independence to determine what
reviews to perform, access to all information necessary for the
reviews, and the authority to publish findings and recommendations
based on the reviews.
The SSA OIG’s mission
was to improve SSA programs and operations and protect them against
fraud, waste, and abuse by conducting independent and objective
audits, evaluations, and investigations. The IG provided
timely, useful, and reliable information and advice to Administration
officials, the Congress, and the public. The OIG proactively
sought new ways to prevent and deter fraud, waste, abuse, and
mismanagement. OIG committed itself to diversity, innovation,
integrity, and public service.
The mission of
the OIG was carried out through a nationwide network of offices
comprising the Offices of Audit (OA), Evaluation and Inspections,
and Investigations (OI). Staff in the Immediate Office of
the OIG supported these three components.
On June 28, 1995,
Commissioner Chater delegated to the IG the authority to implement
sections 1129 and 1140 of the Social Security Act. Civil
Monetary Penalties (CMP) were imposed against individuals and/or
entities who misused SSA symbols and emblems (section 1140), or
who made false statements and representations of material facts
for use in determining initial or continuing rights to Social
Security benefits or payments (section 1129). The first
set of rules was published in the Federal Register on November
27, 1995, which provided the foundation to get the program off
the ground.
The
Senate confirmed David C. Williams as Inspector General on December
22, 1995. As the new IG, he immediately implemented an aggressive
hiring program to build the investigative strength of the new
OIG. Budget allocations grew from $10.3 million in 1995
to $56 million in 1999 with staff nearly doubling. There
were enormous returns on investments. Experienced investigators
from other federal law enforcement agencies became integral members
of OIG. Their value to the Agency’s stewardship role was
apparent in the OIG reports released between 1995 and 2000.
AUDIT
AND EVALUATION RESULTS SINCE APRIL 1, 1995
|
FISCAL
YEAR
|
NUMBER
OF REPORTS ISSUED
|
QUESTIONED
COSTS
|
FUNDS
PUT TO BETTER USE
|
NUMBER
OF RECS.
|
NUMBER
OF RECS. IMPLEMENTED
CLOSED
|
1995*
|
12
|
$77,000
|
$35,000,000
|
88
|
61
|
1996
|
32
|
$363,358
|
$100,891,000
|
72
|
54
|
1997
|
54
|
$4,031,991
|
$699,500,000
|
225
|
124
|
1998
|
56
|
$14,661,078
|
$2,340,207,842
|
166
|
99
|
1999
|
60
|
$83,989,044
|
$519,716,442
|
219
|
34
|
2000**
|
27
|
$108,410
|
$170,516,955
|
62
|
9
|
TOTALS
|
241
|
$103,230,881
|
$3,865,832,239
|
832
|
381
|
*Reflects data from
April 1, 1995, through September 30, 1995.
**Reflects data
from October 1, 1999, through March 31, 2000.
The OIG received
2,236 complaints in FY 1995 from sources both within and outside
SSA. It opened 844 investigations, closed 679 cases, and
obtained 287 criminal convictions. It recovered almost $3.9
million through fines, judgements, restitution, and recoveries.
In addition, $35 million was saved through implemented recommendations
to put funds to better use.
The OIG conducted
a fraud vulnerability review during its first year of operation
to determine how to best use its limited resources to fight fraud,
waste, and abuse in SSA’s programs and operations. The review
identified areas in SSA’s operation that were most vulnerable
to fraud. Using this information and its experiences in
the first year of operation, OIG restructured to build upon its
original foundation and bring focus to its operations.
SSA has long delivered
service to the American public in a manner that fostered confidence
and trust in the quality of SSA programs and employees.
The SSA tradition of stewardship and responsibility to protection
of public information stemmed from its inception and was based
in its first regulation (Regulation 1), which established a high
standard for data protection. The IG’s reports included
information that the Agency used to enhance its performance and
solidify public trust.
The Clinton Administration
initiated great advances in technology, enhancements in information
sharing initiatives, and emergence of a strong Internet presence
throughout Government. This new environment offered many
advantages in improving SSA efficiency, public access, and employee
job enrichment via advanced technology.
Recognizing
that more online access created additional opportunities for abuse,
SSA took steps to implement formal sanctions for abuse of its
systems. In 1993, the Agency released the first formal set
of Security Guidelines for Administrative Action. SSA also
implemented an annual employee recertification process for systems
access that same year. The two transmittals provided guidance
to both employees and management regarding penalties for misuse
of information/system and included a requirement for management
to remind SSA employees of their responsibility to safeguard public
records.
In 1994, Commissioner
Shirley Chater issued the first memorandum to all employees that
addressed privacy of personal information in Agency files.
This memorandum re-emphasized employee responsibility to protect
all Agency personal data that was collected while carrying out
duties and reminded them of criminal and administrative penalties
if breached. It addressed details of inappropriate use or
disclosure of information and gave employees two methods of reporting
abuses and concerns along with an option of anonymity.
Throughout
the mid to late 1990s, SSA made great strides in expanding its
systems network, moving to a sophisticated client-server environment
and greatly expanding information exchange activity and data sharing
with many more trading partners. It also saw a great metamorphosis
in the way field office and other operating components had to
address its customers. Paperless processing and “one stop”
shopping were prevalent themes. This was also the era of
“zero tolerance” for fraud.
On June 22,
1998, SSA’s Commissioner Kenneth Apfel released Administrative
Penalties for Computer System Access Violations. This
replaced the 1993 guidelines. A set of uniform sanctions
entitled Sanctions for Unauthorized System Access Violations
was established to ensure SSA computer systems violations were
treated consistently. Three categories were established
with the severity of penalty based upon the nature of the violation.
Employees were also requested to sign acknowledgements indicating
that they had read and understood the sanctions and whether they
had current access to the computer systems or not. The sanctions
were revised in a memorandum on March 2, 2000, after concerns
were raised about Category II. This category was defined
as the unauthorized access of a record with disclosure to an unauthorized
source that does not involve personal or monetary gain and was
not made with malicious intent. The reservation raised about
Category II involved the fact it did not distinguish between disclosure
of data to a person who was otherwise entitled to the information
and the more serious violation of disclosure of information to
a person who was not entitled to the information. The Commissioner
listened to those legitimate concerns and decided to revise Category
II to acknowledge the difference between the two actions.
Changes were also made clarifying language in the other categories
as well. It cited laws and guidelines requiring that Social
Security to maintain proper security of all Automated Information
Systems (AIS) resources, including data.
During
the Clinton Administration, SSA Commissioners and IGs oversaw
major initiatives related to privacy and protection of information.
To maintain the confidence and trust of the American people regarding
Social Security programs and records, the Agency made significant
improvements in mechanisms and policies to enforce proper access
and aggressively address any misuse of Agency records.
There were a number
of initiatives that began in 1996. The OIG established the
Office of Management Services to provide support to its operations
by providing human resources, budget, and a variety of other resource
management needs. This office also hosted the November 25,
1996 ribbon cutting ceremony launching the operation of the SSA
Fraud Hotline. The Hotline served as the avenue for reporting
allegations of fraud, waste, and abuse for SSA employees; other
Federal, State, and local government agencies; and members of
the general public.
In
addition, during 1996, the Office of Evaluations and Inspections
merged with OA to create a nationwide capability to conduct both
formal audits and evaluations. Combining the knowledge,
skills, and abilities of auditors and evaluators enabled the OIG
to focus on identifying and recommending ways to prevent and minimize
program fraud and inefficiency, rather than detecting problems
after they occurred. This approach helped the Agency save
millions of dollars. After this consolidation, OIG moved
away from the traditional “regional” structure to “issue” area
teams that provided centers of expertise in each of SSA’s program
areas.
The OIG also created
the Office of the Counsel to the Inspector General (OCIG) in 1996.
Its primary purpose was to provide legal advice and counsel to
the IG and senior staff on statutes, regulations, legislation,
and policy directives governing the administration of SSA’s programs.
The office was also established to provide legal advice pertaining
to investigative procedures and techniques, as well as conclusions
drawn from audit and investigative activities. The OCIG
also assumed responsibility for administering the delegated Civil
Monetary Penalty (CMP) program for the OIG. The OCIG worked
diligently to publish final rules and regulations to build the
initial infrastructure to launch this program. Two sets
of rules were published in the Federal Register.
The publishing dates were April 24, 1996 and December 13, 1996.
The
Agency and the OIG established a unique partnership through the
National and Regional Anti-Fraud Committees to jointly combine
efforts and forces in a seamless attack on fraud, waste, and abuse
as part of the Agency’s “Zero Tolerance for Fraud” campaign.
These committees brought together OIG’s investigative experience
and SSA’s program expertise to identify and prevent fraud in SSA’s
program.
In 1996, the OA
also initiated the Payment Accuracy Task Force, which was another
cooperative effort with SSA that focused on enhancing the Agency’s
processes to improve the accuracy of its payments. The smallest
percentages of error represented large costs to the Agency and
the trust funds that it stewarded. The OIG aimed to set
a high standard for government excellence at SSA through cooperative
efforts.
The OIG established
the Joint Field Operations Program that was staffed with highly
experienced investigators who drew on their experience and established
contacts to focus on significant fraud and enumeration violations
against SSA. The Office of Investigations (OI) also established
a Strategic Enforcement Division to conduct studies of emerging
criminal trends and look for the best ways SSA and OIG could prevent
and detect fraud.
In 1997, the IG
established the Office of Operations to serve as the focal point
for the OIG’s strategic planning, the Congressional liaison, and
public affairs activities. The OIG added the Enforcement
Operations Division at Headquarters to oversee the day-to-day
field activities and created the Special Inquiries Division to
handle sensitive investigations into allegations of wrongdoing
by senior SSA officials.
The OIG implemented
an initiative to ensure readiness to combat “electronic crimes.”
The Electronic Crimes Team was created to institutionalize the
investigative capability to conduct computer forensic examinations,
recover evidence in an electronic environment, and to provide
expertise and training to OIG investigators across the nation.
As SSA began to explore the expansion of on-line access to services,
OIG needed to ensure that it was prepared to identify and address
exploitation of SSA’s systems and electronic services.
The National Anti-Fraud
Committee held its first National Anti-Fraud Conference from September
8 through 12, 1997 at SSA Headquarters. The theme of the
conference was “New Approaches in a New Environment.”
Over 450 SSA employees from central office and the field attended
the conference. Representatives from State Disability Determination
Services (DDS) units and the General Accounting Office (GAO) attended.
The conference featured discussions on new investigative approaches
and technology and systems issues. Acting Commissioner John
Callahan, Acting Principal Deputy Commissioner John Dyer, and
Inspector General David Williams participated in the conference
and spoke to the attendees.
The year 1998 marked
the start of large-scale investigative projects designed to address
major problems facing SSA in the administration of its programs.
Three of the most notable operations that had major impacts on
OIG’s successes were Operation Contender, Operation Border Vigil,
and Operation Water Witch.
OIG’s
work in this area focused on individuals who filed false claims
or program participants who defrauded the program by making false
statements or by overtly concealing factors that affected their
initial or continuing eligibility or entitlement for payments.
OIG joined with SSA’s Office of Disability and established CDI
teams in Georgia, Louisiana, Illinois, New York, and California.
These teams were composed of OIG Special Agents and State law
enforcement officers, as well as SSA and State DDS claims professionals.
The DDS referred suspicious cases to the team, which in turn collected
evidence to verify or refute the suspicion. If the team
confirmed that the claim was fraudulent, the DDS was notified
and it either denied the application or stopped benefits.
Operation
Border Vigil’s purpose was to focus on a major vulnerability in
SSA-administered programs. The IG initiated a variety of
projects under this operation across the country to identify Supplemental
Security Income (SSI) recipients receiving payments based on fraudulent
statements regarding residency as well as other eligibility factors
such as citizenship, alien residency status, age, income, and
resources. The OIG also participated in International Integrity
Projects with SSA’s Office of International Operation to define
problems inherent to the distribution of benefits to individuals
living in foreign countries and to develop strategies that addressed
the issues.
Operation Water
Witch was initiated to implement provisions of the Personal Responsibility
and Work Opportunity Reconciliation Act of 1996. A recipient
became ineligible for SSI benefits during any month that the recipient
fled to avoid prosecution for a felony or fled to avoid custody
or confinement after conviction of a felony. Through localized
and manual processes, OIG Special Agents identified SSI recipients
who were fugitives and notified the warrant issuing agency and
the SSA that the individual was ineligible for benefits.
SSA stopped payments, determined if the individual was overpaid,
and initiated collection activities.
Recognizing that
the operation would be more effective and efficient through the
use of computer matching, OIG negotiated with the Federal Bureau
of Investigation (FBI), the U.S. Marshals Service, and the National
Crime Information Center to establish computer-matching agreements.
By July 1, 1998, there were formalized investigative plans in
all 50 States to establish points of contact and define mechanisms
through which SSA and the State could exchange computer-matching
data.
The IG abolished
the Office of Operations, folded its functions into the Office
of Management Services, and established a new Office of External
Affairs in 1998. The Office of External Affairs assumed
responsibility for the OIG’s Congressional and Public Affairs
Program, the newly established quality assurance function, and
the conduct of OIG employee investigations. The Quality
Assurance Team performed internal reviews to ensure that OIG offices
held themselves to the same rigorous standards that were expected
from SSA. The Public Affairs Team communicated OIG’s planned
and current activities and their results to the Commissioner and
Congress as well as other entities.
The SSA Fraud Hotline
was moved from the Office of Management Services in 1998 to the
OI under a new division called the Allegation Management Division.
The move allowed investigators to more closely manage the incoming
allegations and apply their investigative expertise to gain more
efficiency in the Hotline operation. In FY 1998, the Hotline
staff processed nearly 30,000 allegations, which was a significant
increase from the 4,106 allegations in FY 1996. To keep
pace with the growing number of allegations received, the Principal
Deputy Commissioner agreed to increase the SSA Fraud Hotline’s
staffing levels in the next year.
On July 30, 1998,
IG Williams was officially nominated to be the Inspector General
at the Department of the Treasury. Immediately upon his
departure, the Deputy IG, James G. Huse, Jr. became the Acting
IG.
There were several
major changes in OIG’s organization in 1999. The OI reorganized
its Headquarters divisions, abolished the Special Inquiries Division,
and created the Manpower and Administration Division to provide
necessary resource, administrative, and technical guidance to
its field divisions. Also, in response to the Presidential
Decision Directives 62 (Terrorism), 63 (Critical Infrastructure
Protection), and 67 (Continuity of Government), the OIG established
the Critical Infrastructure Division (CID) within the Office of
Investigations. The CID worked with SSA’s System Security
Officers and representatives from SSA’s National Computer Center
to define and administer an intrusion response program that included
OIG notification and investigation, if warranted. The division
assumed responsibility for operating the Electronic Crimes Team
that was created in 1997.
OIG also merged
the Office of External Affairs and the Office of Management Services
to create the Office of Executive Operations. This component
was responsible for a broad range of activities including communicating
the results of OIG’s work to external stakeholders and providing
the internal administrative support for all OIG activities.
This office supported the budget, human resources, systems, public
affairs, and quality assurance infrastructure for the entire OIG.
In March 1999,
OIG held the Grand Opening for a newly expanded Fraud Hotline
that had increased in staffing to four times its 1998 size.
The Hotline was relocated to a new state-of-the-art facility and
it processed nearly 75,000 allegations representing a 150 percent
increase in productivity from FY 1998.
On July 28, 1999,
President Clinton submitted James G. Huse, Jr.’s nomination to
the Senate to become the second IG of SSA. On November 10,
1999, the Senate confirmed Mr. Huse’s nomination and on November
22, 1999, in a ceremony in Baltimore, Maryland, Mr. Huse was sworn
into office.
Late in 1998, the
Congress passed the Identity Theft and Assumption Deterrence Act
of 1998 (P.L. 105-318). This Act, commonly called the Identity
Theft Act, acknowledged that the Social Security Number (SSN)
was a means of identifying an individual. This legislation
empowered law enforcement authorities to arrest, prosecute, and
convict individuals who fraudulently used another person’s SSN
to create a false identity. The law also charged the Federal
Trade Commission (FTC) with establishing a centralized identity
theft complaint database and providing informational material
on identity theft to complainants. In addition, the FTC
could refer identity theft allegations to appropriate Federal,
State, or local law enforcement agencies, as well as to the three
major credit bureaus. Since SSN misuse accounts for over
half of the complaints to the Fraud Hotline, OIG aggressively
began partnering with other Federal and
State organizations to reduce the incidents and impact of these
crimes and maximize its resources.
To proactively
address identity theft, OIG participated in a long list of activities
that included working with the Federal Trade Commission (FTC)
to develop government-wide educational material, reviewing and
providing input on FTC’s proposed identity theft complaint form,
became of member of the Identity Theft Subcommittee of the Law
Enforcement Initiatives Committee and the Attorney General’s Council
on White-Collar Crime, published an article entitled Social
Security Number Misuse and Identity Theft for the FTC’s Summer
1999 issue of Fraudbusters! Magazine, met with U.S. Sentencing
Commission representatives to discuss sentencing guidelines for
individuals convicted of identity theft, and launched SSN misuse
pilot projects in five cities across the Nation. Investigators
provided the lead in working with various Federal and State agencies
on SSN misuse allegations referred to OIG and developed a referral
system that allowed for the automated transfer of data between
the FTC and the OIG Hotline.
The OCIG was instrumental
in the prosecution of individuals guilty of violating section
1140 of the Social Security Act. The Federal Records Service
Corporation (FRSC) sent out approximately 2.2 million solicitations
each year that targeted new brides and new mothers with deceptive
advertisements. The direct mail solicitations to consumers
appeared to be from, or endorsed by, SSA. For a $15 service
fee, they offered to process SSA’s application forms for name
changes and newborns’ SSNs. SSA provided assistance in filling
out these forms free of charge. OCIG collaborated with investigators,
SSA’s Office of the General Counsel, and the Department of Justice
to obtain a preliminary injunction and negotiate a favorable settlement
of this case. Under the terms of the settlement, FRSC was
dissolved and the first two defendants were ordered to pay penalties
of $845,000 to the Social Security Trust Fund. Overall,
all the defendants agreed to pay over $1 million total to the
Social Security Trust Fund.
The success and
preventive nature of the CDI teams in the five pilot locations
caused SSA and OIG to add additional teams in Missouri, Oregon,
and Texas. The Fugitive Felon Project, under the former
Operation Water Witch, experienced a 287 percent increase in the
number of fugitives identified after implementing one electronic
data match with one State.
In FY 1999, OIG received 74,360 complaints, opened 9,238 investigations,
and closed 7,308 cases. OIG obtained 3,139 criminal convictions
and recovered over $213 million through fines, judgements, restitution,
and recoveries. In addition, over $519 million was saved
through implemented recommendations to put funds to better use.
OIG had an uneventful transition into the new millennium,
primarily due to the diligence of SSA’s systems staff, its own
CID staff, and systems support staff. The
year 2000 began with a Congressional and media focus on the issue
of representative payees, resulting from one of OIG’s recent investigations
involving a representative payee serving over 140 disabled individuals
who had embezzled over $300,000 in a 4-year period.
To
assist the Agency in addressing this area, the IG committed auditors
to performing independent on-site audits of a limited number of
representative payees.
These audits enabled the Agency to identify problem
areas that needed to be addressed to ensure that beneficiaries’
benefits were being soundly managed. The
IG also opened three more CDI teams in New Jersey, Virginia, and
Florida. By
the end of FY 2000, eleven teams were expected to be operational.
OIG
continued its activities in the SSN misuse and identity theft
arena.
It
needed to ensure that the office was equipped with the necessary
tools and resources to address the flood of complaints that it
anticipated from the Hotline and the FTC.
The
OIG participated in two key events that brought the private and
public sectors together to discuss efforts to address identity
theft. The
first of these events was the Canadian Identity Fraud Workshop
held in Toronto in February 2000. The
OIG gave a presentation to Government representatives from Canada,
Australia, and the United Kingdom on identity theft in the United
States.
It also participated in round table discussions
with representatives from other Nations to identify common problems
and possible remedies.
The
second event, the National Identity Theft Summit, held in March
2000, was hosted by the Department of the Treasury in Washington,
D.C. and incorporated five panels to discuss victim issues, prevention
measures, and short-term remedies for both the private sector
and governmental agencies.
The
OIG co-coordinated the prevention panel, which the IG moderated.
This panel was designed to give the attendees ideas
and suggestions on how to prevent identity theft.
To
further its fight, OIG proposed to the Congress and SSA that they
expand the CMP program to include SSN misuse and identity theft
penalties for those cases that were not accepted by the U.S. Attorney’s
Office for prosecution. The
OIG detailed a lawyer to the Department of Justice to assist in
the prosecution of SSN misuse and identity theft cases.
From October 1,
1999 through March 31, 2000, the OIG received 44,944 complaints,
opened 4,277 investigations, and closed 4,069 cases. It
obtained 1,169 criminal convictions and recovered over $122 million
through fines, judgements, restitution, and recoveries.
In addition, over $170 million was saved through implemented recommendations
to put funds to better use. The IG testified before House
and Senate Committees on ten occasions from March 7, 2000 through
September 12, 2000.
The IG was in continuous
dialogue with Congressional committees that sought legislative
remedies to strengthen SSA programs and to provide the investigative
tools to prevent, identify, and deter criminal activity and assist
the Agency in maintaining its integrity. The chart below
provides return on investment information for the SSA OIG since
its inception. It’s only one indicator of the successes
of the Office of the Inspector General.
FISCAL
YEAR
|
BUDGET
ALLOCATION
|
OIG
MONETARY ACCOMPLISHMENTS
|
RETURN
ON INVESTMENT
|
1995*
|
|
$38,970,360
|
4-1
|
1996
|
$25,800,000
|
$124,022,730
|
5-1
|
1997
|
$37,400,000
|
$767,463,244
|
20-1
|
1998
|
$49,200,000
|
$2,449,093,495
|
49-1
|
1999
|
$56,000,000
|
$817,661,342
|
14-1
|
*Reflects
data from April 1, 1995 through September 30, 1995.
Each
component of the OIG was dedicated to advancing SSA’s goal to
make SSA program management the best in business, with zero tolerance
for fraud and abuse.
Fraud
Initiatives/Program Integrity
SSA has always taken
its stewardship role very seriously. The American public
rightfully expects SSA to be vigilant stewards of its tax dollars.
In fulfilling its mission “to promote the economic security of
the nation’s people through compassionate and vigilant leadership
in shaping and managing America’s Social Security programs,” SSA
believed that fraud and abuse were unacceptable at any level and
operated to reflect its belief.
The potential for
deliberate acts of deception exists in all government programs.
While SSA had not found widespread fraud in its programs, any
level of fraud was a source of concern. Independent Agency
status allowed SSA to take steps to expand and strengthen the
OIG by providing additional investigative resources for combating
fraud. One goal of the Agency was to continue to increase
its attention to deterring fraudulent activities and bringing
to justice those who committed fraud, whether members of the public
or SSA employees. To accomplish this goal, SSA established
three major objectives:
·
Change programs, systems, and operations to reduce instances
of fraud;
·
Eliminate wasteful practices that erode public confidence
in SSA; and,
·
Prosecute vigorously those who damage the integrity of
SSA’s programs.
Initially developed in 1996, SSA and OIG devised a comprehensive
key initiative tactical plan to strengthen the public trust and
confidence in SSA and to assure the highest level of integrity
in SSA programs. The tactical plan reflected broad, Agency-wide
participation with initiatives identified at a grassroots level
throughout the Agency. A principal part of this tactical
plan initiative was the creation of a National Anti-Fraud Committee
whose function was to oversee, direct and support the Agency’s
anti-fraud plans and activities. The National Committee
was comprised of SSA senior staff and co-chaired by the Deputy
Commissioner for Finance, Assessment and Management and SSA’s
Inspector General.
In addition to developing its own anti-fraud initiatives, the
National Committee oversaw and supported Regional Anti-Fraud Committees,
which were established to coordinate anti-fraud strategies in
each of SSA’s ten regions. The Regional Committees included
Regional Commissioners, other Senior SSA and OIG staff, as well
as managers of SSA Field Offices.
The National Anti-Fraud Committee fully supported the SSA/OIG
Combating Fraud key initiative tactical plan. The tactical
plan initiatives were designed to provide stewardship and oversight
consistent with increased public confidence, while aggressively
deterring and detecting fraud. The Agency was very mindful
that reports of fraud, waste, or abuse would trigger public perceptions
that SSA was not efficient or that it did not make the best use
of tax payer dollars.
Four Regional or National Anti-Fraud Conferences were held from
September 1997 through May 1999. These conferences provided
a forum to discuss new ideas, as well as existing initiatives.
Since 1997, SSA has published the Annual Report to Employees
on Anti-Fraud Initiatives to inform employees about the Agency’s
anti-fraud efforts and to generate new ideas and recommendations.
Perhaps the Agency’s biggest contributors to its anti-fraud efforts
were the employees in SSA’s 1,300 field offices whose commitment
to maintaining the integrity of the Social Security programs was
unswerving. It was often field office and DDS employees
who uncovered fraudulent schemes. These employees were the
biggest assets in the Agency’s fight against fraud. SSA
was committed to continue training them in anti-fraud practices
and seeking additional tools to make their anti-fraud commitment
easier and more effective.
Components partnered in a number of initiatives
to capitalize on the skills of staff and to make the most of limited
resources.
The
OIG believed that a
constant flow of information among its auditors, investigators,
and attorneys was critical to the success of improving SSA program
integrity. The Agency and OIG also
worked with other Federal and State agencies on a number of initiatives.
Employee
Fraud
Although the vast
majority of SSA’s 65,000 employees were proven trustworthy and
dedicated civil servants, a few corrupt employees could compromise
the integrity of the Social Security system and undermine the
public’s confidence in the Agency’s programs. Because of
this, the detection of employee fraud was an investigative priority.
The OI provided
the lead in a cooperative effort with various financial institutions
to uncover a scheme where SSA employees provided private information
from SSA’s databases to outside individuals. The individuals
used the information to activate stolen credit cards. Since
the project’s inception in 1998 to March 31, 2000, the OI identified
12 SSA employees involved in the activities and $1.4 million in
fraud loss to financial institutions.
Service
Provider Fraud
SSA appoints representative
payees for individuals who are unable to manage their own funds.
While the vast majority fulfilled their roles, there were some
representative payees who misused the benefits of their clients.
The Agency and the IG were committed to detecting and punishing
individuals who committed this type of fraud as well as identifying
ways for SSA to improve its oversight of representative payees.
The OIG audit work
identified two major challenges
facing SSA concerning the Representative Payee Program.
They
were the processes of selection and monitoring of representative
payees.
When SSA determined a beneficiary
was “incapable of” or “prohibited from” managing their benefits,
SSA screened and selected a suitable representative payee.
The Agency used a preferred list to initiate a search for a suitable
representative payee. SSA generally preferred to appoint
relatives as representative payees rather than friends or other
third parties.
SSA interviewed
and “investigated” prospective representative payees to determine
their suitability. It was not a formal investigation, but
rather a means to conduct an SSA records verification. Some
of the documents that SSA reviewed were drivers’ licenses, state
identification cards, bankbooks, and credit cards. The Agency
generally did not verify the accuracy of the information presented
unless it had a reason to question the applicant’s suitability.
The Agency verified that the prospective representative payee
had not been convicted of a felony against Social Security programs.
For
organizational payees, SSA verified the Employer Identification
Number (EIN) of the representative payee by comparing the EIN
on the representative payee application to the EIN on SSA’s records.
SSA did not perform credit or security background checks on prospective
individual or organizational payees to determine if they had financial
problems, bad credit, or if individuals or employees of the organization
were convicted of any other felony.
The Agency had
safeguards in place to ensure that representative payees did not
misuse benefits. The safeguards included requiring an annual
accounting report from all representative payees for each individual
under their care and performing on-site reviews of representative
payees.
The
OIG’s December 1996 report entitled Monitoring
Representative Payee Performance: Nonresponding Payees
identified several problems with representative payees who did
not provide these annual accounting reports.
The
IG recommended that SSA determine why representative payees did
not complete and return accounting reports and determine whether
SSA staff were properly processing systems-generated alerts for
payees who did not respond.
SSA
responded by proposing to conduct Quick Response checks when representative
payees did not
return the reports.
On-site
reviews were visits with the representative payee or the administrators
of organizations and consisted of an examination of the accounting
records and interviews with beneficiaries to determine if their
needs were being met or if they were experiencing any problems.
While
the reviews may not have uncovered all instances of representative
payee abuse, the Agency believed the reviews provided a deterrent
effect for those who were prone to commit this type of fraud,
especially of those representative payees who did not submit the
annual accounting form.
In a March 1997
evaluation report entitled Monitoring Representative Payee
Performance: Roll-Up Report, the IG recommended that SSA conduct
a more thorough screening of potential representative payees.
As a result, SSA proposed legislation that would require
non-governmental organizational representative payees to be both
bonded and licensed, providing that licensing was available in
the State.
The
Congress later introduced the proposal.
The
March 1997 report also included recommendations for SSA to conduct
periodic reviews of selected payees and change the focus of the
current process from accounting to
monitoring and compliance.
By
focusing on compliance issues, SSA could learn in a timely manner
whether or not a problem existed. The
Agency embarked upon actions intended to address various aspects
of its representative payee monitoring and oversight.
SSI
Eligibility Project
SSA partnered with
OI in 1998 in an SSI Eligibility Project that was designed to
determine the extent of violations concerning eligibility requirements
for the SSI program. Staff mailed questionnaires to a sample
of recipients, and if they were not answered, face-to-face interviews
were requested. Within a short amount of time, it became
clear that certain individuals had given false information to
SSA about their residence status in order to make them eligible
for SSI payments. In addition, others were identified who,
after having been declared eligible for SSI, returned to their
country of origin and continued to receive SSI payments.
The
Office of Audit (OA) conducted a review, The Adequacy of the
Residency Verification Process for the Supplemental Security Income
Program, to determine the adequacy of the process used in
the project. The review also determined if SSA provided
the proper guidance to field offices to verify that recipients
were U.S. residents. OA recommended that SSA revise its
procedures to provide for expanded residency development.
Because of the
success of these investigations OIG collaborated with SSA’s New
York Regional Office, New York City, and New York State officials
to identify SSI recipients who obtained payments illegally or
contrary to regulations. Perhaps more importantly, it was
determined that this method could be used to identify both suspect
SSI and Old-Age, Survivors and Disability Insurance claims at
foreign sites and other U.S. locations.
SSN
Misuse
Because
SSN misuse can strike at the core of SSA’s programs and operations,
the OIG knew that misuse would be one of its major workloads.
One of OIG’s first reports issued as the new SSA OIG dealt with
the effectiveness of computer profiling to detect suspected fraudulent
enumeration and claims activity. Other reviews conducted
revealed some alarming trends and issues related to SSN misuse.
OIG recommended actions that would strengthen SSA’s enumeration
process and help to prevent SSN misuse.
One
of those reviews, Using Social Security Numbers to Commit Fraud,
documented vulnerabilities in SSA’s enumeration process and highlighted
several SSN fraud cases that OIG investigated and referred to
the Department of Justice for prosecution. In the report,
three recommendations were made: 1) SSA should incorporate
preventive controls in its Modernized Enumeration System; 2) SSA
should require verification from the issuing State when an out-of-state
birth certificate was presented as evidence for an SSN application;
and 3) SSA should continue its efforts to have the Immigration
and Naturalization Service (INS) and the State Department (DOS)
collect and verify enumeration information for aliens.
Better overall
governmental efficiencies and savings were expected to flow from
the new streamlined process. Prior to the new process, legal
non-citizens had to apply for Social Security cards at SSA offices,
where they were required to furnish virtually the same information
they gave to DOS and INS for immigration purposes. Assigning
SSNs based on information collected by DOS or INS would save the
individuals the additional trip to SSA and only require them to
give the information once.
Over
the years, the Agency tightened its SSN policies and instituted
different procedures and systems checks to prevent fraudulent
documents from being used to obtain SSNs and SSN cards.
Essential to the Agency’s ultimate goal to prevent fraud was ending
its dependence on documents that might have been forged or misused
by the dishonest in an attempt to acquire an SSN.
The Agency’s prior
efforts to prevent the use of fraudulent documents to obtain SSNs
included:
·
Instructions for SSA employees on examining documents submitted
as evidence for an SSN (i.e., proof of age, identity, and U.S.
citizenship or alien status).
·
An SSA system that tracked applications for SSN cards submitted
with “suspect” or “fraudulent” documents. This capability
prevented an individual with fraudulent documents from “shopping
around” for an SSA office which might accept them. It interrupted
the issuance of an SSN card pending further investigation by the
SSA office.
·
SSA used the INS Systematic Alien Verification for Entitlements
(SAVE) program to verify every INS document presented with an
application for an SSN card except for documents from aliens who
have not been in the country long enough for information to be
available through SAVE.
The
Agency’s Comprehensive Integrity Review Process alerted field
offices when multiple Social Security cards were sent to the same
address over a short period. The offices then investigated
to determine whether the alerts reflected any fraudulent activity.
The
Enumeration at Entry initiative proceeded with a phased in approach:
Phase
1: The DOS will collect enumeration data for
immigrants along with visa information and forward it to the INS
that will, in turn, forward the data to SSA;
Phase
2: INS will forward to SSA the enumeration data
collected from aliens changing from nonimmigrant alien status
to permanent residents; and
Phase
3: INS will forward to SSA enumeration data
collected from aliens applying for permission to work and issued
employment authorization documents (EAD).
The
Enumeration at Entry initiative would provide a better overall
enumeration process for non-citizens, deter the use of fraudulent
documents, and allow applications for SSNs as part of the immigration
process.
The
following chronology details activity on the non-citizen enumeration
process:
1991
SSA wrote to INS requesting INS explore with SSA new ways to enumerate
non-citizens. SSA and INS met to discuss new ways to enumerate
non-citizens.
INS
informed SSA that it could not assist SSA then in enumerating
aliens because of higher priorities and operational considerations.
1994
SSA and INS reopened discussions on exploring new ways to enumerate
non-citizens.
1996
SSA and DOS signed a memorandum of understanding for DOS to collect
enumeration information for immigrants as part of the immigration
process.
1997
Proposed rule published to permit the DOS and INS to collect information
needed to assign SSNs to aliens.
1998
Final rule published to permit the DOS and INS to collect information
needed to assign SSNs to aliens.
In
addition to the complexity of coordinating this initiative with
three agencies, two separate pieces of legislation (the Illegal
Immigration Reform and Immigrant Responsibility Act of 1996 and
the Taxpayer Relief Act of 1997) required INS and
SSA to temporarily set aside work on the Enumeration at Entry
effort.
The
INS set aside its review of the draft memorandum of understanding
(MOU) received in June 1996 to focus on implementing the requirements
of the 1996 immigration reform legislation (enacted in September
1996). The INS completed its review of the MOU in June 1997
and returned it to SSA with minor comments.
SSA
began revising the MOU to incorporate the INS comments but put
it aside when the tax legislation passed in August 1997.
That legislation required SSA to collect additional information
when assigning Social Security numbers to children for income
tax purposes. As a result, SSA decided to limit the collection
of enumeration information to adults (individuals age 18 and over)
only for the Enumeration at Entry initiative.
The
Agency revised the MOU and returned it to INS in March 1998.
Because of high workloads and other priorities, the INS did not
complete its review of the revised MOU until July 2000.
SSA, INS, and DOS began meeting in July 2000 to discuss final
MOU language.
In
a report related to one of the new OIG’s first reports, Analysis
of Social Security Number Misuse Allegations Made to the Social
Security Administration Fraud Hotline, OIG identified the
different types of SSN misuse allegations and estimated the number
of occurrences for each category during the period of review.
The analysis showed that the sampled OIG Hotline allegations could
be placed in five categories: identity verification; sales
solicitation; loss of SSN card; problems with the SSN; and identity
theft. About 81 percent of the SSN misuse allegations the
Hotline received related directly to identity theft.
In
an effort to prevent program-related SSN misuse, OIG conducted
work that considered the possibility of SSA using biometrics technologies.
The report, Social Security Administration is Pursuing Matching
Agreements with New York and Other States Using Biometrics Technologies,
outlined the possible benefits to SSA of pursuing matching agreements
with States that have employed biometrics technologies to combat
fraud and identify ineligible recipients for social service programs.
OIG believed that SSA could use the results of New York State’s
biometrics program to identify individuals who were improperly
receiving benefits, thereby reducing and/or recovering any improper
benefit payments.
Foreign
Anti-Fraud Activities
In keeping with the
Agency objective of “zero tolerance for fraud,” SSA maintained
a vigorous schedule of foreign validation surveys during which
beneficiaries’ entitlement and continuing eligibility were re-checked
and their existence and identity were verified by personal interview
in their homes. Seventeen surveys were conducted from January
1993 to August 2000. The countries surveyed were Mexico,
Hungary, Dominican Republic, Philippines, Jamaica, Ecuador, Argentina,
Yemen, Costa Rica, Panama, Canada, Poland, Trinidad and Tobago,
Portugal, Spain, Italy, and France.
In addition, SSA
greatly increased the number of special contact programs and verification
projects where validation surveys or other information indicated
a potential problem. In fiscal year 1999 alone, over 20
special integrity studies were initiated. These studies
were conducted by the RFBOs and Foreign Service Post (FSP) personnel
and generally designed to uncover unreported deaths or other payment
eligibility irregularities.
On December
14, 1999, President Clinton signed H.R. 3443, the Foster Care
Independence Act. The act included provisions that strengthened
the Agency’s abilities to recover overpayments, prevent and combat
fraud, protect beneficiaries from unscrupulous representatives
and health care providers, and provide better service to SSA customers.
The act made
representative payees of beneficiaries liable for OASDI or SSI
overpayments caused by payments made to a beneficiary who had
died and required the Agency to establish the overpayment on the
representative payee’s SSN. It extended to the SSI program
all of the debt collection authorities that were presently available
for collection of overpayments under the OASDI program and included
procedures for imposing penalties for making false or misleading
statements that would be used for determining eligibility. The
act also helped protect beneficiaries by barring representatives
and health care providers from the OASDI and SSI programs if they
had been found to help commit fraud.
Prisoners
Since the SSI Program’s
inception in 1974, SSI recipients were not eligible for benefits
if they became inmates of a public institution (including a prison)
throughout a calendar month. In 1980, Congress passed legislation
requiring SSA to suspend payments to incarcerated felons entitled
to Social Security disability insurance benefits. In subsequent
years, additional legislation was passed requiring SSA to stop
benefits to all categories of Social Security Retirement, Survivors,
and Disability Insurance (RSDI) beneficiaries convicted of crimes
punishable by 1-year imprisonment. This included those found
not guilty by reason of insanity (NGRI) or incompetent to stand
trial.
Initially,
SSA Field Office (FO) personnel contacted the various facilities
to obtain the information needed to suspend benefits to inmates
of public institutions. The specific resources available
in an FO or the facility made the effectiveness of this approach
vary. After passage of the 1980 legislation, SSA made further
efforts to obtain prisoner information by having the Regional
Offices contact State prison officials. Some States readily
agreed to provide information, but others were slower to agree.
While
SSA made steady but slow progress to secure data and to identify
prisoners, it did not effectively manage or monitor the prisoner
suspension process. In addition, the prisoner suspension
activities did not compete well with other Agency priorities.
In
1994, the Office of Program Policy (OPP) internally changed the
organizational responsibility for the prisoner suspension policies
and procedures, and SSA began a more intensive re-examination
of its administration of the prisoner provisions. It quickly
concluded that it needed to devote much more aggressive attention
to this area, and the Agency recognized three major barriers to
full compliance with the law:
1.
A lack of full awareness of the statutory provisions by most penal
authorities affected their willingness to cooperate.
2.
The conflict of identification systems used by SSA (Social Security
Numbers (SSN) and the penal facilities (fingerprints)).
SSA used the SSN as the identifier, but the criminal justice system
used fingerprints as its main means of identification. There
was little incentive for a convicted person to reveal to prison
officials his/her correct SSN and prisons had no particular need
for correct SSNs.
3.
The lack of SSA management emphasis on full compliance
permitted many process deficiencies to remain undetected and unresolved.
The internal process was fragmented and lacked adequate controls
and most tasks were manual. Even where agreements were in
place, SSA lacked a method for monitoring the facilities’ compliance
with the agreement. Because of this, SSA could not always
track incoming data effectively. SSA could not determine
if the data came into SSA, if SSA processed the data, or if the
data did, in fact, result in a suspension.
Having
identified the major problems, SSA engaged the help of the National
Criminal Justice Association (NCJA). In October 1994, the
NCJA brought SSA officials and members of the penal community
together to identify the obstacles involved with getting data
from prisons, especially those relating to the identity of prisoners,
and to seek solutions. The NCJA report noted that “Neither
the Congress nor SSA realized the complexities it would encounter
in implementing the [prisoner] provision.” After the meeting,
SSA built and expanded relations with the National Institute for
Corrections, The American Jail Association and the National Sheriffs’
Association.
In
1995, SSA aggressively initiated a course of action that continued
to result in significant improvements in the prisoner suspension
process. Some of these actions included:
·
Escalated the prisoner suspension process to a top Agency
priority.
·
Began a major initiative to contact all correctional facilities.
As a result of this, SSA obtained agreements with the Federal
Bureau of Prisons, all State Prisons, and the 25 largest local
prisons to provide us prisoner data. In addition, it obtained
agreements with over 3,500 local facilities.
·
Contacted Governors, heads of correctional institutions,
Correctional Associations and similar stakeholders to obtain their
help and support in providing prisoner data.
·
Published articles on the importance of providing prisoner
data to SSA in various journals for the correctional associations.
·
The cooperation of State and local correctional institutions
was critical to the suspension process. Therefore, SSA developed,
maintained and nurtured an excellent working relationship with
these facilities and the Associations that represented them.
·
Obtained historical data from the Federal Bureau of Prisons
and State Prisons as a check to ensure that SSA identified and
suspended all prisoners.
·
Conducted reviews of the prisoner suspension operation
to determine if SSA needed to improve its operation. As
a result of these efforts, SSA was now verifying 92 percent of
the data facilities submitted to SSA.
·
Developed and pursued legislation that provided an incentive
payment to correctional facilities that provided SSA prisoner
data that results in the suspension of Title XVI payments.
This not only ensured that SSA continued receiving the data, but
also motivated the correctional facilities to provide more thorough
information. Another legislative proposal providing additional
incentives for the Title II program was developed and was being
actively considered by Congress.
·
In August 1996, the Title XVI portion of this legislative
change was enacted.
The Bonin Case illustrates
why the Agency needed to improve its efforts regarding prisoner
related matters. William G. Bonin was a convicted felon
incarcerated at San Quentin, a California State Prison, since
March 22, 1982. He was executed on February 23, 1996.
Upon notification of his death by the funeral director, the servicing
FO discovered that Mr. Bonin had been entitled to Social Security
disability benefits since January 1972 and was still in current
payment status. Benefits were terminated in February 1996,
but too late to stop the March 1996 check. An alert was
generated in August 1990 via a computer match with the California
State Department of Corrections. This computer alert did
not result in a suspension because no action was taken on the
alert. Following an investigation by the OIG, SSA obtained
an agreement that resulted in full restitution for the overpayments.
A number of initiatives followed to address the problem of
“Prisoners.”
An
inter-component workgroup, formed in February 1996, examined all
phases of the prisoner suspension operation and prepared a process
analysis of its strengths and weaknesses. The team determined
that there were problems in every phase of the overall process
from receipt of prisoner data to actual suspension of benefits.
In
February, instructions were issued to the FOs to obtain written
agreements from the facilities that were willing to provide prisoner
data. By June 2000, SSA had agreements with the majority
of local facilities for reporting prisoner data.
There were
a number of actions taken to improve processing prisoner data.
To correct the process weaknesses identified in the Bonin case,
and to also incorporate the incentive payment provisions of the
law that were enacted in August 1996 (Welfare Reform Act), SSA
initiated the following activities:
·
Each program service center (PSC), including the Office
of Disability and International Operations, has established a
centralized fax number to handle all prisoner actions. They
identify pending prisoner items and processed them as a priority
workload.
·
Operations informed all the Regional Commissioners and
managers in the PCs, FOs, and teleservice centers (TSCs) of the
importance of processing prisoner alerts.
·
A database was designed to monitor and control the receipt
of prisoner information from all correctional institutions and
mental health institutions to ensure they reported their data
to SSA in a timely fashion.
·
An automated system was established that controlled and
monitored all prisoner alerts to make sure the alerts were worked
quickly and accurately.
·
SSA established an automated system to pay incentive payments
to correctional institutions for inmate data that they provided
to SSA in order to suspend benefits to individuals who were ineligible
because of incarceration.
·
SSA requested, received, and processed historical files
from the Federal Bureau of Prisons and most State Prisons to ensure
that it identified and suspended all prisoners receiving benefits
in the past and the present.
At
the national level, SSA staff worked with correctional officials
of the Large Jail Network and other correctional associations
(such as the American Jail Association (AJA), the American Correctional
Association (ACA), and the National Sheriff’s Association (NSA)
to obtain data at the local level and increase the availability
of the data electronically. With the assistance of the Department
of Justice, SSA also worked with other organizations associated
with penal institutions and mental health agencies concerning
the provisions related to the NGRI provision.
Public
relations campaigns were initiated to inform the law enforcement
communities and correctional facilities about SSA’s need to stop
benefits to certain inmates.
SSA
staff participated at the meetings, conventions, and conferences
that the AJA, ACA, and the NSA sponsored. Public campaigns
at these meetings increased awareness of the sponsors of information
that SSA needed to identify Social Security beneficiaries in such
institutions. These efforts were expected to open communication
links between SSA and the people it needed to reach to achieve
cooperation for reporting prisoner data timely.
The continued success
in the SSA’s prisoner suspension operation depended on several
key factors. These factors were:
·
An efficient computer matching operation and the systems
support to keep it streamlined and modern.
·
SSA operational resources to develop and timely suspend
benefits to Social Security beneficiaries based on the inmate
data that was processed through the computer matching operation.
·
Continued voluntary cooperation of the correctional and
mental health institutions throughout the United States to provide
inmate data to SSA to identify individuals whose SSA benefits
should be suspended because they were incarcerated in accordance
with SSA laws.
·
More dedicated monitoring of inmate reporting agreements
with correctional and mental health institutions to ensure that
the agreements do not lapse or expire.
·
Closer tracking of SSA’s receipt of inmate reports from
correctional and mental health institutions and reconciliation
of the reports if they are not received on time.
“The Social Security Administration has
produced a continually updated database that now covers more than
99 percent of all prisoners, the most comprehensive list of our
inmate population history. And more important, the Social
Security Administration is using the list to great effect.
By the end of last year, we had suspended benefits to more than
70,000 prisoners. That means that over the next five years,
we will save taxpayers $2.5 billion – that’s $2.5 billion – that
will go toward serving our hard-working families.
Now we’re going to build on the Social
Security Administration’s success in saving taxpayers from inmate
fraud. In just a few moments I will sign an executive memorandum
that directs the Departments of Labor, Veteran’s Affairs, Justice,
Education and Agriculture to use the Social Security Administration’s
expertise and high-tech tools to enhance their own efforts to
weed out any inmate who is receiving veteran’s benefits, food
stamps, or any other form of federal benefit denied by law.
We expect that these comprehensive sweeps
by our agencies will save taxpayers millions upon millions of
more dollars, in addition to the billions already saved from our
crackdown on Social Security fraud. We will ensure that
those who have committed crimes against society will not have
an opportunity to commit crimes against taxpayers as well.”[5]
On April 28, 1998,
President Clinton sent an executive memorandum to all the heads
of the executive departments and agencies. The memorandum
directed them to take specific actions regarding sharing information
related to prisoners who received benefits.
SSA
built a Federal Benefit/Prisoner Data Exchange System to share
prisoner data with other federal benefit paying agencies in compliance
with the presidential memorandum. On November 1, 1998, the
Federal Benefit/Prisoner Data Exchange system was operational
and other federal benefit paying agencies began using the system
to retrieve prisoner data.
The Congress
passed a new law. The Ticket to Work and Work Incentives
Act (P.L. 106-170) signed by President Clinton on December
17, 1999 extended to Title II the provisions of the PRWORA of
1996 that authorized payments from SSA to correctional and mental
health institutions that reported inmate information to SSA.
Beginning April 4, 2000, the new law authorized SSA to pay incentive
payments to correctional and mental health institutions for information
that led to a suspension of inmates entitled to retirement, survivor,
and disability benefits (RSDI—Title II). The incentive payments
and amounts were:
·
$400 for information received within 30 days after the
individual’s date of conviction and confinement.
·
$200 for information received between 30 and 90 days after
an individual’s date of conviction and confinement
·
No payment was made for information received on or after
the 91st day.
When the reported
inmate was a concurrent beneficiary, the correctional or mental
health institution received only a single incentive payment; the
cost to was split between the two programs.
In order to
qualify for incentive payments, an Incentive Payment Memorandum
of Understanding (IPMOU) had to be in place. Many institutions
had SSI IPMOUs in place that qualified them for the payment of
an incentive payment as a result of SSI suspension actions.
New IPMOU agreements had to be negotiated to allow for the Title
II incentive payments.
The Agency suspended
Title II benefits for any periods of conviction and confinement
in a correctional or mental health institution that lasted for
more than 30 continuous days. The law also prohibited payment
of monthly benefits to any person whom, upon completion of a prison
term, remained confined by court order to a public institution
as a sexually dangerous person or a sexual predator.
OIG
conducted two audits involving payments that were made to prisoners.
The objective of the first audit, Effectiveness in Obtaining
Records to Identify Prisoners, was to determine whether SSA
had adequate procedures to obtain complete and timely information
for individuals who were confined to correctional facilities.
It revealed that SSA did not have the ability to identify all
prisoners in detention and of those that were identified, they
were not identified in a timely manner. The OIG estimated
that this cost SSA $48.8 million in overpayments. The second
audit, Effectiveness of the SSA’s Procedures to Process Prisoner
Information, Suspend Payments and Collect Overpayments, demonstrated
that even if SSA could obtain the records to identify prisoners,
there was no mechanism in place to process the information in
order to suspend the payments and collect overpayments.
Both reviews found that SSA needed to aggressively pursue computer
matching agreements with Federal, State, and local prison authorities
to receive prisoner information in a timely manner. This
enabled SSA to suspend payments sooner and reduce the amount of
overpayments the Agency needed to collect. Both reviews
recommended that SSA seek congressional support and legislative
remedies to lift restrictions on the computer matching agreements.
As a result of these audits, SSA’s Actuary estimated that $3.4
billion dollars would be saved from 1997-2002.
The Welfare Reform Act amended Title XVI of the Social Security
Act to make a fleeing felon or a parole or probation violator
ineligible to receive SSI. Armed with this new statute and
with audit information, OI initiated the Fugitive Felon Project.
This project identified individuals illegally receiving SSI by
conducting computer matches with the FBI, the U.S. Marshals Service,
and State agencies. When OI Special Agents identified SSI
recipients who were fugitives, SSA was notified, payments were
stopped, and overpayments calculated. This project resulted
in impressive savings to the Agency as shown below.
STATISTICS
FOR THE FUGITIVE FELON PROJECT
|
FISCAL
YEAR
|
FUGITIVES
IDENTIFIED
|
FUGITIVES
APPREHENDED
|
OVERPAYMENTS
IDENTIFIED
|
ESTIMATED
SAVINGS
|
1998
|
1,105
|
Not
available
|
$980,250
|
$5,443,551
|
1999
|
7,421
|
1,586
|
$17,200,000
|
$27,000,000
|
2000*
|
|
475
|
$11,439,369
|
$18,183,235
|
TOTALS
|
10,003
|
2,061
|
$29,619,619
|
$50,626,786
|
*Reflects data
from October 1, 1999 through March 31, 2000.
As of September 2000, SSA had agreements with 7,016 correctional
and mental health institutions nationwide. This represented
99% of the total inmate population in the country. Suspension
of benefits to prisoners saved the OASDI and SSI programs roughly
$500 million on an annual basis. Of this $500 million in
annual savings, roughly $250 million was attributable to SSA initiatives
begun in 1994 – 1995. Approximately $20 million of the $500
million annual savings were attributed to the incentive payment
provisions included in the 1996 welfare reform legislation.
The success of the December 1999 legislation to pay incentive
payment to institutions providing information to suspend title
II benefits had not been estimated as of September 2000.
Disability
Program Integrity
A major part of the
Agency strategy to protect the integrity of the two disability
programs that SSA administers was the utilization of a comprehensive
Quality Assurance (QA) system. The system employed had been
in place for over 25 years. The QA system’s primary purpose
was to measure compliance with policies and procedures in adjudicative
decisionmaking.
The
system provided the Agency with data to monitor the level of decisional
accuracy. Samples of most of the major disability workloads
were included in the system, from initial claims, to CDRs, to
hearing decisions. The system also:
·
Provided some insight into adjudicative performance for
special populations such as SSI children;
·
Provided data used to profile certain workloads for special
attention in the adjudicative process; and
·
Helped monitor the impact of process changes such as those
tested in the disability process redesign.
In
addition, as required by law, SSA conducted a Federal pre-effectuation
review of proposed Disability Insurance (DI) allowances that helped
protect the integrity of the DI Trust Fund. In FY 1997,
the effort produced an impressive $330 million savings at a cost
of less than $22 million.
SSA
recognized that there were concerns with the QA system that needed
to be addressed. These concerns included the need to:
·
Assess beyond compliance with rules, regulations and procedures
how decisions made under SSA’s adjudicative process meet the intent
of the law;
·
Collect and analyze data to assure uniformity in the decisionmaking
process across the country;
·
Develop a comprehensive and uniform review process across
all levels of disability case processing, including field offices,
DDSs and hearings and appeals offices; and
·
Use internal DDS and OHA quality reviews along with the
overall quality review process.
SSA
intended to address these needs by developing a more comprehensive
quality review system that better assessed the outcomes of its
policies and provided a more uniform measure of disability adjudication
across the country.
The
QA system was enhanced in 1999 with a publication of final rules
under which SSA’s Office of Quality Assurance and Performance
Assessment (OQA) would examine certain allowance decisions at
the hearing level that were selected through statistical sampling
techniques. OQA referred to the Appeals Council for possible
review the decisions it believed met the criteria for review by
the Council. This effort stemmed from the Agency’s process
unification initiative. It was designed to better balance
the feedback provided to hearings level adjudicators and to improve
the accuracy of those decisions.
Previously,
the primary source of feedback, from the Appeals Council, provided
to hearings adjudicators, came from claimant requests for review
of hearings denials or further appeals of those denials to district
courts. As part of the QA system, peer reviewing judges
also assessed whether a random sample of ALJ decisions was supportable.
Results from this peer review indicated the need for improved
allowance accuracy. Therefore, SSA began an annual screening
of approximately 10,000 favorable hearing decisions in addition
to ongoing quality reviews of ALJ denial decisions. This
review provided feedback on individual cases, but more importantly,
permitted analysis of the adjudicative issues associated with
unsubstantiated decisions and targeted training and policy clarifications
to address these issues systematically.
The
legislation enacted and financial support provided during the
Clinton years progressively enabled the Agency’s leadership to
manage in a fashion that ensured the integrity of its programs
and tremendously improved its stewardship of the trust funds.
SSA
conducted periodic reviews, called continuing disability reviews
(CDR), to determine whether individuals receiving disability benefits
had medically improved so that they were no longer considered
disabled and no longer eligible for benefits. The CDR process
allowed SSA to ensure the integrity of the SSI program by monitoring
the disability status of beneficiaries.
Although CDRs had
always been considered important, SSA had not conducted CDRs for
SSI-only cases in meaningful numbers prior to 1996. Until
1994, the law did not require such a review, and SSA traditionally
directed its limited administrative resources to statutorily mandated
OASDI, Title II reviews. In addition, SSA reduced the number
of CDRs for both programs in the early 1990s when the Agency was
faced with unprecedented initial disability claims workloads.
The number of CDRs fell from 367,000 in 1989 to about 73,000 in
1992.
As of October 1,
1997, approximately 1.6 million SSI-only beneficiaries were due
or overdue for a CDR. Of that number, 1.2 million individuals
were disabled and blind adults under age 65 and approximately
400,000 were disabled children. Beneficiaries who concurrently
received SSI and OASDI benefits were counted and processed under
the OASDI program, and approximately 600,000 of these beneficiaries
were also due or overdue for a CDR.
Several
legislative mandates from 1996 through 2000 supported by the Clinton
Administration increased the number of reviews required for SSI
disability cases. When SSI CDRs were mandated in the Social
Security Independence and Program Improvements Act of 1994,
SSA was required to conduct CDRs on 100,000 SSI beneficiaries
and on not fewer than one-third of the SSI beneficiaries reaching
age 18 in each FY from 1996 through 1998. Enactment of the
Personal Responsibility and Work Opportunity Reconciliation
Act of 1996 (PROWRA) (which was later modified by the Balanced
Budget Act of 1997), further expanded the universe of statutorily
mandated CDRs.
The
PRWORA required SSA to conduct:
·
CDRs within one year of birth on all children who are eligible
because of their low birth weight;
·
CDRs at least once every three years on all SSI childhood
beneficiaries whose impairments are considered likely to improve;
and
·
Medical redeterminations (using the adult disability standard)
on all SSI childhood beneficiaries within one year after reaching
age 18.
The
President and the Congress demonstrated their commitment to this
CDR workload by enacting P.L. 104-121 which authorized a total
of about $4.1 billion for OASDI and SSI CDRs for FYs 1996 through
2002. In the PRWOR of 1996, the Congress added the requirement
for periodic CDRs and redeterminations for SSI children and added
a total of $250 million to the authorized amounts for FYs 1997
and 1998. This brought the total authorized funding to about
$4.3 billion for conducting CDRs and redeterminations during FYs
1996 through 2002. In response to legislative mandates,
SSA developed the Seven-Year Plan for conducting CDRs beginning
in 1996 through FY 2002. The plan was implemented in July
1996 and updated in March 1998.
Prior
to 1993, all CDRs were conducted as full medical reviews.
The full medical CDR process was labor-intensive and generally
involved (1) an interview of the beneficiary in a field office
and (2) a determination of medical improvement by a State DDS—a
step that involved development of medical evidence and a special
examination, if needed. Recognizing the need to streamline
the process, SSA began using questionnaires, called CDR mailers,
in conjunction with statistical profiles in place of full medical
reviews for some beneficiaries.
SSA
developed statistical profiles for estimating the likelihood of
medical improvement based on beneficiary information such as age,
impairment, and length of time on the disability rolls.
For beneficiaries for whom the profile indicated a relatively
low likelihood of medical improvement, SSA used the CDR mailer.
When the profile indicated a relatively high or medium likelihood
of medical improvement, SSA used a full medical CDR. For
those who received a mailer, SSA took an additional step to determine
whether the responses, when combined with data used in the profiles,
indicated that medical improvement might have occurred.
If so, the beneficiary also received a full medical CDR.
Individuals whose responses to a mailer confirmed the profiled
data indicating that there was a low likelihood of medical improvement
were not referred for full medical CDRs. SSA then set a
future CDR date for these individuals. The CDR profiling
and mailer process established in May 1993 enabled SSA to steadily
increase the volume of CDRs processed from a low of 73,000 in
FY 1992 to approximately 240,000 in FY 1995.
Using
the profiling and CDR mailer process, SSA exceeded the 100,000
case review mandated in FYs 1996 and 1997 and was up-to-date in
processing low birth weight CDRs and age 18 redeterminations.
Overall, SSA processed more than 157,000 SSI-only CDRs in FY 1996.
In FY 1997, SSA processed more than 262,000 SSI-only CDRs and
met the budgeted target of 362,000 SSI CDRs for FY 1998.
Data suggested
that, after all appeals, the CDRs conducted for SSI beneficiaries
in FY 1997 were expected to result in the cessation of benefits
for an estimated 28,000 individuals. The OASDI CDR process
in FY 1997 would yield, after all appeals, benefit cessation of
approximately 6,000 SSI beneficiaries who were also receiving
OASDI benefits. Benefit cessations resulting from the FY
1997 CDRs alone were projected to reduce SSI program expenditures
by an estimated $915 million from FY 1997 through FY 2006.
SSA planned to
pursue the needed funding each year to process CDR workloads.
With additional funding provided by the Congress, SSA expected
to be up to date in processing all SSI-only CDRs by the end of
FY 2002. The Agency expected to conduct approximately 3.6
million SSI-only CDRs over the life of the Agency’s 7-year plan.
These numbers included cases overdue for CDRs, as well as newly-matured
cases.
The following table,
based on SSA’s Seven Year Plan, shows the number of SSI-only CDRs
to be processed in FYs 1998-2002. Also included were the
estimated SSI program savings resulting from CDRs conducted in
FYs 1998 through 2002, amounting to approximately $3 billion over
this 5-year period. The Agency’s efforts to maintain program
integrity and improve stewardship could be measured most notably
by program savings.
Fiscal
Year
|
SSI-ONLY
CDRs FY 1998-2002
|
PROGRESS
IN COMPLETING
7-YEAR CDR PLAN
|
Number
of
CDRs Processed
During Year
|
Cumulative
SSI
Program Savings 1
(in millions)
|
Number
of CDRs
Processed
FY 1996 to date
|
Percent
of
7-Year
Plan Total
|
1998
|
362,000
|
$75
|
781,000
|
21.9%
|
1999
|
685,000
|
395
|
1,466,000
|
41.1%
|
2000
|
592,000
|
1,020
|
2,058,000
|
57.7%
|
2001
|
728,000
|
1,895
|
2,786,000
|
78.2%
|
2002
|
779,000
|
2,995
|
3,565,000
|
100%
|
1
Includes estimated Federal SSI program savings resulting
from CDRs conducted on OASDI beneficiaries concurrently
receiving SSI payments.
|
SSI High Risk Program
The
General Accounting Office (GAO) designated the SSI program as
one of the Federal Government’s “high risk” programs in 1997.
The Annual Performance Plan briefly highlighted objectives designed
to strengthen the integrity of the SSI program.
The
SSI program provides benefits to approximately 6.5 million needy
beneficiaries who were aged, blind, or disabled.
Like
other means-tested programs that respond to changing circumstances
of individuals’ lives, the SSI program presented challenges to
ensure that it was administered efficiently, accurately, and fairly.
As previously
mentioned, in 1996, the Congress provided SSA with special funding
authority that enabled it to develop a Seven-Year CDR Plan for
FYs 1996 through 2002, dramatically expanding the number of CDRs
conducted.
In
October 1998, the Agency issued the first management report on
the SSI program entitled, Management of the Supplemental Security
Income Program, Today and the Future, detailing the aggressive
plans to improve payment accuracy, increase CDRs, combat fraud,
and collect overpayments. SSA implemented several of the
initiatives outlined in the report, such as new computer matches
and processing more redeterminations in addition to more CDRs.
The outcome was that SSA collected over $100 million more in debt
in FY 1999 than it did in
FY 1998.
Improving
Payment Accuracy
The
FY 1998 Payment Accuracy (Stewardship) Report prepared
by OQA pointed out the major overpayment findings.[6]
Most SSI overpayments resulted from beneficiaries’ failure to
report changes in three areas: income (particularly wages),
financial accounts and living arrangements (for example, admission
to a nursing home). These areas were consistently among
the leading causes for overpayments. These failures to report
or to report timely did not necessarily imply attempts to defraud
or mislead on the part of beneficiaries. There were many
reasons why a beneficiary may not have known or been capable of
reporting a material change.
The
payment accuracy data provided in the 1998 report represented
findings from reviews of monthly random samples of individuals
who received SSI payments. The Agency based corrective actions
and program enhancement initiatives on the report. SSA ran
more computer matches, processed more redeterminations, processed
more CDRs, and collected more debt. In 1998, OQA went from
approximately 4,000 to nearly 7,000 cases sampled. The increase
enriched its stewardship report.
In
addition to computer matches, SSA pursued real time access to
databases. This access would enable field offices
to detect changes in income and resources even earlier than computer
matches and, therefore, increase its ability to prevent and detect
payment errors. In April 2000, SSA began a pilot to assess
the value of real time access to the wage, unemployment, and “new
hire” databases of OCSE. A nationwide rollout of this real
time access was expected to take place in FY 2001.
The redetermination
process was one of the most powerful tools available to SSA for
improving the accuracy of SSI payments. In FY 1999, SSA
almost doubled the number of high-error redeterminations selected
for review and investigation—503,300 up from 272,700 in FY 1998.
The total number of redeterminations processed in FY 1999
was 2.1 million, up from 1.7 million in FY 1998.
In
addition to increasing the number of redeterminations processed,
SSA continued its increased CDRs with the special funding from
the Congress as part of the Seven-Year Plan. SSA increased
the number of SSI-only CDRs conducted in every year from 157,000
in FY 1996 to 833,000 in FY 1999. As a result of those 833,000
CDRs, the benefits for 101,410 beneficiaries were ceased.
In
FY 1999, SSA processed over 1.7 million CDRs, more than twice
the number processed in FY 1996. SSA continued with its
Seven-Year Plan to ensure that it was current in processing all
SSI CDRs by FY 2002. There were also initiatives underway
to improve the CDR process by improving the statistical profiling
of the CDR selection process.
Combating Program Fraud
In
efforts to combat fraud, SSA and OIG examined cases involving
residency factors along the U.S. borders with Mexico and Canada.
As a result, a major effort was initiated in New York and later
in New Jersey to focus and further define this issue. In
the New York and New Jersey SSI Eligibility Verification Projects,
almost 33,000 cases were examined, uncovering about 8,000 individuals
who were overpaid, suspended, or terminated. From June 1998
through August 1999, these projects uncovered $14 million in overpayments.
Beginning in FY 2000, SSA began similar projects in every region
in the nation.
SSA
and the States have worked together to combat Collaborator Fraud
whereby unscrupulous health professionals that help claimants
fraudulently obtain disability benefits. These efforts have
evolved into CDI units. As of December 1999, the CDI units
in 5 States had processed 1,945 allegations and developed evidence
to confirm 557 cases of fraud or similar fault to support denials.
The
enactment of the Welfare Reform Act and the GAO’s declaration
of the SSI program as a high-risk area in February 1997 caused
the OIG to accelerate auditing efforts and develop additional
strategies to prevent and detect fraud in this program.
An audit was conducted to identify vulnerabilities in the disability
determination process. The OIG initiated an audit entitled,
Special Joint Vulnerability Review of the SSI Program,
after the Georgia DDS notified SSA that it was concerned that
four generations of a family of SSI recipients may have been coached
to fake physical or mental disabilities in order to receive payments.
The OIG recommendations included actions SSA needed to take regarding
the monitoring of providers of examinations and a closer review
of the reports made by these providers.
One of the most
significant actions that occurred as a result of this audit was
the inception of the CDI pilot. This project partnered OIG
Special Agents with State DDS employees and local law enforcement
entities to prevent and detect disability fraud primarily at the
initial claim stage before benefits were paid. The CDI project
relied on the combined skills and the specialized knowledge of
these individuals to combat disability fraud in their respective
areas. The CDI units were expected to achieve their goal
by assisting the local DDS to denying fraudulent applications,
and by identifying doctors, lawyers, interpreters, and other service
providers who facilitated and promoted disability fraud.
Pilots were initially conducted in five cities and there were
plans to establish more CDI units by the beginning of FY 2001.
The projected savings of the CDI project exceeded ten times its
cost. The table below summarizes the accomplishments of
the project.
CDI
STATISTICS
|
|
FY 1998
|
FY 1999
|
FY 2000
|
TOTALS
|
Allegations
Received
|
518
|
1,098
|
1,841
|
3,457
|
|
53
|
378
|
714
|
1,145
|
SSA Recoveries & Restitution
|
$41,508
|
$226,610
|
$346,873
|
$614,991
|
SSA Savings
|
$2,855,250
|
$20,366,102
|
$39,631,627
|
$62,852,979
|
Non-SSA Savings
|
N/A
|
$6,309,860
|
$20,825,132
|
$27,134,992
|
Reflects
data from October 1, 1999 through September 31, 2000.
SSA
and other Federal and State Law Enforcement Agencies developed
agreements to identify and suspend benefits for fugitive felons
Using a manual process from 1997 through 2000, SSA and OIG have
identified over 10,000 fugitive felons who were receiving SSI.
This has resulted in detecting $24 million in overpayments.
Additionally,
SSA implemented a series of training initiatives, wrote new procedures,
and perhaps most importantly, maintained the focus on improving
the accuracy of the SSI program as one of the Agency’s highest
priorities throughout FY 1999. In FY 1999, initiatives
to address the non-disability errors in the SSI program prevented
about $230 million in overpayments. About $115 million of
this was attributable to the initiatives taken for better training,
better instructions, and greater management focus on payment accuracy.
SSA
was in the process of implementing four major debt recovery projects
that were expected to yield direct collections of at least $115
million over 5 years. The four projects were mandatory cross-program
recovery, credit bureau reporting for delinquent Title XVI debts,
administrative offset for delinquent Title XVI debts, and administrative
wage garnishment for delinquent Titles II and XVI debts.
Future plans were to implement the remaining debt collection tools
for which SSA had been given authority. The additional projects
included Federal salary offset, private collection agencies, and
interest charging.
SSA
actions since the October 1998 management report was issued, such
as implementing new computer matches and conducting more redeterminations,
also produced dramatic increases in the amount of debt detected
and collected. The following chart indicates the success
in uncovering and progress in collecting that debt:
SSA
made a commitment to be both more responsive to SSA claimants
and beneficiaries and more accountable to the American people.
For many years, SSA recognized the need to improve the administration
of the disability programs. In March 1999, SSA released
a report on its management plan for the Social Security and SSI
disability programs.
The
plan addressed four major areas and also provided a strategy for
achieving the goal of improved administration of the disability
programs. The major areas were:
·
Improving the disability decision making process to ensure
that decisions were made as accurately as possible, that those
who should be paid were paid as early as possible, and that the
adjudication process was consistent throughout;
·
Improving the return-to-work opportunities for disability
beneficiaries so that individuals who wanted to participate in
the nation’s workforce may do so;
·
Safeguarding the integrity of the disability programs by
ensuring beneficiaries met the strict eligibility criteria for
benefit payments and by protecting the programs against fraud;
and,
·
Increaseing understanding, through research, of both the
incidence of disability in the U.S. and disability programs, in
general, so that policymakers can craft more responsible policies
and legislation to assist individuals with disabilities.
The
Agency embarked on an ambitious series of initiatives and made
great strides in efforts to improve disability quality, integrity,
and customer service. The results of these efforts were
expected to be a disability process that was both more efficient
and more responsive, as well as a process in which claimants,
beneficiaries, and taxpayers could have full confidence.
The
childhood disability provisions of PRWORA in 1996 (see
Chapter IV, Childhood Disability) had a major impact on Agency’s
efforts to improve administration of its disability programs through
CDRs.
Agency
Operations employees successfully implemented “high risk” initiatives
through additional funding from Congress that was used to provide
overtime hours for Field Office staff. Implementation resulted
in an increase in redetermination productivity due to the training
initiatives, enhanced automation support, and increased management
focus.
SSA
made progress in improving payment accuracy in FY 1999, increasing
the payment accuracy rate from 93.5 percent in FY 1998 to 94.3
percent in FY 1999. The improvement in payment accuracy
meant that in FY 1999, SSA paid $230 million less in erroneous
benefit payments than the previous year.
Nonagenarians
The
Nonagenarian Project was an SSA initiative that began in 1989
for the purpose of verifying that the Agency’s oldest beneficiaries
were properly receiving their benefits, that any needed representative
payees were in place, and to eliminate any possible fraud activities.
It
was another tool in the Agency’s “seamless attack” against fraud,
waste, and abuse.
In
1999, the project required FOs to contact Titles II and XVI beneficiaries
who were born in 1900 and 1901 and attained ages 99 and 98, respectively
in 1999.
The
Agency began using its Intranet to control Nonagenarian cases
and information more efficiently.
Results
of the 1999 project were as follows:
·
87,955
beneficiaries were initially selected.
·
17,590
cases were terminated for death before the FO attempted the contact,
119 cases were identified as already having a personal contact,
and 64 cases had an erroneous date of birth.
This
left 70,038 to be contacted.
·
5,944
of those contacted—8.4 percent—were found to be in need of a representative
payee.
·
144
claimants died at least six months prior to the compilation of
the initial data files, but their death had not yet been reported
to the Agency.
Out
of the 144 cases, 90 claimants were receiving direct deposit.
In
addition, 118 claimants were receiving Title II benefits only;
seven were Title XVI recipients only, and 19 claimants were receiving
both types of benefits.
These
cases involved monthly benefits totaling $78,021.10 and overpayments
totaling $4,897,850.43 as of November 30, 1999.
Of
this amount, $614,269.85 has already been recovered.
·
Another
165 beneficiaries, involving monthly benefits totaling $102,132.01
were suspended because the FO, after extensive research, was unable
to locate them.
Some
40 of these cases were referred to OIG for investigation.
The
remaining cases were to be referred to OIG if the claimants were
still not located within 45 days of the suspension action.
The Agency decided
to suspend the Nonagenarian Project as of May 25, 2000 due to
budget constraints. The Project was scheduled to include
people born in 1902 with an estimated nationwide volume of 48,947,
including both Titles II and XVI benefit cases.
Negotiations continued with HCFA to pursue a national Medicare
Non-Utilization computer matching agreement as part of the Nonagenarian
Project. Initially, SSA would use this agreement to request
data on current beneficiaries on SSA roles over age 90 with three
years of non-utilization of their Medicare Card. The Agency
sought to have the agreement in place by the end of the summer
of 2000 with the first report provided by the start of FY 2001.
To
ensure everything was in place as early as possible for the next
fiscal year, SSA continued to work to perfect the Intranet site
and the link with OIG.
Fraud
referrals had been submitted to OIG via the Intranet since June
1, 2000.
In
November 2000, Operations notified employees that the Intranet
system was working properly and that it was now mandatory for
all fraud referrals to be submitted to OIG via the Intranet.
A final decision was made to
go forward with FY 2001’s Nonagenarian Project. The Project
was tentatively scheduled to include people born in 1902 and 1903
who received Title II and SSI benefits. The Agency planned
to house nationwide case information on one Intranet site.
The Agency made tremendous strides in improving its stewardship
of the Trust Funds during President Clinton’s Administration by
reinventing or improving many of its business practices and responding
to the public’s expectations.
Privacy
and Security
Enhancing
the Social Security Card
The immigration
and welfare reform laws passed in 1996[7] required that the Commissioner of
Social Security develop a prototype of a counterfeit-resistant
Social Security card. Originally, the SSN was a way to record
each person’s Social Security earnings; the only purpose of the
Social Security card was to provide a record of the number so
that employers could accurately report earnings. The 1996
laws also called for SSA to study and report on different methods
of improving the Social Security card application process.
The use of the SSN
as a general identifier in record systems grew tremendously over
the years. The broad-based coverage of the Social Security
program made the SSN widely available and a convenient common
data element for all types of record-keeping systems and data
exchanges. The SSN was adopted for numerous other purposes
so that it became the single most widely used record identifier
for both the government and the private sector.
The pervasive use
of the SSN led some to conclude that it had, in effect, become
a national identifier, a term generally viewed negatively in the
United States. There were some that believed the public
would be well served by using a single identifier. The implications
of the widespread use of such an identifier on personal privacy
generated serious concerns both within the government and in society.
The potential to profile people raised questions about limits
to freedom of choice and access to society’s services and benefits.
Advances in information technology (e.g., the Internet and the
World Wide Web) raised concerns about increased opportunities
for inappropriate access to personal information.
The
current Social Security card was made of banknote paper and served
only as an official verification of the SSN assigned by SSA to
the person whose name was on the card. The card was neither
proof of the bearer’s identity nor citizenship/non-citizen status
and had no transaction value or data storage capability.
The card that was used through the year 2000 incorporated a number
of security features appropriate to a paper card format.
There were seven
Social Security card prototypes developed in response to the mandate.
They were a Plastic card, Card with picture, Secure barcode stripe,
Optical memory stripe, Magnetic stripe, Magnetic stripe/picture,
and Microprocessor/magnetic stripe/picture.
The prototypes
illustrated different combinations of security features and functionality
covering the variety of card options available. The requirements
for the use of the enhanced card and results to
be achieved were not specified and, therefore, not evaluated for
the potential benefits or drawbacks of each option beyond the
security concerns. No option was recommended to Congress
for implementation because it was beyond the scope of the requirement.
The legislation
required an evaluation of the implications if an enhanced Social
Security card was issued to all current number holders, about
277 million people. The card issuance process would have
been significantly changed by adding citizenship or non-citizenship
status information, and for some options, adding the number holder’s
picture or personal biometrics information to the Social Security.
The new process would make issuing cards more costly to administer
and more complicated for the public.
The cost of issuing
an enhanced card to 277 million number holders ranged from $3.9
million to $9.2 million, depending on the card option selected.
The cost included contacting all number holders, processing costs
(excluding staff overhead) to issue the new cards, the cost of
the card itself, and the cost of special equipment needed to work
with each card option and/or to capture information to be included
on the card. Due to the significant cost of issuing the
enhanced card to all number holders, the Agency considered alternatives,
for example, the drivers’ license or State-issued identity card
for non-drivers.
Social Security also studied the feasibility of imposing a user
fee for enhanced cards. SSA historically opposed charging
a fee because its leaders believed that Social Security cards
were a basic part of the mandatory program. Furthermore,
failure to report changes in order to avoid paying a fee would
create discrepant SSA records, adding costs for SSA and other
agencies which relied on SSA data.
However, SSA believed that charging a fee in connection with the
card issuance was feasible. Because its current remittance
process had low volumes, it would have needed to streamline its
collection process for the fee. The cost of collecting fees
in conjunction with the issuance of 277 million Social Security
cards was $1,271 million. The full cost fee, including card
issuance and fee remittance processes, ranged from $19 to $38
per card, depending on the option selected.
The IG studied Canada’s Social Insurance Number fee charging operation
and concluded that SSA should charge a fee of $13 for each card.
The IG study was based on the SSA replacement process and volumes
for the current card, rather than a mass reissuance of an enhanced
card. The IG also did not consider the cost of the remittance
process or the changes needed to satisfy the security and integrity
requirements of a mass remittance process.
The Agency concluded that the issuance of enhanced cards, either
prospectively or as a mass reissuance, was feasible. However,
the issuance of an enhanced card raised policy issues about privacy
and the potential for the card to be used as a national identification
card. These issues would have to be addressed before issuing
an enhanced card. The legislative mandate appeared to contemplate
a mass reissuance. However, this option was much more costly
and more burdensome to the public than a prospective issuance
or another alternative that did not use the Social Security card
to achieve the desired results. The total costs for issuing
an enhanced card and collecting a user fee ranged from $5.1 million
to $10.5 million.[8]
The extent the
public would accept an enhanced card and comply with reissuance
would depend largely on the acceptable uses of the SSN and card
and the tangible and intangible benefits that the new card imparted.
The issue of the SSN as a national identifier recently resurfaced
when the SSN was proposed as the universal patient identifier
in the Health Insurance Portability and Accountability
Act of 1996. Many have questioned the wisdom of expanding
the SSN to this purpose because it could enhance an additional
linkage to very sensitive personal information. Potential
access to this data could have implications for education, employment,
credit, insurance, and legal aspects of life.
The advent of broader
access to electronic data through the Internet generated a growing
concern about increased opportunities for inappropriate access
to personal information by almost anyone. Some people feared
that competition among information service providers for customers
would result in broader data linkages with questionable integrity
and potential for harm. Expanding uses of the SSN and further
technological enhancements would extend the debate about the SSN
as the national identifier.
Many Americans,
concerned about privacy, feared that it was vulnerable to political,
business, and other socio-cultural factors. Protecting individual
privacy is a highly complex situation because it must be balanced
by what were seen as society benefits, for example, in public
safety, law enforcement, research, and public health. For
every example of public concern over privacy protection, there
existed a contrasting position where the public wants protection
from criminal elements, inappropriate and poor health care, banking
errors, etc. Societal forces were expected to guide the
evaluation and balancing of privacy policies and information uses.
There was a heightened
concern about how the SSN/card would be used in the future.
However, the development of relational data bases would make it
possible for people to be identified without the use of the SSN.
Such databases could make use of other personal data elements
(e.g., addresses, phone numbers, birth date, parent’s names, etc.).
The important issue for the future would be how the managers of
personal information systems maintained a reputation for integrity.
This was believed to be a significant determinant of public confidence.
A Census Bureau study found that the public’s belief in the integrity
of a government agency was more important that the way the agency
guaranteed confidentiality.
The potential for misuse of the SSN grew dramatically during the
1990s as the use of the SSN expanded. SSA was under increasing
pressure to take steps to: (1) ensure the accuracy of the
SSN; (2) provide verification services to organizations that use
the SSN as an identifier to protect their programs from errors,
fraud, and abuse; and, (3) protect the public from and provide
remedy to invasions of privacy or abuses of data that was stored
in public or private sector data bases that use the SSN as an
identifier.
SSA verification workloads related both to the use and misuse
of the SSN, increased as its use expanded. Such verifications
were done primarily through regular automated exchanges.
SSA verified SSN’s for employers to ensure the correct posting
of wages and for other government agencies to ensure accurate
benefit payments. Where required by law and, in certain
circumstances, where permitted by law SSA verified that the name
and SSN in the files of third parties were the same as those on
SSA records. The Agency did not uniformly verify the SSNs
used by the private sector. Its disclosure policy protected
the privacy rights of the SSN holders and limited use of Agency
resources to the business of Social Security. None of the verification
operations guaranteed that the person giving a number, even when
presenting the corresponding Social Security card, was the person
to whom the SSN was assigned.
As individuals were adversely affected by enhancements in record
keeping and data exchanges that relied on the SSN, legislation
was proposed to resolve specific problems. Congress, for
the first time, was looking at private sector use of the SSN and
offering legislation to address violations of individual privacy
by the private sector involving the SSN. At the same time,
other legislative proposals were introduced to expand the use
of the SSN and/or card for specific purposes to enhance government
efficiency or curb fraud and abuse.
Internet
Security
A major challenge
to the development of all SSA Internet applications was the need
for secure web programs that met and exceeded the industry standards
for security and confidentiality and also had the confidence of
the American public. Since modern computer security required
the implementation of sophisticated software and control of access,
the Agency worked with security and privacy experts to address
and prevent the problems of improper disclosure of personal information
in SSA records, prevent fraud and abuse, and maintain the image
and reputation that SSA earned for providing efficient and accurate
service to the public.
The
Agency approached these problems by developing authentication
requirements and methods of accessing its Internet sites.
Authentication examined ways to positively establish that the
person requesting information or performing transactions via the
Internet was the proper beneficiary or applicant. The rules
governing the level of authentication were set by the Agency’s
Authentication Workgroup, which had representatives from various
components within SSA. The workgroup reviewed each Internet
application to determine the appropriate level of authentication
required. The level of complexity of the authentication
requirements was determined by the nature of the information being
disclosed.
The
Agency learned much from one of its earliest attempts to offer
service through the Internet. The Personal Earnings and
Benefit Statement (PEBES) provided important wage and benefit
information to workers and their families that could be used to
help make retirement plans. Public response to the service
was very positive. From 1994 through 1996, the Agency investigated
and engaged in extensive tests to determine if it could offer
the service via the Internet while safeguarding the privacy of
its customers’ information. All indications were that it
could. SSA began to offer the PEBES service via the Internet
in March 1997 and the initial overall response was positive.
However, concerns regarding users being able to access and alter
earnings information or view other private data were expressed
by some members of the public, Congress, and the news media.
The Agency valued the public’s opinion and responded to its concerns.
Maintaining
the public’s confidence in SSA’s ability to keep confidential
the sensitive data it maintained was a primary goal. The
Agency could not afford the perception that PEBES information
was not secure. Because of these concerns, Acting Commissioner
John J. Callahan announced on April 9, 1997, that he would temporarily
suspend the PEBES Internet service.
The
Agency decided that it needed to more thoroughly investigate the
views of the public and appropriate experts with regards to all
aspects of Internet access to online PEBES. SSA held public
forums in six different cities between May 5 and June 16, 1997,
so that it could develop a better plan to safeguard confidential
information for Internet applications. The intent was to
bring the Agency the best thinking of experts in relevant fields
as well as members of the general public.
Acting Commissioner
Callahan headed the forums. Each forum had three panels;
one panel consisted of privacy experts and consumer advocates,
another was comprised of computer technology experts including
security experts, and the third consisted of business users of
the Internet, primarily in the banking and financial planning
fields. In September 1997, SSA issued a report to customers
entitled Privacy and Customer Service in the Electronic Age.
The
key to Internet integrity was the way that the public could access
the applications. The Agency tested Public Key Infrastructure
(PKI) which was being used in conjunction with the California
Medical Association for the electronic transmission of medical
evidence. PKI used certificates to exchange digitally signed
and encrypted data, and was also being tested with other electronic
services and Internet applications. SSA partnered with CommerceNet,
which provided all necessary support and development at no cost
to SSA, to enhance its security measures. This included
the further development of PKI and smart cards.
The
other method under development in SSA was the use of PIN and Passcode.
The Pin/Passcode Workgroup was formed in March 2000. This
group defined the business process needed to support the issuance
of PINs and Passcodes for SSA customers. This included workload
items, workflows, who in SSA were responsible for maintaining
them, and several other considerations. PIN and Passcode
usage were scheduled for piloting in January 2001.
SSA
used state-of-the-art software that carefully restricts user access
to data except for its intended use. Using this software,
only persons with a “need to know” to perform a particular job
function were approved and granted access. Agency systems
controls not only registered and recorded access, but also determined
what functions a person could perform once access was authorized.
SSA security personnel assigned a computer-generated personal
identification number and an initial password to persons who are
approved for access (the person must change the password every
30 days). This allowed SSA to audit and monitor the actions
individual employees took when they used the system. These
same systems provided a means to investigate allegations of misuse
and were crucial in prosecuting employees who misused their authority.
SSA
approached computer security on an entity-wide basis. By
doing so, it addressed all aspects of the SSA enterprise.
The Chief Information Officer (CIO), who reported directly to
the Commissioner and the Deputy Commissioner, was responsible
for information system security. The CIO assured that SSA
initiatives were enterprise-wide in scope. The CIO assured
that all new systems had the required financial controls to maintain
sound stewardship over the funds entrusted to the Agency’s care.
In
order to meet the challenges of data security in a highly technological
environment, the Agency adopted an enterprise-wide approach to
systems security, financial information, data integrity, and prevention
of fraud, waste, and abuse. It had a full-time staff devoted
to systems security stationed throughout the Agency, in all regions
and in the central office; SSA established centers for security
and integrity in each SSA region. They provided day-to-day
oversight and control over computer software. In addition,
SSA had a Deputy Commissioner-level Office of Systems which supported
the operating system, developed new software and the related controls,
and, in general, assured that SSA was taking advantage of the
latest in effective security technology.
SSA
began certifying its sensitive systems beginning with the original
OMB requirements published in 1991. SSA’s sensitive systems
included all programmatic and administrative systems. They
also included the network and the system used to monitor SSA’s
data center operations. The Agency required Deputy Commissioners
responsible for those systems to accredit them. SSA’s planning
and certification activity was in full compliance with the National
Institute of Standards and Technology (NIST) 800-18 guidance.
In summary, SSA had in place the right authorities, the right
personnel, and the right software controls to prevent penetration
of its systems and to address systems security issues as they
surfaced.
Information
Systems Security Plan
SSA has maintained
an information system security program for many years. Its
key components, such as deploying new security technology, integrating
security into the business process, and performing self assessments
of its security infrastructure, to name a few, described goals
and objectives that touched every SSA employee. Of particular
importance in the year 2000 were the activities related to the
Presidential Decision Directives (PDD) on infrastructure protection
and continuity of operations. The Agency was one of the
first to complete an evaluation of all critical SSA assets.
Given the importance
of making ongoing monthly payments, SSA was elevated to the highest
level of importance by the critical infrastructure assurance office.
As part of this effort, it completed an inventory of all critical
assets and implemented an incidence response process for computer
incidents. SSA also revised its physical security plans
to assure facilities were properly secured. SSA was one
of the key agencies that evaluated the CIO “maturity” model.
This helped SSA compare itself with industry standards overall.
SSA’s independent
auditor, Pricewaterhouse Coopers, evaluated SSA’s security program
from 1996 through 1999. They gave many recommendations to
strengthen SSA’s security program. The Agency implemented
77 percent of their recommendations and continued addressing the
remainder since they involved longer timeframes for implementation.
They were expected to be completed on a flow basis-with anticipation
that all would be completed by the end of the FY 2001.
SSA also had its
own formal program of onsite reviews and corrective action.
The Agency retained the independent contractor, Deloitte and Touche,
to review its systems and overall management of the program.
All of this was tracked at the highest levels through an executive
internal control committee which the CIO chaired and included
the IG and key deputies.
SSA believed that
the zero tolerance policy paid off, as evidenced by the fact that
almost all of the recommendations made to the Agency by independent
auditors in the late 1990s and the year 2000 were pre-emptive
in nature as opposed to a remedy for actual past abuse.
Nonetheless, when there was evidence of an abuse of system privileges,
addressing the matter was a number one priority for the Agency.
SSA’s IG was committed to the investigation and prosecution of
any employee abuse case. Many of the employee cases turned
over to the IG for investigation were first discovered by the
Agency itself.
On June 22, 1998, Commissioner Apfel issued a notice to all SSA
employees about administrative sanctions to be taken against any
SSA employee who abused his or her systems privileges. Penalties
were severe and led to the termination of employment for any offense
that involved selling data. On March 2, 2000, the notice
was revised and updated.
To ensure that SSA mission critical systems were up and running,
a solid contingency plan was in place. In August 2000, SSA
completed a successful test of all critical systems. Also,
SSA had in place a hotsite as backup for its critical operations.
These were recommendations that Pricewaterhouse Coopers thought
it was important for SSA to complete.
Moving
Away From Mainframe Systems
Addressing systems
security continued as a high priority for SSA. By design,
the Agency used a system architecture that relied almost exclusively
on mainframe systems and centralized databases. With this
architecture, the Agency was able to more tightly control computer
security than those Agencies who were faced with large numbers
of local and/or distributed systems. However, SSA, in an
increasingly technological environment, has moved away from the
mainframe environment to more distributive systems, it carefully
considered at every step of the process as to how to build in
security features. SSA took a number of steps to ensure
that the new systems were as secure as possible.
The Agency was
on constant alert to identify both intrusion detection and denial-of-service
type attacks. SSA’s firewall team used various services
that list current hacker activity in order to identify the different
types of attacks and how to respond and avoid them. SSA
uses various filters on routers to deny these specific intrusions.
SSA supported the
independent audit of its financial statements along with the auditors’
detailed testing of SSA’s systems. The Agency worked with
various oversight bodies (e.g., the GAO and the IG) to review
what it was doing and identify any issues they believed SSA needed
to address. This assured that SSA was getting all the advice
that was available, and doing its utmost to maintain the security
of the computer systems and the data they contain.
New
Emerging Concerns
The Agency took both
preventive and enforcement actions to protect information in Social
Security files from any wrongful use by its own employees and
from any unauthorized access by outsiders. SSA took a very
proactive approach to identify hacker activity and adopt the proper
defensive posture to prevent interruption to SSA’s Internet services.
The Agency used state-of-the-art technology to protect its network
and was on constant alert to detect both intrusion and denial-of-service
types of attacks. SSA’s network was monitored 24 hours a
day, not only by SSA technicians, but also by contract services.
The
Agency constantly re-evaluated and, when necessary, upgraded the
security features necessary to maintain the public’s confidence
that systems were secure. Computer security was top management
priority.
When Social Security
first became independent in 1995 and had its own IG devoted only
to SSA activities for the first time, the Commissioner asked the
IG to make employee integrity the number one issue. The
IG did so, and SSA had consistently requested additional resources
for the IG and received support from the Congress for those requests.
The IG’s accomplishments and value to the Agency’s efforts to
maintain program integrity are well documented in the office of
the Inspector General’s semi-annual reports to Congress.
SSA continued its long-standing tradition of assuring the public
that their personal records were secure. Both the Commissioner
and the Deputy Commissioner gave systems security a very high
priority. Emphasis became greater with the emergence of
the Internet as a service delivery vehicle. Secure information
systems was an ongoing part of the mission. The Agency was
aware that it could not rest on past practices, but must continue
its vigilance in every way to assure that it kept the public’s
records private and secure while providing exemplary service to
its constituents.
Commissioner Apfel continued to provide leadership in “Program
Integrity” by developing plans for dealing with rapidly changing
demographics and future projections by Agency strategists.
His creation of the 2010 Vision helped position the Agency
for years to come to deal with the many implications and consequences
of future program integrity activities.
|