SOCIAL SECURITY ADMINISTRATION

PRIVACY IMPACT ASSESSMENT

 

·         Name of project.

Integrated Disability Management System

·         Unique project identifier.

016-00-SSA/DSP-G-008

·         Privacy Impact Assessment Contact.

      Director
      Ticket Operations and Provider Support
      Office of Employment Support Programs
      Social Security Administration
      6410 Security Boulevard
      Baltimore, MD 21235

·         Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.

The Integrated Disability Management System (IDMS) is a Social Security Administration (SSA) certified and accredited General Support System consisting of several sub-systems.  IDMS uses as its master file the Disability Control File System (DCFS), which is the master repository containing the permanent adjudication history for all SSA’s Title II (Retirement, Survivors, Disability Insurance) and Title XVI (Supplemental Security Income) programs’ disability claims, including denied, terminated and active claims.  Essentially IDMS is the project name for the DCFS (DCFS being the previous name for the project); thus, they are one and the same.

DCFS contains disability decision data beginning with the Initial Claim decision and continuing throughout the life of the claim.  It contains Title II and Title XVI earnings history and is the official repository for Title II earnings verification data and Trial Work Period data.  The DCFS is also the repository for Continuing Disability Review (CDR) and Ticket to Work data and is used to control Medical and Work CDRs, Ticket (eligibility, use, assignment and termination), as well as tracking Expedited Reinstatement claims processed.  It is also used to control Employment Network payments for the Ticket to Work program. DCFS controls the CDR Enforcement Operation that produces alerts when disabled beneficiaries return to work.  The DCFS is integrated and used by other systems such the Master Earnings File and the Debt Management System.

We generally disclose this information only as necessary to pay benefits to claimants, make payments to entities contracted by SSA to provide services to Title II and Title XVI disabled beneficiaries, or as authorized by Federal law.  IDMS is not accessible to members of the public.  

·         Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.

IDMS has undergone authentication and security risk analyses.  The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems.  These include technical, management, and operational controls that permit access to those users who have an official “need to know.”  Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.

We protect the information in the IDMS by requiring employees who are authorized to access the information system to use a unique Personal Identification Number.  In addition, we store the computerized records in secure areas that are accessible to those employees who require the information to perform their official duties.  Furthermore, all of our employees who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.

·         Describe the impact on individuals’ privacy rights.

Are individuals afforded an opportunity to decline to provide information? 

We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act.  When we collect personal information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information.  The individuals can then make informed decisions as to whether or not they should provide the information.

Are individuals afforded an opportunity to consent to only particular uses of the information?

When we collect information from individuals, we advise them of the purposes for which we will use the information.  We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so

(e.g., the Privacy Act).   

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?

IDMS does not require a new Privacy Act system of records or an alteration to an existing system of records.  IDMS uses information that is collected and maintained for purposes related to other business processes for which there are currently Privacy Act systems of records in existence.  For example, benefit eligibility and payment data in IDMS are covered by systems of records, such as the National Disability Determination Services (60-0044); Completed Disability Record-Continuing Disability Determinations (60-0050); Master Beneficiary Record (60-0090); Supplemental Security Income Record and Special Veterans Benefits (60-0103); and eWork System (60-0330).

PIA CONDUCTED BY PRIVACY OFFICER, SSA:

______________________________                     September 25, 2007

SIGNATURE                                                          DATE

PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:

   /S/    Thomas W. Crawley________                       September 27, 2007

SIGNATURE                                                             DATE