History of SSA 1993 - 2000
he American public depends on the Social Security Program administrators to quickly and accurately provide benefits, properly record workers’ earnings, and effectively safeguard its benefit programs from fraud, waste and abuse. Failure to do this would seriously undermine the public’s confidence in government and its ability to effectively administer programs and protect taxpayer dollars.
Social Security has been one of the most successful programs ever undertaken by the Federal Government. Since its inception, it has enjoyed unprecedented public support. Yet the Agency found itself in a peculiar situation in the early 1990s: a popular program encased in an unpopular government.
As a rule in 1993, public confidence in government was low when President Clinton served his first term in office. The Social Security Administration (SSA), then an Agency under the Department of Health and Human Services, endured a similar lack of public confidence. SSA was the subject of a barrage of reports and periodicals describing problems such as lengthy delays in processing Federal disability benefit claims; making payments to beneficiaries with addictions to drugs and alcohol; perceived potential closings of field offices, providing poor phone service; realizing a surge in disability claims while downsizing its workforce; and issuing confusing letters to its customers to name just a few.
The Government Performance and Results Act of 1993 (GPRA), signed into law by President Clinton on August 12, 1993, enabled SSA to reduce or eliminate the problems mentioned above. The Act mandated federal agencies submit long-range (at least five years) strategic plans focusing on results, quality and customer service—outcomes rather than outputs, effectiveness rather than efficiency. Agencies were required to report to both the President and the Congress on the degree to which strategic goals were met. The overriding purpose of GPRA was to improve the Federal Government’s performance.
The winds of GPRA were blowing strong even before its enactment. Anticipating both the new law and the arrival of the first confirmed Commissioner of Social Security since independence, Acting Commissioner Lawrence H. Thompson reviewed SSA’s planning processes to build on past experiences and conform to the dictates of GPRA. On August 4, 1993, Mr. Thompson elicited the Executive Staff’s candid assessment of both the planning and budgeting processes, and solicited their specific recommendations on how SSA could improve these processes. This “mid-course” review was seen as a critical “next step” to meeting the growing external demands and expectations of the GPRA statutes.
On September 11, 1993, President Clinton issued Executive Order 12862, which directed public officials to revolutionize processes within the Federal Government to provide service to the public that met or exceeded the best service available in the private sector. The Executive Order also supported GPRA by requiring each Federal agency to publish a customer service plan, based on specific customer service standards, by September 8, 1994. High performance was paramount to restoring public confidence and maintaining Agency integrity.
Shirley Chater became the Commissioner of Social Security on October 8, 1993 accepting the monumental task of restoring the public’s faith in the Agency using the provisions of GPRA and E.O. 12862. The Commissioner’s strong support of strategic decision making helped re-enforce the importance of planning.
Commissioner Chater charged a workgroup to develop a plan to rebuild the confidence of the American public in Social Security. The workgroup was comprised of representatives from all of the Deputy Commissioners. They analyzed data, recapitulated the major public confidence issues, identified gaps in Agency knowledge, and recommended a strategy for rebuilding public confidence in Social Security. This strategy was called,“THE CHALLENGE OF CHANGE: Rebuilding Public Confidence in Social Security.”
The group focused on two major areas. The first was to document confidence levels and determine the issues that drove confidence down. The workgroup found that the low levels of confidence cut across all demographic groups and also discovered that the Agency needed to broaden its knowledge about the confidence of its own employees.
The workgroup discovered that there were a variety of reasons why people had little confidence in Social Security. They generally fit into the following seven broad categories:
1. Trust fund insolvency  (“It won’t be there for me.”);
2. Moneys worth (“I could do better investing on my own.”);
3. The role and significance of the trust funds (“The trust funds are worthless IOUs.”);
4. Broken promises (“Congress will change the rules by the time I retire and I won’t get anything.”);
5. “Undeserving” people getting benefits (“Drug addicts and immigrants are getting money they don’t deserve.”);
6. Service delivery issues (“I just get busy signals from the 800 number.”); and,
7. General distrust of government (“Government is wasteful and inefficient.”).
The second focal area was the development of a short-range plan and a long-term strategy to address the issues and rebuild confidence in the Agency. The strategy included six specific objectives identified as follows:
1. Increase the public’s knowledge about Social Security and counter existing misinformation.
2. Restore the public’s confidence in the trust funds by restoring the long-range actuarial balance of the trust funds.
3. Ensure that the Social Security program is well designed and meets sound public policy objectives.
4. Make Social Security more responsive to public input.
5. Increase the knowledge and understanding of SSA employees about the issues confronting Social Security.
6. Reinvigorate public affairs throughout SSA.
The workgroup presented its findings to the Commissioner approximately one year after its inception. The findings equipped the Commissioner with information that she used to begin steering the organization out of a “sea of doubt” to an “ocean of assuredness.” The course and speed of the Agency was about to change.
In January 1994, the Commissioner revised the three Agency-level strategic goals to the following:
· Rebuild Public Confidence in Social Security
· Provide World-Class Service
· Create a Nurturing Environment for SSA Employees
In November 1998, the Agency’s ability to accomplish the first two goals would be tested after the discovery of a 1978 computer software design error by Agency employees. Approximately 426,000 beneficiaries were underpaid nearly $478 million. The Agency braced itself for a deluge of inquires primarily from the toll-free phone service lines, which already answered nearly 60 million calls per year. SSA quickly responded by assuring the public that all of the money would be repaid within six months. Although $478 million was a sizable sum, payments affected less than one percent of SSA beneficiaries and were comparatively small to the $325 billion in benefits paid by the Agency.
The Social Security Administration’s staffing decreased by approximately 20,000 employees or 17 percent for the ten-year period immediately preceding the enactment of GPRA and issuing Executive Order 12862. The Agency was expected to administer programs with reduced staffing, do it better, and change its practices to restore organizational integrity. Due to the changing demographics of its customer base, workloads were increasing in volume and in complexity. In the early to mid 1990s, disability claims became the fastest growing workload in the Federal Government; disability claims grew in excess of 70 percent. GPRA and the challenges of Executive Orders 12862 and 12871 placed enormous demands on SSA. In some regards, SSA was ill-equipped to execute actions to make the necessary improvements defined by GPRA. It was evident that major changes would have to be made.
In August 1994 the President signed legislation (H.R. 4277) establishing SSA as an Independent Agency, with unanimous consent in the Senate and House of Representatives. SSA became independent on March 31, 1995, and this was a major step in restoring the public’s confidence. The new Social Security Administration was far more efficient, vigilant, and responsive. Commissioner Chater reorganized and consolidated various planning elements into a single component, the Office of Strategic Management (OSM), responsible for strategic planning activities.
The Agency’s accountability became more evident with the advent of Independent Agency. Several components played key roles in assisting the Agency in improving its stewardship and maintaining its integrity, which were two major elements required in regaining the public’s confidence. They were the Advisory Board, Office of Strategic Management (OSM), Office of the Deputy Commissioner for Finance, Assessment and Management (DCFAM), and Office of the Inspector General (OIG).
Kenneth S. Apfel was sworn in as the Commissioner of Social Security on September 28, 1997. Under his leadership, there were a variety of major accomplishments to safeguard the Agency’s integrity and improve stewardship.
The Agency released a comprehensive Disability Management Report that had four goals. One goal was to safeguard the integrity of the disability program. The Foster Care Independence Act was signed into law by the President on December 14, 1999, giving the Commissioner greater power to protect the trust funds through the use of electronic information. Social Security’s FY 1999 Accountability Report included the first GPRA Annual Performance Report. SSA was the first Agency to publish the statutorily required report. Under Commissioner Apfel’s leadership, the Agency established an Electronic Service Delivery Project to explore among other things more cost effective and secure means for providing service that would further move the Agency toward achieving the expectations of GPRA.
Program integrity was significantly improved through the combined initiatives of SSA and OIG supported by legislation passed during the Clinton Administration.
The Social Security Independence and Program Improvements Act of 1994 established SSA’s own Office of the Inspector General. Until a new SSA Inspector General (IG) could be nominated and confirmed, the Department of Health and Human Services’ (HHS) IG, June Gibbs Brown, was appointed to manage her office as well as the newly established SSA OIG. The HHS’s OIG transferred 259 staff, including three senior executive service positions, necessary equipment and funding to create the office.
The OIG was required by the Inspector General Act of 1978 (IG Act), as amended to:
· Conduct and supervise independent and objective audits and investigations relating to Agency programs and operations.
· Promote economy, effectiveness, and efficiency within the Agency.
· Prevent and detect fraud, waste, and abuse in Agency programs and operations.
· Review and make recommendations regarding existing and proposed legislation and regulations relating to Agency programs and operations.
· Keep the Commissioner and the Congress fully and currently informed of problems in Agency programs and operations.
· Empower the IG with the independence to determine what reviews to perform, access to all information necessary for the reviews, and the authority to publish findings and recommendations based on the reviews.
The SSA OIG’s mission was to improve SSA programs and operations and protect them against fraud, waste, and abuse by conducting independent and objective audits, evaluations, and investigations. The IG provided timely, useful, and reliable information and advice to Administration officials, the Congress, and the public. The OIG proactively sought new ways to prevent and deter fraud, waste, abuse, and mismanagement. OIG committed itself to diversity, innovation, integrity, and public service.
The mission of the OIG was carried out through a nationwide network of offices comprising the Offices of Audit (OA), Evaluation and Inspections, and Investigations (OI). Staff in the Immediate Office of the OIG supported these three components.
On June 28, 1995, Commissioner Chater delegated to the IG the authority to implement sections 1129 and 1140 of the Social Security Act. Civil Monetary Penalties (CMP) were imposed against individuals and/or entities who misused SSA symbols and emblems (section 1140), or who made false statements and representations of material facts for use in determining initial or continuing rights to Social Security benefits or payments (section 1129). The first set of rules was published in the Federal Register on November 27, 1995, which provided the foundation to get the program off the ground.
The Senate confirmed David C. Williams as Inspector General on December 22, 1995. As the new IG, he immediately implemented an aggressive hiring program to build the investigative strength of the new OIG. Budget allocations grew from $10.3 million in 1995 to $56 million in 1999 with staff nearly doubling. There were enormous returns on investments. Experienced investigators from other federal law enforcement agencies became integral members of OIG. Their value to the Agency’s stewardship role was apparent in the OIG reports released between 1995 and 2000.
*Reflects data from April 1, 1995, through September 30, 1995.
**Reflects data from October 1, 1999, through March 31, 2000.
The OIG received 2,236 complaints in FY 1995 from sources both within and outside SSA. It opened 844 investigations, closed 679 cases, and obtained 287 criminal convictions. It recovered almost $3.9 million through fines, judgements, restitution, and recoveries. In addition, $35 million was saved through implemented recommendations to put funds to better use.
The OIG conducted a fraud vulnerability review during its first year of operation to determine how to best use its limited resources to fight fraud, waste, and abuse in SSA’s programs and operations. The review identified areas in SSA’s operation that were most vulnerable to fraud. Using this information and its experiences in the first year of operation, OIG restructured to build upon its original foundation and bring focus to its operations.
SSA has long delivered service to the American public in a manner that fostered confidence and trust in the quality of SSA programs and employees. The SSA tradition of stewardship and responsibility to protection of public information stemmed from its inception and was based in its first regulation (Regulation 1), which established a high standard for data protection. The IG’s reports included information that the Agency used to enhance its performance and solidify public trust.
The Clinton Administration initiated great advances in technology, enhancements in information sharing initiatives, and emergence of a strong Internet presence throughout Government. This new environment offered many advantages in improving SSA efficiency, public access, and employee job enrichment via advanced technology.
Recognizing that more online access created additional opportunities for abuse, SSA took steps to implement formal sanctions for abuse of its systems. In 1993, the Agency released the first formal set of Security Guidelines for Administrative Action. SSA also implemented an annual employee recertification process for systems access that same year. The two transmittals provided guidance to both employees and management regarding penalties for misuse of information/system and included a requirement for management to remind SSA employees of their responsibility to safeguard public records.
In 1994, Commissioner Shirley Chater issued the first memorandum to all employees that addressed privacy of personal information in Agency files. This memorandum re-emphasized employee responsibility to protect all Agency personal data that was collected while carrying out duties and reminded them of criminal and administrative penalties if breached. It addressed details of inappropriate use or disclosure of information and gave employees two methods of reporting abuses and concerns along with an option of anonymity.
Throughout the mid to late 1990s, SSA made great strides in expanding its systems network, moving to a sophisticated client-server environment and greatly expanding information exchange activity and data sharing with many more trading partners. It also saw a great metamorphosis in the way field office and other operating components had to address its customers. Paperless processing and “one stop” shopping were prevalent themes. This was also the era of “zero tolerance” for fraud.
On June 22, 1998, SSA’s Commissioner Kenneth Apfel released Administrative Penalties for Computer System Access Violations. This replaced the 1993 guidelines. A set of uniform sanctions entitled Sanctions for Unauthorized System Access Violations was established to ensure SSA computer systems violations were treated consistently. Three categories were established with the severity of penalty based upon the nature of the violation. Employees were also requested to sign acknowledgements indicating that they had read and understood the sanctions and whether they had current access to the computer systems or not. The sanctions were revised in a memorandum on March 2, 2000, after concerns were raised about Category II. This category was defined as the unauthorized access of a record with disclosure to an unauthorized source that does not involve personal or monetary gain and was not made with malicious intent. The reservation raised about Category II involved the fact it did not distinguish between disclosure of data to a person who was otherwise entitled to the information and the more serious violation of disclosure of information to a person who was not entitled to the information. The Commissioner listened to those legitimate concerns and decided to revise Category II to acknowledge the difference between the two actions. Changes were also made clarifying language in the other categories as well. It cited laws and guidelines requiring that Social Security to maintain proper security of all Automated Information Systems (AIS) resources, including data.
During the Clinton Administration, SSA Commissioners and IGs oversaw major initiatives related to privacy and protection of information. To maintain the confidence and trust of the American people regarding Social Security programs and records, the Agency made significant improvements in mechanisms and policies to enforce proper access and aggressively address any misuse of Agency records.
There were a number of initiatives that began in 1996. The OIG established the Office of Management Services to provide support to its operations by providing human resources, budget, and a variety of other resource management needs. This office also hosted the November 25, 1996 ribbon cutting ceremony launching the operation of the SSA Fraud Hotline. The Hotline served as the avenue for reporting allegations of fraud, waste, and abuse for SSA employees; other Federal, State, and local government agencies; and members of the general public.
In addition, during 1996, the Office of Evaluations and Inspections merged with OA to create a nationwide capability to conduct both formal audits and evaluations. Combining the knowledge, skills, and abilities of auditors and evaluators enabled the OIG to focus on identifying and recommending ways to prevent and minimize program fraud and inefficiency, rather than detecting problems after they occurred. This approach helped the Agency save millions of dollars. After this consolidation, OIG moved away from the traditional “regional” structure to “issue” area teams that provided centers of expertise in each of SSA’s program areas.
The OIG also created the Office of the Counsel to the Inspector General (OCIG) in 1996. Its primary purpose was to provide legal advice and counsel to the IG and senior staff on statutes, regulations, legislation, and policy directives governing the administration of SSA’s programs. The office was also established to provide legal advice pertaining to investigative procedures and techniques, as well as conclusions drawn from audit and investigative activities. The OCIG also assumed responsibility for administering the delegated Civil Monetary Penalty (CMP) program for the OIG. The OCIG worked diligently to publish final rules and regulations to build the initial infrastructure to launch this program. Two sets of rules were published in the Federal Register. The publishing dates were April 24, 1996 and December 13, 1996.
The Agency and the OIG established a unique partnership through the National and Regional Anti-Fraud Committees to jointly combine efforts and forces in a seamless attack on fraud, waste, and abuse as part of the Agency’s “Zero Tolerance for Fraud” campaign. These committees brought together OIG’s investigative experience and SSA’s program expertise to identify and prevent fraud in SSA’s program.
In 1996, the OA also initiated the Payment Accuracy Task Force, which was another cooperative effort with SSA that focused on enhancing the Agency’s processes to improve the accuracy of its payments. The smallest percentages of error represented large costs to the Agency and the trust funds that it stewarded. The OIG aimed to set a high standard for government excellence at SSA through cooperative efforts.
The OIG established the Joint Field Operations Program that was staffed with highly experienced investigators who drew on their experience and established contacts to focus on significant fraud and enumeration violations against SSA. The Office of Investigations (OI) also established a Strategic Enforcement Division to conduct studies of emerging criminal trends and look for the best ways SSA and OIG could prevent and detect fraud.
In 1997, the IG established the Office of Operations to serve as the focal point for the OIG’s strategic planning, the Congressional liaison, and public affairs activities. The OIG added the Enforcement Operations Division at Headquarters to oversee the day-to-day field activities and created the Special Inquiries Division to handle sensitive investigations into allegations of wrongdoing by senior SSA officials.
The OIG implemented an initiative to ensure readiness to combat “electronic crimes.” The Electronic Crimes Team was created to institutionalize the investigative capability to conduct computer forensic examinations, recover evidence in an electronic environment, and to provide expertise and training to OIG investigators across the nation. As SSA began to explore the expansion of on-line access to services, OIG needed to ensure that it was prepared to identify and address exploitation of SSA’s systems and electronic services.
The National Anti-Fraud Committee held its first National Anti-Fraud Conference from September 8 through 12, 1997 at SSA Headquarters. The theme of the conference was “New Approaches in a New Environment.” Over 450 SSA employees from central office and the field attended the conference. Representatives from State Disability Determination Services (DDS) units and the General Accounting Office (GAO) attended. The conference featured discussions on new investigative approaches and technology and systems issues. Acting Commissioner John Callahan, Acting Principal Deputy Commissioner John Dyer, and Inspector General David Williams participated in the conference and spoke to the attendees.
The year 1998 marked the start of large-scale investigative projects designed to address major problems facing SSA in the administration of its programs. Three of the most notable operations that had major impacts on OIG’s successes were Operation Contender, Operation Border Vigil, and Operation Water Witch.
OIG’s work in this area focused on individuals who filed false claims or program participants who defrauded the program by making false statements or by overtly concealing factors that affected their initial or continuing eligibility or entitlement for payments. OIG joined with SSA’s Office of Disability and established CDI teams in Georgia, Louisiana, Illinois, New York, and California. These teams were composed of OIG Special Agents and State law enforcement officers, as well as SSA and State DDS claims professionals. The DDS referred suspicious cases to the team, which in turn collected evidence to verify or refute the suspicion. If the team confirmed that the claim was fraudulent, the DDS was notified and it either denied the application or stopped benefits.
Operation Border Vigil’s purpose was to focus on a major vulnerability in SSA-administered programs. The IG initiated a variety of projects under this operation across the country to identify Supplemental Security Income (SSI) recipients receiving payments based on fraudulent statements regarding residency as well as other eligibility factors such as citizenship, alien residency status, age, income, and resources. The OIG also participated in International Integrity Projects with SSA’s Office of International Operation to define problems inherent to the distribution of benefits to individuals living in foreign countries and to develop strategies that addressed the issues.
Operation Water Witch was initiated to implement provisions of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996. A recipient became ineligible for SSI benefits during any month that the recipient fled to avoid prosecution for a felony or fled to avoid custody or confinement after conviction of a felony. Through localized and manual processes, OIG Special Agents identified SSI recipients who were fugitives and notified the warrant issuing agency and the SSA that the individual was ineligible for benefits. SSA stopped payments, determined if the individual was overpaid, and initiated collection activities.
Recognizing that the operation would be more effective and efficient through the use of computer matching, OIG negotiated with the Federal Bureau of Investigation (FBI), the U.S. Marshals Service, and the National Crime Information Center to establish computer-matching agreements. By July 1, 1998, there were formalized investigative plans in all 50 States to establish points of contact and define mechanisms through which SSA and the State could exchange computer-matching data.
The IG abolished the Office of Operations, folded its functions into the Office of Management Services, and established a new Office of External Affairs in 1998. The Office of External Affairs assumed responsibility for the OIG’s Congressional and Public Affairs Program, the newly established quality assurance function, and the conduct of OIG employee investigations. The Quality Assurance Team performed internal reviews to ensure that OIG offices held themselves to the same rigorous standards that were expected from SSA. The Public Affairs Team communicated OIG’s planned and current activities and their results to the Commissioner and Congress as well as other entities.
The SSA Fraud Hotline was moved from the Office of Management Services in 1998 to the OI under a new division called the Allegation Management Division. The move allowed investigators to more closely manage the incoming allegations and apply their investigative expertise to gain more efficiency in the Hotline operation. In FY 1998, the Hotline staff processed nearly 30,000 allegations, which was a significant increase from the 4,106 allegations in FY 1996. To keep pace with the growing number of allegations received, the Principal Deputy Commissioner agreed to increase the SSA Fraud Hotline’s staffing levels in the next year.
On July 30, 1998, IG Williams was officially nominated to be the Inspector General at the Department of the Treasury. Immediately upon his departure, the Deputy IG, James G. Huse, Jr. became the Acting IG.
There were several major changes in OIG’s organization in 1999. The OI reorganized its Headquarters divisions, abolished the Special Inquiries Division, and created the Manpower and Administration Division to provide necessary resource, administrative, and technical guidance to its field divisions. Also, in response to the Presidential Decision Directives 62 (Terrorism), 63 (Critical Infrastructure Protection), and 67 (Continuity of Government), the OIG established the Critical Infrastructure Division (CID) within the Office of Investigations. The CID worked with SSA’s System Security Officers and representatives from SSA’s National Computer Center to define and administer an intrusion response program that included OIG notification and investigation, if warranted. The division assumed responsibility for operating the Electronic Crimes Team that was created in 1997.
OIG also merged the Office of External Affairs and the Office of Management Services to create the Office of Executive Operations. This component was responsible for a broad range of activities including communicating the results of OIG’s work to external stakeholders and providing the internal administrative support for all OIG activities. This office supported the budget, human resources, systems, public affairs, and quality assurance infrastructure for the entire OIG.
In March 1999, OIG held the Grand Opening for a newly expanded Fraud Hotline that had increased in staffing to four times its 1998 size. The Hotline was relocated to a new state-of-the-art facility and it processed nearly 75,000 allegations representing a 150 percent increase in productivity from FY 1998.
On July 28, 1999, President Clinton submitted James G. Huse, Jr.’s nomination to the Senate to become the second IG of SSA. On November 10, 1999, the Senate confirmed Mr. Huse’s nomination and on November 22, 1999, in a ceremony in Baltimore, Maryland, Mr. Huse was sworn into office.
Late in 1998, the Congress passed the Identity Theft and Assumption Deterrence Act of 1998 (P.L. 105-318). This Act, commonly called the Identity Theft Act, acknowledged that the Social Security Number (SSN) was a means of identifying an individual. This legislation empowered law enforcement authorities to arrest, prosecute, and convict individuals who fraudulently used another person’s SSN to create a false identity. The law also charged the Federal Trade Commission (FTC) with establishing a centralized identity theft complaint database and providing informational material on identity theft to complainants. In addition, the FTC could refer identity theft allegations to appropriate Federal, State, or local law enforcement agencies, as well as to the three major credit bureaus. Since SSN misuse accounts for over half of the complaints to the Fraud Hotline, OIG aggressively began partnering with other Federal and State organizations to reduce the incidents and impact of these crimes and maximize its resources.
To proactively address identity theft, OIG participated in a long list of activities that included working with the Federal Trade Commission (FTC) to develop government-wide educational material, reviewing and providing input on FTC’s proposed identity theft complaint form, became of member of the Identity Theft Subcommittee of the Law Enforcement Initiatives Committee and the Attorney General’s Council on White-Collar Crime, published an article entitled Social Security Number Misuse and Identity Theft for the FTC’s Summer 1999 issue of Fraudbusters! Magazine, met with U.S. Sentencing Commission representatives to discuss sentencing guidelines for individuals convicted of identity theft, and launched SSN misuse pilot projects in five cities across the Nation. Investigators provided the lead in working with various Federal and State agencies on SSN misuse allegations referred to OIG and developed a referral system that allowed for the automated transfer of data between the FTC and the OIG Hotline.
The OCIG was instrumental in the prosecution of individuals guilty of violating section 1140 of the Social Security Act. The Federal Records Service Corporation (FRSC) sent out approximately 2.2 million solicitations each year that targeted new brides and new mothers with deceptive advertisements. The direct mail solicitations to consumers appeared to be from, or endorsed by, SSA. For a $15 service fee, they offered to process SSA’s application forms for name changes and newborns’ SSNs. SSA provided assistance in filling out these forms free of charge. OCIG collaborated with investigators, SSA’s Office of the General Counsel, and the Department of Justice to obtain a preliminary injunction and negotiate a favorable settlement of this case. Under the terms of the settlement, FRSC was dissolved and the first two defendants were ordered to pay penalties of $845,000 to the Social Security Trust Fund. Overall, all the defendants agreed to pay over $1 million total to the Social Security Trust Fund.
The success and preventive nature of the CDI teams in the five pilot locations caused SSA and OIG to add additional teams in Missouri, Oregon, and Texas. The Fugitive Felon Project, under the former Operation Water Witch, experienced a 287 percent increase in the number of fugitives identified after implementing one electronic data match with one State.
In FY 1999, OIG received 74,360 complaints, opened 9,238 investigations, and closed 7,308 cases. OIG obtained 3,139 criminal convictions and recovered over $213 million through fines, judgements, restitution, and recoveries. In addition, over $519 million was saved through implemented recommendations to put funds to better use.
OIG had an uneventful transition into the new millennium, primarily due to the diligence of SSA’s systems staff, its own CID staff, and systems support staff. The year 2000 began with a Congressional and media focus on the issue of representative payees, resulting from one of OIG’s recent investigations involving a representative payee serving over 140 disabled individuals who had embezzled over $300,000 in a 4-year period. To assist the Agency in addressing this area, the IG committed auditors to performing independent on-site audits of a limited number of representative payees. These audits enabled the Agency to identify problem areas that needed to be addressed to ensure that beneficiaries’ benefits were being soundly managed. The IG also opened three more CDI teams in New Jersey, Virginia, and Florida. By the end of FY 2000, eleven teams were expected to be operational.
OIG continued its activities in the SSN misuse and identity theft arena. It needed to ensure that the office was equipped with the necessary tools and resources to address the flood of complaints that it anticipated from the Hotline and the FTC. The OIG participated in two key events that brought the private and public sectors together to discuss efforts to address identity theft. The first of these events was the Canadian Identity Fraud Workshop held in Toronto in February 2000. The OIG gave a presentation to Government representatives from Canada, Australia, and the United Kingdom on identity theft in the United States. It also participated in round table discussions with representatives from other Nations to identify common problems and possible remedies.
The second event, the National Identity Theft Summit, held in March 2000, was hosted by the Department of the Treasury in Washington, D.C. and incorporated five panels to discuss victim issues, prevention measures, and short-term remedies for both the private sector and governmental agencies. The OIG co-coordinated the prevention panel, which the IG moderated. This panel was designed to give the attendees ideas and suggestions on how to prevent identity theft.
To further its fight, OIG proposed to the Congress and SSA that they expand the CMP program to include SSN misuse and identity theft penalties for those cases that were not accepted by the U.S. Attorney’s Office for prosecution. The OIG detailed a lawyer to the Department of Justice to assist in the prosecution of SSN misuse and identity theft cases.
From October 1, 1999 through March 31, 2000, the OIG received 44,944 complaints, opened 4,277 investigations, and closed 4,069 cases. It obtained 1,169 criminal convictions and recovered over $122 million through fines, judgements, restitution, and recoveries. In addition, over $170 million was saved through implemented recommendations to put funds to better use. The IG testified before House and Senate Committees on ten occasions from March 7, 2000 through September 12, 2000.
The IG was in continuous dialogue with Congressional committees that sought legislative remedies to strengthen SSA programs and to provide the investigative tools to prevent, identify, and deter criminal activity and assist the Agency in maintaining its integrity. The chart below provides return on investment information for the SSA OIG since its inception. It’s only one indicator of the successes of the Office of the Inspector General.
*Reflects data from April 1, 1995 through September 30, 1995.
Each component of the OIG was dedicated to advancing SSA’s goal to make SSA program management the best in business, with zero tolerance for fraud and abuse.
Fraud Initiatives/Program Integrity
SSA has always taken its stewardship role very seriously. The American public rightfully expects SSA to be vigilant stewards of its tax dollars. In fulfilling its mission “to promote the economic security of the nation’s people through compassionate and vigilant leadership in shaping and managing America’s Social Security programs,” SSA believed that fraud and abuse were unacceptable at any level and operated to reflect its belief.
The potential for deliberate acts of deception exists in all government programs. While SSA had not found widespread fraud in its programs, any level of fraud was a source of concern. Independent Agency status allowed SSA to take steps to expand and strengthen the OIG by providing additional investigative resources for combating fraud. One goal of the Agency was to continue to increase its attention to deterring fraudulent activities and bringing to justice those who committed fraud, whether members of the public or SSA employees. To accomplish this goal, SSA established three major objectives:
· Change programs, systems, and operations to reduce instances of fraud;
· Eliminate wasteful practices that erode public confidence in SSA; and,
· Prosecute vigorously those who damage the integrity of SSA’s programs.
Initially developed in 1996, SSA and OIG devised a comprehensive key initiative tactical plan to strengthen the public trust and confidence in SSA and to assure the highest level of integrity in SSA programs. The tactical plan reflected broad, Agency-wide participation with initiatives identified at a grassroots level throughout the Agency. A principal part of this tactical plan initiative was the creation of a National Anti-Fraud Committee whose function was to oversee, direct and support the Agency’s anti-fraud plans and activities. The National Committee was comprised of SSA senior staff and co-chaired by the Deputy Commissioner for Finance, Assessment and Management and SSA’s Inspector General.
In addition to developing its own anti-fraud initiatives, the National Committee oversaw and supported Regional Anti-Fraud Committees, which were established to coordinate anti-fraud strategies in each of SSA’s ten regions. The Regional Committees included Regional Commissioners, other Senior SSA and OIG staff, as well as managers of SSA Field Offices.
The National Anti-Fraud Committee fully supported the SSA/OIG Combating Fraud key initiative tactical plan. The tactical plan initiatives were designed to provide stewardship and oversight consistent with increased public confidence, while aggressively deterring and detecting fraud. The Agency was very mindful that reports of fraud, waste, or abuse would trigger public perceptions that SSA was not efficient or that it did not make the best use of tax payer dollars.
Four Regional or National Anti-Fraud Conferences were held from September 1997 through May 1999. These conferences provided a forum to discuss new ideas, as well as existing initiatives. Since 1997, SSA has published the Annual Report to Employees on Anti-Fraud Initiatives to inform employees about the Agency’s anti-fraud efforts and to generate new ideas and recommendations.
Perhaps the Agency’s biggest contributors to its anti-fraud efforts were the employees in SSA’s 1,300 field offices whose commitment to maintaining the integrity of the Social Security programs was unswerving. It was often field office and DDS employees who uncovered fraudulent schemes. These employees were the biggest assets in the Agency’s fight against fraud. SSA was committed to continue training them in anti-fraud practices and seeking additional tools to make their anti-fraud commitment easier and more effective.
Components partnered in a number of initiatives to capitalize on the skills of staff and to make the most of limited resources. The OIG believed that a constant flow of information among its auditors, investigators, and attorneys was critical to the success of improving SSA program integrity. The Agency and OIG also worked with other Federal and State agencies on a number of initiatives.
Although the vast majority of SSA’s 65,000 employees were proven trustworthy and dedicated civil servants, a few corrupt employees could compromise the integrity of the Social Security system and undermine the public’s confidence in the Agency’s programs. Because of this, the detection of employee fraud was an investigative priority.
The OI provided the lead in a cooperative effort with various financial institutions to uncover a scheme where SSA employees provided private information from SSA’s databases to outside individuals. The individuals used the information to activate stolen credit cards. Since the project’s inception in 1998 to March 31, 2000, the OI identified 12 SSA employees involved in the activities and $1.4 million in fraud loss to financial institutions.
Service Provider Fraud
SSA appoints representative payees for individuals who are unable to manage their own funds. While the vast majority fulfilled their roles, there were some representative payees who misused the benefits of their clients. The Agency and the IG were committed to detecting and punishing individuals who committed this type of fraud as well as identifying ways for SSA to improve its oversight of representative payees.
The OIG audit work identified two major challenges facing SSA concerning the Representative Payee Program. They were the processes of selection and monitoring of representative payees. When SSA determined a beneficiary was “incapable of” or “prohibited from” managing their benefits, SSA screened and selected a suitable representative payee. The Agency used a preferred list to initiate a search for a suitable representative payee. SSA generally preferred to appoint relatives as representative payees rather than friends or other third parties.
SSA interviewed and “investigated” prospective representative payees to determine their suitability. It was not a formal investigation, but rather a means to conduct an SSA records verification. Some of the documents that SSA reviewed were drivers’ licenses, state identification cards, bankbooks, and credit cards. The Agency generally did not verify the accuracy of the information presented unless it had a reason to question the applicant’s suitability. The Agency verified that the prospective representative payee had not been convicted of a felony against Social Security programs.
For organizational payees, SSA verified the Employer Identification Number (EIN) of the representative payee by comparing the EIN on the representative payee application to the EIN on SSA’s records. SSA did not perform credit or security background checks on prospective individual or organizational payees to determine if they had financial problems, bad credit, or if individuals or employees of the organization were convicted of any other felony.
The Agency had safeguards in place to ensure that representative payees did not misuse benefits. The safeguards included requiring an annual accounting report from all representative payees for each individual under their care and performing on-site reviews of representative payees.
The OIG’s December 1996 report entitled Monitoring Representative Payee Performance: Nonresponding Payees identified several problems with representative payees who did not provide these annual accounting reports. The IG recommended that SSA determine why representative payees did not complete and return accounting reports and determine whether SSA staff were properly processing systems-generated alerts for payees who did not respond. SSA responded by proposing to conduct Quick Response checks when representative payees did not return the reports.
On-site reviews were visits with the representative payee or the administrators of organizations and consisted of an examination of the accounting records and interviews with beneficiaries to determine if their needs were being met or if they were experiencing any problems. While the reviews may not have uncovered all instances of representative payee abuse, the Agency believed the reviews provided a deterrent effect for those who were prone to commit this type of fraud, especially of those representative payees who did not submit the annual accounting form.
In a March 1997 evaluation report entitled Monitoring Representative Payee Performance: Roll-Up Report, the IG recommended that SSA conduct a more thorough screening of potential representative payees. As a result, SSA proposed legislation that would require non-governmental organizational representative payees to be both bonded and licensed, providing that licensing was available in the State. The Congress later introduced the proposal.
The March 1997 report also included recommendations for SSA to conduct periodic reviews of selected payees and change the focus of the current process from accounting to monitoring and compliance. By focusing on compliance issues, SSA could learn in a timely manner whether or not a problem existed. The Agency embarked upon actions intended to address various aspects of its representative payee monitoring and oversight.
SSI Eligibility Project
SSA partnered with OI in 1998 in an SSI Eligibility Project that was designed to determine the extent of violations concerning eligibility requirements for the SSI program. Staff mailed questionnaires to a sample of recipients, and if they were not answered, face-to-face interviews were requested. Within a short amount of time, it became clear that certain individuals had given false information to SSA about their residence status in order to make them eligible for SSI payments. In addition, others were identified who, after having been declared eligible for SSI, returned to their country of origin and continued to receive SSI payments.
The Office of Audit (OA) conducted a review, The Adequacy of the Residency Verification Process for the Supplemental Security Income Program, to determine the adequacy of the process used in the project. The review also determined if SSA provided the proper guidance to field offices to verify that recipients were U.S. residents. OA recommended that SSA revise its procedures to provide for expanded residency development.
Because of the success of these investigations OIG collaborated with SSA’s New York Regional Office, New York City, and New York State officials to identify SSI recipients who obtained payments illegally or contrary to regulations. Perhaps more importantly, it was determined that this method could be used to identify both suspect SSI and Old-Age, Survivors and Disability Insurance claims at foreign sites and other U.S. locations.
Because SSN misuse can strike at the core of SSA’s programs and operations, the OIG knew that misuse would be one of its major workloads. One of OIG’s first reports issued as the new SSA OIG dealt with the effectiveness of computer profiling to detect suspected fraudulent enumeration and claims activity. Other reviews conducted revealed some alarming trends and issues related to SSN misuse. OIG recommended actions that would strengthen SSA’s enumeration process and help to prevent SSN misuse.
One of those reviews, Using Social Security Numbers to Commit Fraud, documented vulnerabilities in SSA’s enumeration process and highlighted several SSN fraud cases that OIG investigated and referred to the Department of Justice for prosecution. In the report, three recommendations were made: 1) SSA should incorporate preventive controls in its Modernized Enumeration System; 2) SSA should require verification from the issuing State when an out-of-state birth certificate was presented as evidence for an SSN application; and 3) SSA should continue its efforts to have the Immigration and Naturalization Service (INS) and the State Department (DOS) collect and verify enumeration information for aliens.
The Agency’s Enumeration at Entry initiative was expected to greatly improve the way SSA assigned SSNs and issued SSN cards to non-citizens. With this initiative, INS would electronically forward the data collected as part of the immigration process to the Agency to assign SSNs and issue Social Security cards. This change served two important goals: fraud prevention and improved customer service.
The initiative would increase and protect the integrity of the enumeration process by closing off opportunity for illegal work and other crimes. Prior to the initiative, non-citizens presented INS issued documents in SSA offices as proof of alien status and authority to work. The INS could not authenticate the documents for some time after the non-citizen’s arrival because the data was not available in any INS system. This lag allowed dishonest individuals to present false INS documents at SSA offices and fraudulently secure SSNs for illegal work activity or credit card scams. With INS and the DOS collecting enumeration information during the immigration process and quickly passing it on to SSA, the Agency could ensure that a non-citizen’s lawful status and authority to work were never in doubt when it assigned an SSN.
Better overall governmental efficiencies and savings were expected to flow from the new streamlined process. Prior to the new process, legal non-citizens had to apply for Social Security cards at SSA offices, where they were required to furnish virtually the same information they gave to DOS and INS for immigration purposes. Assigning SSNs based on information collected by DOS or INS would save the individuals the additional trip to SSA and only require them to give the information once.
Over the years, the Agency tightened its SSN policies and instituted different procedures and systems checks to prevent fraudulent documents from being used to obtain SSNs and SSN cards. Essential to the Agency’s ultimate goal to prevent fraud was ending its dependence on documents that might have been forged or misused by the dishonest in an attempt to acquire an SSN.
The Agency’s prior efforts to prevent the use of fraudulent documents to obtain SSNs included:
· Instructions for SSA employees on examining documents submitted as evidence for an SSN (i.e., proof of age, identity, and U.S. citizenship or alien status).
· An SSA system that tracked applications for SSN cards submitted with “suspect” or “fraudulent” documents. This capability prevented an individual with fraudulent documents from “shopping around” for an SSA office which might accept them. It interrupted the issuance of an SSN card pending further investigation by the SSA office.
· SSA used the INS Systematic Alien Verification for Entitlements (SAVE) program to verify every INS document presented with an application for an SSN card except for documents from aliens who have not been in the country long enough for information to be available through SAVE.
The Agency’s Comprehensive Integrity Review Process alerted field offices when multiple Social Security cards were sent to the same address over a short period. The offices then investigated to determine whether the alerts reflected any fraudulent activity.
The Enumeration at Entry initiative proceeded with a phased in approach:
Phase 1: The DOS will collect enumeration data for immigrants along with visa information and forward it to the INS that will, in turn, forward the data to SSA;
Phase 2: INS will forward to SSA the enumeration data collected from aliens changing from nonimmigrant alien status to permanent residents; and
Phase 3: INS will forward to SSA enumeration data collected from aliens applying for permission to work and issued employment authorization documents (EAD).
The Enumeration at Entry initiative would provide a better overall enumeration process for non-citizens, deter the use of fraudulent documents, and allow applications for SSNs as part of the immigration process.
The following chronology details activity on the non-citizen enumeration process:
1991 SSA wrote to INS requesting INS explore with SSA new ways to enumerate non-citizens. SSA and INS met to discuss new ways to enumerate non-citizens.
INS informed SSA that it could not assist SSA then in enumerating aliens because of higher priorities and operational considerations.
1994 SSA and INS reopened discussions on exploring new ways to enumerate non-citizens.
1996 SSA and DOS signed a memorandum of understanding for DOS to collect enumeration information for immigrants as part of the immigration process.
1997 Proposed rule published to permit the DOS and INS to collect information needed to assign SSNs to aliens.
1998 Final rule published to permit the DOS and INS to collect information needed to assign SSNs to aliens.
In addition to the complexity of coordinating this initiative with three agencies, two separate pieces of legislation (the Illegal Immigration Reform and Immigrant Responsibility Act of 1996 and the Taxpayer Relief Act of 1997) required INS and SSA to temporarily set aside work on the Enumeration at Entry effort.
The INS set aside its review of the draft memorandum of understanding (MOU) received in June 1996 to focus on implementing the requirements of the 1996 immigration reform legislation (enacted in September 1996). The INS completed its review of the MOU in June 1997 and returned it to SSA with minor comments.
SSA began revising the MOU to incorporate the INS comments but put it aside when the tax legislation passed in August 1997. That legislation required SSA to collect additional information when assigning Social Security numbers to children for income tax purposes. As a result, SSA decided to limit the collection of enumeration information to adults (individuals age 18 and over) only for the Enumeration at Entry initiative.
The Agency revised the MOU and returned it to INS in March 1998. Because of high workloads and other priorities, the INS did not complete its review of the revised MOU until July 2000. SSA, INS, and DOS began meeting in July 2000 to discuss final MOU language.
In a report related to one of the new OIG’s first reports, Analysis of Social Security Number Misuse Allegations Made to the Social Security Administration Fraud Hotline, OIG identified the different types of SSN misuse allegations and estimated the number of occurrences for each category during the period of review. The analysis showed that the sampled OIG Hotline allegations could be placed in five categories: identity verification; sales solicitation; loss of SSN card; problems with the SSN; and identity theft. About 81 percent of the SSN misuse allegations the Hotline received related directly to identity theft.
In an effort to prevent program-related SSN misuse, OIG conducted work that considered the possibility of SSA using biometrics technologies. The report, Social Security Administration is Pursuing Matching Agreements with New York and Other States Using Biometrics Technologies, outlined the possible benefits to SSA of pursuing matching agreements with States that have employed biometrics technologies to combat fraud and identify ineligible recipients for social service programs. OIG believed that SSA could use the results of New York State’s biometrics program to identify individuals who were improperly receiving benefits, thereby reducing and/or recovering any improper benefit payments.
Foreign Anti-Fraud Activities
In keeping with the Agency objective of “zero tolerance for fraud,” SSA maintained a vigorous schedule of foreign validation surveys during which beneficiaries’ entitlement and continuing eligibility were re-checked and their existence and identity were verified by personal interview in their homes. Seventeen surveys were conducted from January 1993 to August 2000. The countries surveyed were Mexico, Hungary, Dominican Republic, Philippines, Jamaica, Ecuador, Argentina, Yemen, Costa Rica, Panama, Canada, Poland, Trinidad and Tobago, Portugal, Spain, Italy, and France.
In addition, SSA greatly increased the number of special contact programs and verification projects where validation surveys or other information indicated a potential problem. In fiscal year 1999 alone, over 20 special integrity studies were initiated. These studies were conducted by the RFBOs and Foreign Service Post (FSP) personnel and generally designed to uncover unreported deaths or other payment eligibility irregularities.
On December 14, 1999, President Clinton signed H.R. 3443, the Foster Care Independence Act. The act included provisions that strengthened the Agency’s abilities to recover overpayments, prevent and combat fraud, protect beneficiaries from unscrupulous representatives and health care providers, and provide better service to SSA customers.
The act made representative payees of beneficiaries liable for OASDI or SSI overpayments caused by payments made to a beneficiary who had died and required the Agency to establish the overpayment on the representative payee’s SSN. It extended to the SSI program all of the debt collection authorities that were presently available for collection of overpayments under the OASDI program and included procedures for imposing penalties for making false or misleading statements that would be used for determining eligibility. The act also helped protect beneficiaries by barring representatives and health care providers from the OASDI and SSI programs if they had been found to help commit fraud.
Since the SSI Program’s inception in 1974, SSI recipients were not eligible for benefits if they became inmates of a public institution (including a prison) throughout a calendar month. In 1980, Congress passed legislation requiring SSA to suspend payments to incarcerated felons entitled to Social Security disability insurance benefits. In subsequent years, additional legislation was passed requiring SSA to stop benefits to all categories of Social Security Retirement, Survivors, and Disability Insurance (RSDI) beneficiaries convicted of crimes punishable by 1-year imprisonment. This included those found not guilty by reason of insanity (NGRI) or incompetent to stand trial.
Initially, SSA Field Office (FO) personnel contacted the various facilities to obtain the information needed to suspend benefits to inmates of public institutions. The specific resources available in an FO or the facility made the effectiveness of this approach vary. After passage of the 1980 legislation, SSA made further efforts to obtain prisoner information by having the Regional Offices contact State prison officials. Some States readily agreed to provide information, but others were slower to agree.
While SSA made steady but slow progress to secure data and to identify prisoners, it did not effectively manage or monitor the prisoner suspension process. In addition, the prisoner suspension activities did not compete well with other Agency priorities.
In 1994, the Office of Program Policy (OPP) internally changed the organizational responsibility for the prisoner suspension policies and procedures, and SSA began a more intensive re-examination of its administration of the prisoner provisions. It quickly concluded that it needed to devote much more aggressive attention to this area, and the Agency recognized three major barriers to full compliance with the law:
1. A lack of full awareness of the statutory provisions by most penal authorities affected their willingness to cooperate.
2. The conflict of identification systems used by SSA (Social Security Numbers (SSN) and the penal facilities (fingerprints)). SSA used the SSN as the identifier, but the criminal justice system used fingerprints as its main means of identification. There was little incentive for a convicted person to reveal to prison officials his/her correct SSN and prisons had no particular need for correct SSNs.
3. The lack of SSA management emphasis on full compliance permitted many process deficiencies to remain undetected and unresolved. The internal process was fragmented and lacked adequate controls and most tasks were manual. Even where agreements were in place, SSA lacked a method for monitoring the facilities’ compliance with the agreement. Because of this, SSA could not always track incoming data effectively. SSA could not determine if the data came into SSA, if SSA processed the data, or if the data did, in fact, result in a suspension.
Having identified the major problems, SSA engaged the help of the National Criminal Justice Association (NCJA). In October 1994, the NCJA brought SSA officials and members of the penal community together to identify the obstacles involved with getting data from prisons, especially those relating to the identity of prisoners, and to seek solutions. The NCJA report noted that “Neither the Congress nor SSA realized the complexities it would encounter in implementing the [prisoner] provision.” After the meeting, SSA built and expanded relations with the National Institute for Corrections, The American Jail Association and the National Sheriffs’ Association.
In 1995, SSA aggressively initiated a course of action that continued to result in significant improvements in the prisoner suspension process. Some of these actions included:
· Escalated the prisoner suspension process to a top Agency priority.
· Began a major initiative to contact all correctional facilities. As a result of this, SSA obtained agreements with the Federal Bureau of Prisons, all State Prisons, and the 25 largest local prisons to provide us prisoner data. In addition, it obtained agreements with over 3,500 local facilities.
· Contacted Governors, heads of correctional institutions, Correctional Associations and similar stakeholders to obtain their help and support in providing prisoner data.
· Published articles on the importance of providing prisoner data to SSA in various journals for the correctional associations.
· The cooperation of State and local correctional institutions was critical to the suspension process. Therefore, SSA developed, maintained and nurtured an excellent working relationship with these facilities and the Associations that represented them.
· Obtained historical data from the Federal Bureau of Prisons and State Prisons as a check to ensure that SSA identified and suspended all prisoners.
· Conducted reviews of the prisoner suspension operation to determine if SSA needed to improve its operation. As a result of these efforts, SSA was now verifying 92 percent of the data facilities submitted to SSA.
· Developed and pursued legislation that provided an incentive payment to correctional facilities that provided SSA prisoner data that results in the suspension of Title XVI payments. This not only ensured that SSA continued receiving the data, but also motivated the correctional facilities to provide more thorough information. Another legislative proposal providing additional incentives for the Title II program was developed and was being actively considered by Congress.
· In August 1996, the Title XVI portion of this legislative change was enacted.
The Bonin Case illustrates why the Agency needed to improve its efforts regarding prisoner related matters. William G. Bonin was a convicted felon incarcerated at San Quentin, a California State Prison, since March 22, 1982. He was executed on February 23, 1996. Upon notification of his death by the funeral director, the servicing FO discovered that Mr. Bonin had been entitled to Social Security disability benefits since January 1972 and was still in current payment status. Benefits were terminated in February 1996, but too late to stop the March 1996 check. An alert was generated in August 1990 via a computer match with the California State Department of Corrections. This computer alert did not result in a suspension because no action was taken on the alert. Following an investigation by the OIG, SSA obtained an agreement that resulted in full restitution for the overpayments. A number of initiatives followed to address the problem of “Prisoners.”
An inter-component workgroup, formed in February 1996, examined all phases of the prisoner suspension operation and prepared a process analysis of its strengths and weaknesses. The team determined that there were problems in every phase of the overall process from receipt of prisoner data to actual suspension of benefits.
In February, instructions were issued to the FOs to obtain written agreements from the facilities that were willing to provide prisoner data. By June 2000, SSA had agreements with the majority of local facilities for reporting prisoner data.
There were a number of actions taken to improve processing prisoner data. To correct the process weaknesses identified in the Bonin case, and to also incorporate the incentive payment provisions of the law that were enacted in August 1996 (Welfare Reform Act), SSA initiated the following activities:
· Each program service center (PSC), including the Office of Disability and International Operations, has established a centralized fax number to handle all prisoner actions. They identify pending prisoner items and processed them as a priority workload.
· Operations informed all the Regional Commissioners and managers in the PCs, FOs, and teleservice centers (TSCs) of the importance of processing prisoner alerts.
· A database was designed to monitor and control the receipt of prisoner information from all correctional institutions and mental health institutions to ensure they reported their data to SSA in a timely fashion.
· An automated system was established that controlled and monitored all prisoner alerts to make sure the alerts were worked quickly and accurately.
· SSA established an automated system to pay incentive payments to correctional institutions for inmate data that they provided to SSA in order to suspend benefits to individuals who were ineligible because of incarceration.
· SSA requested, received, and processed historical files from the Federal Bureau of Prisons and most State Prisons to ensure that it identified and suspended all prisoners receiving benefits in the past and the present.
At the national level, SSA staff worked with correctional officials of the Large Jail Network and other correctional associations (such as the American Jail Association (AJA), the American Correctional Association (ACA), and the National Sheriff’s Association (NSA) to obtain data at the local level and increase the availability of the data electronically. With the assistance of the Department of Justice, SSA also worked with other organizations associated with penal institutions and mental health agencies concerning the provisions related to the NGRI provision.
Public relations campaigns were initiated to inform the law enforcement communities and correctional facilities about SSA’s need to stop benefits to certain inmates.
SSA staff participated at the meetings, conventions, and conferences that the AJA, ACA, and the NSA sponsored. Public campaigns at these meetings increased awareness of the sponsors of information that SSA needed to identify Social Security beneficiaries in such institutions. These efforts were expected to open communication links between SSA and the people it needed to reach to achieve cooperation for reporting prisoner data timely.
The continued success in the SSA’s prisoner suspension operation depended on several key factors. These factors were:
· An efficient computer matching operation and the systems support to keep it streamlined and modern.
· SSA operational resources to develop and timely suspend benefits to Social Security beneficiaries based on the inmate data that was processed through the computer matching operation.
· Continued voluntary cooperation of the correctional and mental health institutions throughout the United States to provide inmate data to SSA to identify individuals whose SSA benefits should be suspended because they were incarcerated in accordance with SSA laws.
· More dedicated monitoring of inmate reporting agreements with correctional and mental health institutions to ensure that the agreements do not lapse or expire.
· Closer tracking of SSA’s receipt of inmate reports from correctional and mental health institutions and reconciliation of the reports if they are not received on time.
On April 28, 1998, President Clinton sent an executive memorandum to all the heads of the executive departments and agencies. The memorandum directed them to take specific actions regarding sharing information related to prisoners who received benefits.
SSA built a Federal Benefit/Prisoner Data Exchange System to share prisoner data with other federal benefit paying agencies in compliance with the presidential memorandum. On November 1, 1998, the Federal Benefit/Prisoner Data Exchange system was operational and other federal benefit paying agencies began using the system to retrieve prisoner data.
The Congress passed a new law. The Ticket to Work and Work Incentives Act (P.L. 106-170) signed by President Clinton on December 17, 1999 extended to Title II the provisions of the PRWORA of 1996 that authorized payments from SSA to correctional and mental health institutions that reported inmate information to SSA. Beginning April 4, 2000, the new law authorized SSA to pay incentive payments to correctional and mental health institutions for information that led to a suspension of inmates entitled to retirement, survivor, and disability benefits (RSDI—Title II). The incentive payments and amounts were:
· $400 for information received within 30 days after the individual’s date of conviction and confinement.
· $200 for information received between 30 and 90 days after an individual’s date of conviction and confinement
· No payment was made for information received on or after the 91st day.
When the reported inmate was a concurrent beneficiary, the correctional or mental health institution received only a single incentive payment; the cost to was split between the two programs.
In order to qualify for incentive payments, an Incentive Payment Memorandum of Understanding (IPMOU) had to be in place. Many institutions had SSI IPMOUs in place that qualified them for the payment of an incentive payment as a result of SSI suspension actions. New IPMOU agreements had to be negotiated to allow for the Title II incentive payments.
The Agency suspended Title II benefits for any periods of conviction and confinement in a correctional or mental health institution that lasted for more than 30 continuous days. The law also prohibited payment of monthly benefits to any person whom, upon completion of a prison term, remained confined by court order to a public institution as a sexually dangerous person or a sexual predator.
OIG conducted two audits involving payments that were made to prisoners. The objective of the first audit, Effectiveness in Obtaining Records to Identify Prisoners, was to determine whether SSA had adequate procedures to obtain complete and timely information for individuals who were confined to correctional facilities. It revealed that SSA did not have the ability to identify all prisoners in detention and of those that were identified, they were not identified in a timely manner. The OIG estimated that this cost SSA $48.8 million in overpayments. The second audit, Effectiveness of the SSA’s Procedures to Process Prisoner Information, Suspend Payments and Collect Overpayments, demonstrated that even if SSA could obtain the records to identify prisoners, there was no mechanism in place to process the information in order to suspend the payments and collect overpayments.
Both reviews found that SSA needed to aggressively pursue computer matching agreements with Federal, State, and local prison authorities to receive prisoner information in a timely manner. This enabled SSA to suspend payments sooner and reduce the amount of overpayments the Agency needed to collect. Both reviews recommended that SSA seek congressional support and legislative remedies to lift restrictions on the computer matching agreements. As a result of these audits, SSA’s Actuary estimated that $3.4 billion dollars would be saved from 1997-2002.
The Welfare Reform Act amended Title XVI of the Social Security Act to make a fleeing felon or a parole or probation violator ineligible to receive SSI. Armed with this new statute and with audit information, OI initiated the Fugitive Felon Project. This project identified individuals illegally receiving SSI by conducting computer matches with the FBI, the U.S. Marshals Service, and State agencies. When OI Special Agents identified SSI recipients who were fugitives, SSA was notified, payments were stopped, and overpayments calculated. This project resulted in impressive savings to the Agency as shown below.
*Reflects data from October 1, 1999 through March 31, 2000.
As of September 2000, SSA had agreements with 7,016 correctional and mental health institutions nationwide. This represented 99% of the total inmate population in the country. Suspension of benefits to prisoners saved the OASDI and SSI programs roughly $500 million on an annual basis. Of this $500 million in annual savings, roughly $250 million was attributable to SSA initiatives begun in 1994 – 1995. Approximately $20 million of the $500 million annual savings were attributed to the incentive payment provisions included in the 1996 welfare reform legislation. The success of the December 1999 legislation to pay incentive payment to institutions providing information to suspend title II benefits had not been estimated as of September 2000.
Disability Program Integrity
A major part of the Agency strategy to protect the integrity of the two disability programs that SSA administers was the utilization of a comprehensive Quality Assurance (QA) system. The system employed had been in place for over 25 years. The QA system’s primary purpose was to measure compliance with policies and procedures in adjudicative decisionmaking.
The system provided the Agency with data to monitor the level of decisional accuracy. Samples of most of the major disability workloads were included in the system, from initial claims, to CDRs, to hearing decisions. The system also:
· Provided some insight into adjudicative performance for special populations such as SSI children;
· Provided data used to profile certain workloads for special attention in the adjudicative process; and
· Helped monitor the impact of process changes such as those tested in the disability process redesign.
In addition, as required by law, SSA conducted a Federal pre-effectuation review of proposed Disability Insurance (DI) allowances that helped protect the integrity of the DI Trust Fund. In FY 1997, the effort produced an impressive $330 million savings at a cost of less than $22 million.
SSA recognized that there were concerns with the QA system that needed to be addressed. These concerns included the need to:
· Assess beyond compliance with rules, regulations and procedures how decisions made under SSA’s adjudicative process meet the intent of the law;
· Collect and analyze data to assure uniformity in the decisionmaking process across the country;
· Develop a comprehensive and uniform review process across all levels of disability case processing, including field offices, DDSs and hearings and appeals offices; and
· Use internal DDS and OHA quality reviews along with the overall quality review process.
SSA intended to address these needs by developing a more comprehensive quality review system that better assessed the outcomes of its policies and provided a more uniform measure of disability adjudication across the country.
The QA system was enhanced in 1999 with a publication of final rules under which SSA’s Office of Quality Assurance and Performance Assessment (OQA) would examine certain allowance decisions at the hearing level that were selected through statistical sampling techniques. OQA referred to the Appeals Council for possible review the decisions it believed met the criteria for review by the Council. This effort stemmed from the Agency’s process unification initiative. It was designed to better balance the feedback provided to hearings level adjudicators and to improve the accuracy of those decisions.
Previously, the primary source of feedback, from the Appeals Council, provided to hearings adjudicators, came from claimant requests for review of hearings denials or further appeals of those denials to district courts. As part of the QA system, peer reviewing judges also assessed whether a random sample of ALJ decisions was supportable. Results from this peer review indicated the need for improved allowance accuracy. Therefore, SSA began an annual screening of approximately 10,000 favorable hearing decisions in addition to ongoing quality reviews of ALJ denial decisions. This review provided feedback on individual cases, but more importantly, permitted analysis of the adjudicative issues associated with unsubstantiated decisions and targeted training and policy clarifications to address these issues systematically.
The legislation enacted and financial support provided during the Clinton years progressively enabled the Agency’s leadership to manage in a fashion that ensured the integrity of its programs and tremendously improved its stewardship of the trust funds.
SSA conducted periodic reviews, called continuing disability reviews (CDR), to determine whether individuals receiving disability benefits had medically improved so that they were no longer considered disabled and no longer eligible for benefits. The CDR process allowed SSA to ensure the integrity of the SSI program by monitoring the disability status of beneficiaries.
Although CDRs had always been considered important, SSA had not conducted CDRs for SSI-only cases in meaningful numbers prior to 1996. Until 1994, the law did not require such a review, and SSA traditionally directed its limited administrative resources to statutorily mandated OASDI, Title II reviews. In addition, SSA reduced the number of CDRs for both programs in the early 1990s when the Agency was faced with unprecedented initial disability claims workloads. The number of CDRs fell from 367,000 in 1989 to about 73,000 in 1992.
As of October 1, 1997, approximately 1.6 million SSI-only beneficiaries were due or overdue for a CDR. Of that number, 1.2 million individuals were disabled and blind adults under age 65 and approximately 400,000 were disabled children. Beneficiaries who concurrently received SSI and OASDI benefits were counted and processed under the OASDI program, and approximately 600,000 of these beneficiaries were also due or overdue for a CDR.
Several legislative mandates from 1996 through 2000 supported by the Clinton Administration increased the number of reviews required for SSI disability cases. When SSI CDRs were mandated in the Social Security Independence and Program Improvements Act of 1994, SSA was required to conduct CDRs on 100,000 SSI beneficiaries and on not fewer than one-third of the SSI beneficiaries reaching age 18 in each FY from 1996 through 1998. Enactment of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (PROWRA) (which was later modified by the Balanced Budget Act of 1997), further expanded the universe of statutorily mandated CDRs.
The PRWORA required SSA to conduct:
· CDRs within one year of birth on all children who are eligible because of their low birth weight;
· CDRs at least once every three years on all SSI childhood beneficiaries whose impairments are considered likely to improve; and
· Medical redeterminations (using the adult disability standard) on all SSI childhood beneficiaries within one year after reaching age 18.
The President and the Congress demonstrated their commitment to this CDR workload by enacting P.L. 104-121 which authorized a total of about $4.1 billion for OASDI and SSI CDRs for FYs 1996 through 2002. In the PRWOR of 1996, the Congress added the requirement for periodic CDRs and redeterminations for SSI children and added a total of $250 million to the authorized amounts for FYs 1997 and 1998. This brought the total authorized funding to about $4.3 billion for conducting CDRs and redeterminations during FYs 1996 through 2002. In response to legislative mandates, SSA developed the Seven-Year Plan for conducting CDRs beginning in 1996 through FY 2002. The plan was implemented in July 1996 and updated in March 1998.
Prior to 1993, all CDRs were conducted as full medical reviews. The full medical CDR process was labor-intensive and generally involved (1) an interview of the beneficiary in a field office and (2) a determination of medical improvement by a State DDS—a step that involved development of medical evidence and a special examination, if needed. Recognizing the need to streamline the process, SSA began using questionnaires, called CDR mailers, in conjunction with statistical profiles in place of full medical reviews for some beneficiaries.
SSA developed statistical profiles for estimating the likelihood of medical improvement based on beneficiary information such as age, impairment, and length of time on the disability rolls. For beneficiaries for whom the profile indicated a relatively low likelihood of medical improvement, SSA used the CDR mailer. When the profile indicated a relatively high or medium likelihood of medical improvement, SSA used a full medical CDR. For those who received a mailer, SSA took an additional step to determine whether the responses, when combined with data used in the profiles, indicated that medical improvement might have occurred. If so, the beneficiary also received a full medical CDR. Individuals whose responses to a mailer confirmed the profiled data indicating that there was a low likelihood of medical improvement were not referred for full medical CDRs. SSA then set a future CDR date for these individuals. The CDR profiling and mailer process established in May 1993 enabled SSA to steadily increase the volume of CDRs processed from a low of 73,000 in FY 1992 to approximately 240,000 in FY 1995.
Using the profiling and CDR mailer process, SSA exceeded the 100,000 case review mandated in FYs 1996 and 1997 and was up-to-date in processing low birth weight CDRs and age 18 redeterminations. Overall, SSA processed more than 157,000 SSI-only CDRs in FY 1996. In FY 1997, SSA processed more than 262,000 SSI-only CDRs and met the budgeted target of 362,000 SSI CDRs for FY 1998.
Data suggested that, after all appeals, the CDRs conducted for SSI beneficiaries in FY 1997 were expected to result in the cessation of benefits for an estimated 28,000 individuals. The OASDI CDR process in FY 1997 would yield, after all appeals, benefit cessation of approximately 6,000 SSI beneficiaries who were also receiving OASDI benefits. Benefit cessations resulting from the FY 1997 CDRs alone were projected to reduce SSI program expenditures by an estimated $915 million from FY 1997 through FY 2006.
SSA planned to pursue the needed funding each year to process CDR workloads. With additional funding provided by the Congress, SSA expected to be up to date in processing all SSI-only CDRs by the end of FY 2002. The Agency expected to conduct approximately 3.6 million SSI-only CDRs over the life of the Agency’s 7-year plan. These numbers included cases overdue for CDRs, as well as newly-matured cases.
The following table, based on SSA’s Seven Year Plan, shows the number of SSI-only CDRs to be processed in FYs 1998-2002. Also included were the estimated SSI program savings resulting from CDRs conducted in FYs 1998 through 2002, amounting to approximately $3 billion over this 5-year period. The Agency’s efforts to maintain program integrity and improve stewardship could be measured most notably by program savings.
SSI High Risk Program
The General Accounting Office (GAO) designated the SSI program as one of the Federal Government’s “high risk” programs in 1997. The Annual Performance Plan briefly highlighted objectives designed to strengthen the integrity of the SSI program.
The SSI program provides benefits to approximately 6.5 million needy beneficiaries who were aged, blind, or disabled. Like other means-tested programs that respond to changing circumstances of individuals’ lives, the SSI program presented challenges to ensure that it was administered efficiently, accurately, and fairly. As previously mentioned, in 1996, the Congress provided SSA with special funding authority that enabled it to develop a Seven-Year CDR Plan for FYs 1996 through 2002, dramatically expanding the number of CDRs conducted.
October 1998, the Agency issued the first management report on
the SSI program entitled, Management of the Supplemental Security
Income Program, Today and the Future, detailing the aggressive
plans to improve payment accuracy, increase CDRs, combat fraud,
and collect overpayments. SSA implemented several of the
initiatives outlined in the report, such as new computer matches
and processing more redeterminations in addition to more CDRs.
The outcome was that SSA collected over $100 million more in debt
in FY 1999 than it did in
Improving Payment Accuracy
The FY 1998 Payment Accuracy (Stewardship) Report prepared by OQA pointed out the major overpayment findings. Most SSI overpayments resulted from beneficiaries’ failure to report changes in three areas: income (particularly wages), financial accounts and living arrangements (for example, admission to a nursing home). These areas were consistently among the leading causes for overpayments. These failures to report or to report timely did not necessarily imply attempts to defraud or mislead on the part of beneficiaries. There were many reasons why a beneficiary may not have known or been capable of reporting a material change.
The payment accuracy data provided in the 1998 report represented findings from reviews of monthly random samples of individuals who received SSI payments. The Agency based corrective actions and program enhancement initiatives on the report. SSA ran more computer matches, processed more redeterminations, processed more CDRs, and collected more debt. In 1998, OQA went from approximately 4,000 to nearly 7,000 cases sampled. The increase enriched its stewardship report.
On August 21, 1998, Commissioner Apfel established a new computer matching agreement with wage and unemployment compensation data for the Office of Child Support Enforcement (OCSE) and nursing home admission data for the Health Care Financing Administration (HCFA). Both were considerably more complete and timely than the matches they replaced. The OCSE matches covered all states and were conducted every quarter, while the old matches missed many states and were conducted semiannually. The HCFA match covered all states and was conducted every month. The old match was conducted annually and missed many states. The new matches allowed the Agency to make more timely adjustments to benefits, reducing the number of overpayments.
The Agency continued its highly successful matches with correctional facilities that resulted in suspensions of thousands of prisoners who were ineligible for SSI benefits while in jail. In addition, the Agency enhanced existing computer matches and sought new ones. For example, the frequency of the match with the Department of Defense pension records was increased and a new match with the Immigration and Naturalization Service was under development.
In addition to computer matches, SSA pursued real time access to databases. This access would enable field offices to detect changes in income and resources even earlier than computer matches and, therefore, increase its ability to prevent and detect payment errors. In April 2000, SSA began a pilot to assess the value of real time access to the wage, unemployment, and “new hire” databases of OCSE. A nationwide rollout of this real time access was expected to take place in FY 2001.
The redetermination process was one of the most powerful tools available to SSA for improving the accuracy of SSI payments. In FY 1999, SSA almost doubled the number of high-error redeterminations selected for review and investigation—503,300 up from 272,700 in FY 1998. The total number of redeterminations processed in FY 1999 was 2.1 million, up from 1.7 million in FY 1998.
In addition to increasing the number of redeterminations processed, SSA continued its increased CDRs with the special funding from the Congress as part of the Seven-Year Plan. SSA increased the number of SSI-only CDRs conducted in every year from 157,000 in FY 1996 to 833,000 in FY 1999. As a result of those 833,000 CDRs, the benefits for 101,410 beneficiaries were ceased.
In FY 1999, SSA processed over 1.7 million CDRs, more than twice the number processed in FY 1996. SSA continued with its Seven-Year Plan to ensure that it was current in processing all SSI CDRs by FY 2002. There were also initiatives underway to improve the CDR process by improving the statistical profiling of the CDR selection process.
Combating Program Fraud
In efforts to combat fraud, SSA and OIG examined cases involving residency factors along the U.S. borders with Mexico and Canada. As a result, a major effort was initiated in New York and later in New Jersey to focus and further define this issue. In the New York and New Jersey SSI Eligibility Verification Projects, almost 33,000 cases were examined, uncovering about 8,000 individuals who were overpaid, suspended, or terminated. From June 1998 through August 1999, these projects uncovered $14 million in overpayments. Beginning in FY 2000, SSA began similar projects in every region in the nation.
SSA and the States have worked together to combat Collaborator Fraud whereby unscrupulous health professionals that help claimants fraudulently obtain disability benefits. These efforts have evolved into CDI units. As of December 1999, the CDI units in 5 States had processed 1,945 allegations and developed evidence to confirm 557 cases of fraud or similar fault to support denials.
The enactment of the Welfare Reform Act and the GAO’s declaration of the SSI program as a high-risk area in February 1997 caused the OIG to accelerate auditing efforts and develop additional strategies to prevent and detect fraud in this program. An audit was conducted to identify vulnerabilities in the disability determination process. The OIG initiated an audit entitled, Special Joint Vulnerability Review of the SSI Program, after the Georgia DDS notified SSA that it was concerned that four generations of a family of SSI recipients may have been coached to fake physical or mental disabilities in order to receive payments. The OIG recommendations included actions SSA needed to take regarding the monitoring of providers of examinations and a closer review of the reports made by these providers.
One of the most significant actions that occurred as a result of this audit was the inception of the CDI pilot. This project partnered OIG Special Agents with State DDS employees and local law enforcement entities to prevent and detect disability fraud primarily at the initial claim stage before benefits were paid. The CDI project relied on the combined skills and the specialized knowledge of these individuals to combat disability fraud in their respective areas. The CDI units were expected to achieve their goal by assisting the local DDS to denying fraudulent applications, and by identifying doctors, lawyers, interpreters, and other service providers who facilitated and promoted disability fraud. Pilots were initially conducted in five cities and there were plans to establish more CDI units by the beginning of FY 2001. The projected savings of the CDI project exceeded ten times its cost. The table below summarizes the accomplishments of the project.
Reflects data from October 1, 1999 through September 31, 2000.
SSA and other Federal and State Law Enforcement Agencies developed agreements to identify and suspend benefits for fugitive felons Using a manual process from 1997 through 2000, SSA and OIG have identified over 10,000 fugitive felons who were receiving SSI. This has resulted in detecting $24 million in overpayments.
Additionally, SSA implemented a series of training initiatives, wrote new procedures, and perhaps most importantly, maintained the focus on improving the accuracy of the SSI program as one of the Agency’s highest priorities throughout FY 1999. In FY 1999, initiatives to address the non-disability errors in the SSI program prevented about $230 million in overpayments. About $115 million of this was attributable to the initiatives taken for better training, better instructions, and greater management focus on payment accuracy.
SSA was in the process of implementing four major debt recovery projects that were expected to yield direct collections of at least $115 million over 5 years. The four projects were mandatory cross-program recovery, credit bureau reporting for delinquent Title XVI debts, administrative offset for delinquent Title XVI debts, and administrative wage garnishment for delinquent Titles II and XVI debts. Future plans were to implement the remaining debt collection tools for which SSA had been given authority. The additional projects included Federal salary offset, private collection agencies, and interest charging.
SSA actions since the October 1998 management report was issued, such as implementing new computer matches and conducting more redeterminations, also produced dramatic increases in the amount of debt detected and collected. The following chart indicates the success in uncovering and progress in collecting that debt:
SSA made a commitment to be both more responsive to SSA claimants and beneficiaries and more accountable to the American people. For many years, SSA recognized the need to improve the administration of the disability programs. In March 1999, SSA released a report on its management plan for the Social Security and SSI disability programs.
The plan addressed four major areas and also provided a strategy for achieving the goal of improved administration of the disability programs. The major areas were:
· Improving the disability decision making process to ensure that decisions were made as accurately as possible, that those who should be paid were paid as early as possible, and that the adjudication process was consistent throughout;
· Improving the return-to-work opportunities for disability beneficiaries so that individuals who wanted to participate in the nation’s workforce may do so;
· Safeguarding the integrity of the disability programs by ensuring beneficiaries met the strict eligibility criteria for benefit payments and by protecting the programs against fraud; and,
· Increaseing understanding, through research, of both the incidence of disability in the U.S. and disability programs, in general, so that policymakers can craft more responsible policies and legislation to assist individuals with disabilities.
The Agency embarked on an ambitious series of initiatives and made great strides in efforts to improve disability quality, integrity, and customer service. The results of these efforts were expected to be a disability process that was both more efficient and more responsive, as well as a process in which claimants, beneficiaries, and taxpayers could have full confidence.
The childhood disability provisions of PRWORA in 1996 (see Chapter IV, Childhood Disability) had a major impact on Agency’s efforts to improve administration of its disability programs through CDRs.
Agency Operations employees successfully implemented “high risk” initiatives through additional funding from Congress that was used to provide overtime hours for Field Office staff. Implementation resulted in an increase in redetermination productivity due to the training initiatives, enhanced automation support, and increased management focus.
SSA made progress in improving payment accuracy in FY 1999, increasing the payment accuracy rate from 93.5 percent in FY 1998 to 94.3 percent in FY 1999. The improvement in payment accuracy meant that in FY 1999, SSA paid $230 million less in erroneous benefit payments than the previous year.
The Nonagenarian Project was an SSA initiative that began in 1989 for the purpose of verifying that the Agency’s oldest beneficiaries were properly receiving their benefits, that any needed representative payees were in place, and to eliminate any possible fraud activities. It was another tool in the Agency’s “seamless attack” against fraud, waste, and abuse.
In 1999, the project required FOs to contact Titles II and XVI beneficiaries who were born in 1900 and 1901 and attained ages 99 and 98, respectively in 1999. The Agency began using its Intranet to control Nonagenarian cases and information more efficiently. Results of the 1999 project were as follows:
· 87,955 beneficiaries were initially selected.
· 17,590 cases were terminated for death before the FO attempted the contact, 119 cases were identified as already having a personal contact, and 64 cases had an erroneous date of birth. This left 70,038 to be contacted.
· 5,944 of those contacted—8.4 percent—were found to be in need of a representative payee.
· 144 claimants died at least six months prior to the compilation of the initial data files, but their death had not yet been reported to the Agency. Out of the 144 cases, 90 claimants were receiving direct deposit. In addition, 118 claimants were receiving Title II benefits only; seven were Title XVI recipients only, and 19 claimants were receiving both types of benefits. These cases involved monthly benefits totaling $78,021.10 and overpayments totaling $4,897,850.43 as of November 30, 1999. Of this amount, $614,269.85 has already been recovered.
· Another 165 beneficiaries, involving monthly benefits totaling $102,132.01 were suspended because the FO, after extensive research, was unable to locate them. Some 40 of these cases were referred to OIG for investigation. The remaining cases were to be referred to OIG if the claimants were still not located within 45 days of the suspension action.
The Agency decided to suspend the Nonagenarian Project as of May 25, 2000 due to budget constraints. The Project was scheduled to include people born in 1902 with an estimated nationwide volume of 48,947, including both Titles II and XVI benefit cases.
Negotiations continued with HCFA to pursue a national Medicare Non-Utilization computer matching agreement as part of the Nonagenarian Project. Initially, SSA would use this agreement to request data on current beneficiaries on SSA roles over age 90 with three years of non-utilization of their Medicare Card. The Agency sought to have the agreement in place by the end of the summer of 2000 with the first report provided by the start of FY 2001.
To ensure everything was in place as early as possible for the next fiscal year, SSA continued to work to perfect the Intranet site and the link with OIG. Fraud referrals had been submitted to OIG via the Intranet since June 1, 2000. In November 2000, Operations notified employees that the Intranet system was working properly and that it was now mandatory for all fraud referrals to be submitted to OIG via the Intranet. A final decision was made to go forward with FY 2001’s Nonagenarian Project. The Project was tentatively scheduled to include people born in 1902 and 1903 who received Title II and SSI benefits. The Agency planned to house nationwide case information on one Intranet site.
The Agency made tremendous strides in improving its stewardship of the Trust Funds during President Clinton’s Administration by reinventing or improving many of its business practices and responding to the public’s expectations.
Privacy and Security
Enhancing the Social Security Card
The immigration and welfare reform laws passed in 1996 required that the Commissioner of Social Security develop a prototype of a counterfeit-resistant Social Security card. Originally, the SSN was a way to record each person’s Social Security earnings; the only purpose of the Social Security card was to provide a record of the number so that employers could accurately report earnings. The 1996 laws also called for SSA to study and report on different methods of improving the Social Security card application process.
The use of the SSN as a general identifier in record systems grew tremendously over the years. The broad-based coverage of the Social Security program made the SSN widely available and a convenient common data element for all types of record-keeping systems and data exchanges. The SSN was adopted for numerous other purposes so that it became the single most widely used record identifier for both the government and the private sector.
The pervasive use of the SSN led some to conclude that it had, in effect, become a national identifier, a term generally viewed negatively in the United States. There were some that believed the public would be well served by using a single identifier. The implications of the widespread use of such an identifier on personal privacy generated serious concerns both within the government and in society. The potential to profile people raised questions about limits to freedom of choice and access to society’s services and benefits. Advances in information technology (e.g., the Internet and the World Wide Web) raised concerns about increased opportunities for inappropriate access to personal information.
The current Social Security card was made of banknote paper and served only as an official verification of the SSN assigned by SSA to the person whose name was on the card. The card was neither proof of the bearer’s identity nor citizenship/non-citizen status and had no transaction value or data storage capability. The card that was used through the year 2000 incorporated a number of security features appropriate to a paper card format.
There were seven Social Security card prototypes developed in response to the mandate. They were a Plastic card, Card with picture, Secure barcode stripe, Optical memory stripe, Magnetic stripe, Magnetic stripe/picture, and Microprocessor/magnetic stripe/picture.
The prototypes illustrated different combinations of security features and functionality covering the variety of card options available. The requirements for the use of the enhanced card and results to be achieved were not specified and, therefore, not evaluated for the potential benefits or drawbacks of each option beyond the security concerns. No option was recommended to Congress for implementation because it was beyond the scope of the requirement.
The legislation required an evaluation of the implications if an enhanced Social Security card was issued to all current number holders, about 277 million people. The card issuance process would have been significantly changed by adding citizenship or non-citizenship status information, and for some options, adding the number holder’s picture or personal biometrics information to the Social Security. The new process would make issuing cards more costly to administer and more complicated for the public.
The cost of issuing an enhanced card to 277 million number holders ranged from $3.9 million to $9.2 million, depending on the card option selected. The cost included contacting all number holders, processing costs (excluding staff overhead) to issue the new cards, the cost of the card itself, and the cost of special equipment needed to work with each card option and/or to capture information to be included on the card. Due to the significant cost of issuing the enhanced card to all number holders, the Agency considered alternatives, for example, the drivers’ license or State-issued identity card for non-drivers.
Social Security also studied the feasibility of imposing a user fee for enhanced cards. SSA historically opposed charging a fee because its leaders believed that Social Security cards were a basic part of the mandatory program. Furthermore, failure to report changes in order to avoid paying a fee would create discrepant SSA records, adding costs for SSA and other agencies which relied on SSA data.
However, SSA believed that charging a fee in connection with the card issuance was feasible. Because its current remittance process had low volumes, it would have needed to streamline its collection process for the fee. The cost of collecting fees in conjunction with the issuance of 277 million Social Security cards was $1,271 million. The full cost fee, including card issuance and fee remittance processes, ranged from $19 to $38 per card, depending on the option selected.
The IG studied Canada’s Social Insurance Number fee charging operation and concluded that SSA should charge a fee of $13 for each card. The IG study was based on the SSA replacement process and volumes for the current card, rather than a mass reissuance of an enhanced card. The IG also did not consider the cost of the remittance process or the changes needed to satisfy the security and integrity requirements of a mass remittance process.
The Agency concluded that the issuance of enhanced cards, either prospectively or as a mass reissuance, was feasible. However, the issuance of an enhanced card raised policy issues about privacy and the potential for the card to be used as a national identification card. These issues would have to be addressed before issuing an enhanced card. The legislative mandate appeared to contemplate a mass reissuance. However, this option was much more costly and more burdensome to the public than a prospective issuance or another alternative that did not use the Social Security card to achieve the desired results. The total costs for issuing an enhanced card and collecting a user fee ranged from $5.1 million to $10.5 million.
The extent the public would accept an enhanced card and comply with reissuance would depend largely on the acceptable uses of the SSN and card and the tangible and intangible benefits that the new card imparted. The issue of the SSN as a national identifier recently resurfaced when the SSN was proposed as the universal patient identifier in the Health Insurance Portability and Accountability Act of 1996. Many have questioned the wisdom of expanding the SSN to this purpose because it could enhance an additional linkage to very sensitive personal information. Potential access to this data could have implications for education, employment, credit, insurance, and legal aspects of life.
The advent of broader access to electronic data through the Internet generated a growing concern about increased opportunities for inappropriate access to personal information by almost anyone. Some people feared that competition among information service providers for customers would result in broader data linkages with questionable integrity and potential for harm. Expanding uses of the SSN and further technological enhancements would extend the debate about the SSN as the national identifier.
Many Americans, concerned about privacy, feared that it was vulnerable to political, business, and other socio-cultural factors. Protecting individual privacy is a highly complex situation because it must be balanced by what were seen as society benefits, for example, in public safety, law enforcement, research, and public health. For every example of public concern over privacy protection, there existed a contrasting position where the public wants protection from criminal elements, inappropriate and poor health care, banking errors, etc. Societal forces were expected to guide the evaluation and balancing of privacy policies and information uses.
There was a heightened concern about how the SSN/card would be used in the future. However, the development of relational data bases would make it possible for people to be identified without the use of the SSN. Such databases could make use of other personal data elements (e.g., addresses, phone numbers, birth date, parent’s names, etc.). The important issue for the future would be how the managers of personal information systems maintained a reputation for integrity. This was believed to be a significant determinant of public confidence. A Census Bureau study found that the public’s belief in the integrity of a government agency was more important that the way the agency guaranteed confidentiality.
The potential for misuse of the SSN grew dramatically during the 1990s as the use of the SSN expanded. SSA was under increasing pressure to take steps to: (1) ensure the accuracy of the SSN; (2) provide verification services to organizations that use the SSN as an identifier to protect their programs from errors, fraud, and abuse; and, (3) protect the public from and provide remedy to invasions of privacy or abuses of data that was stored in public or private sector data bases that use the SSN as an identifier.
SSA verification workloads related both to the use and misuse of the SSN, increased as its use expanded. Such verifications were done primarily through regular automated exchanges. SSA verified SSN’s for employers to ensure the correct posting of wages and for other government agencies to ensure accurate benefit payments. Where required by law and, in certain circumstances, where permitted by law SSA verified that the name and SSN in the files of third parties were the same as those on SSA records. The Agency did not uniformly verify the SSNs used by the private sector. Its disclosure policy protected the privacy rights of the SSN holders and limited use of Agency resources to the business of Social Security. None of the verification operations guaranteed that the person giving a number, even when presenting the corresponding Social Security card, was the person to whom the SSN was assigned.
As individuals were adversely affected by enhancements in record keeping and data exchanges that relied on the SSN, legislation was proposed to resolve specific problems. Congress, for the first time, was looking at private sector use of the SSN and offering legislation to address violations of individual privacy by the private sector involving the SSN. At the same time, other legislative proposals were introduced to expand the use of the SSN and/or card for specific purposes to enhance government efficiency or curb fraud and abuse.
A major challenge to the development of all SSA Internet applications was the need for secure web programs that met and exceeded the industry standards for security and confidentiality and also had the confidence of the American public. Since modern computer security required the implementation of sophisticated software and control of access, the Agency worked with security and privacy experts to address and prevent the problems of improper disclosure of personal information in SSA records, prevent fraud and abuse, and maintain the image and reputation that SSA earned for providing efficient and accurate service to the public.
The Agency approached these problems by developing authentication requirements and methods of accessing its Internet sites. Authentication examined ways to positively establish that the person requesting information or performing transactions via the Internet was the proper beneficiary or applicant. The rules governing the level of authentication were set by the Agency’s Authentication Workgroup, which had representatives from various components within SSA. The workgroup reviewed each Internet application to determine the appropriate level of authentication required. The level of complexity of the authentication requirements was determined by the nature of the information being disclosed.
The Agency learned much from one of its earliest attempts to offer service through the Internet. The Personal Earnings and Benefit Statement (PEBES) provided important wage and benefit information to workers and their families that could be used to help make retirement plans. Public response to the service was very positive. From 1994 through 1996, the Agency investigated and engaged in extensive tests to determine if it could offer the service via the Internet while safeguarding the privacy of its customers’ information. All indications were that it could. SSA began to offer the PEBES service via the Internet in March 1997 and the initial overall response was positive. However, concerns regarding users being able to access and alter earnings information or view other private data were expressed by some members of the public, Congress, and the news media. The Agency valued the public’s opinion and responded to its concerns.
Maintaining the public’s confidence in SSA’s ability to keep confidential the sensitive data it maintained was a primary goal. The Agency could not afford the perception that PEBES information was not secure. Because of these concerns, Acting Commissioner John J. Callahan announced on April 9, 1997, that he would temporarily suspend the PEBES Internet service.
The Agency decided that it needed to more thoroughly investigate the views of the public and appropriate experts with regards to all aspects of Internet access to online PEBES. SSA held public forums in six different cities between May 5 and June 16, 1997, so that it could develop a better plan to safeguard confidential information for Internet applications. The intent was to bring the Agency the best thinking of experts in relevant fields as well as members of the general public.
Acting Commissioner Callahan headed the forums. Each forum had three panels; one panel consisted of privacy experts and consumer advocates, another was comprised of computer technology experts including security experts, and the third consisted of business users of the Internet, primarily in the banking and financial planning fields. In September 1997, SSA issued a report to customers entitled Privacy and Customer Service in the Electronic Age.
The key to Internet integrity was the way that the public could access the applications. The Agency tested Public Key Infrastructure (PKI) which was being used in conjunction with the California Medical Association for the electronic transmission of medical evidence. PKI used certificates to exchange digitally signed and encrypted data, and was also being tested with other electronic services and Internet applications. SSA partnered with CommerceNet, which provided all necessary support and development at no cost to SSA, to enhance its security measures. This included the further development of PKI and smart cards.
The other method under development in SSA was the use of PIN and Passcode. The Pin/Passcode Workgroup was formed in March 2000. This group defined the business process needed to support the issuance of PINs and Passcodes for SSA customers. This included workload items, workflows, who in SSA were responsible for maintaining them, and several other considerations. PIN and Passcode usage were scheduled for piloting in January 2001.
SSA used state-of-the-art software that carefully restricts user access to data except for its intended use. Using this software, only persons with a “need to know” to perform a particular job function were approved and granted access. Agency systems controls not only registered and recorded access, but also determined what functions a person could perform once access was authorized. SSA security personnel assigned a computer-generated personal identification number and an initial password to persons who are approved for access (the person must change the password every 30 days). This allowed SSA to audit and monitor the actions individual employees took when they used the system. These same systems provided a means to investigate allegations of misuse and were crucial in prosecuting employees who misused their authority.
SSA approached computer security on an entity-wide basis. By doing so, it addressed all aspects of the SSA enterprise. The Chief Information Officer (CIO), who reported directly to the Commissioner and the Deputy Commissioner, was responsible for information system security. The CIO assured that SSA initiatives were enterprise-wide in scope. The CIO assured that all new systems had the required financial controls to maintain sound stewardship over the funds entrusted to the Agency’s care.
In order to meet the challenges of data security in a highly technological environment, the Agency adopted an enterprise-wide approach to systems security, financial information, data integrity, and prevention of fraud, waste, and abuse. It had a full-time staff devoted to systems security stationed throughout the Agency, in all regions and in the central office; SSA established centers for security and integrity in each SSA region. They provided day-to-day oversight and control over computer software. In addition, SSA had a Deputy Commissioner-level Office of Systems which supported the operating system, developed new software and the related controls, and, in general, assured that SSA was taking advantage of the latest in effective security technology.
SSA began certifying its sensitive systems beginning with the original OMB requirements published in 1991. SSA’s sensitive systems included all programmatic and administrative systems. They also included the network and the system used to monitor SSA’s data center operations. The Agency required Deputy Commissioners responsible for those systems to accredit them. SSA’s planning and certification activity was in full compliance with the National Institute of Standards and Technology (NIST) 800-18 guidance. In summary, SSA had in place the right authorities, the right personnel, and the right software controls to prevent penetration of its systems and to address systems security issues as they surfaced.
Information Systems Security Plan
SSA has maintained an information system security program for many years. Its key components, such as deploying new security technology, integrating security into the business process, and performing self assessments of its security infrastructure, to name a few, described goals and objectives that touched every SSA employee. Of particular importance in the year 2000 were the activities related to the Presidential Decision Directives (PDD) on infrastructure protection and continuity of operations. The Agency was one of the first to complete an evaluation of all critical SSA assets.
Given the importance of making ongoing monthly payments, SSA was elevated to the highest level of importance by the critical infrastructure assurance office. As part of this effort, it completed an inventory of all critical assets and implemented an incidence response process for computer incidents. SSA also revised its physical security plans to assure facilities were properly secured. SSA was one of the key agencies that evaluated the CIO “maturity” model. This helped SSA compare itself with industry standards overall.
SSA’s independent auditor, Pricewaterhouse Coopers, evaluated SSA’s security program from 1996 through 1999. They gave many recommendations to strengthen SSA’s security program. The Agency implemented 77 percent of their recommendations and continued addressing the remainder since they involved longer timeframes for implementation. They were expected to be completed on a flow basis-with anticipation that all would be completed by the end of the FY 2001.
SSA also had its own formal program of onsite reviews and corrective action. The Agency retained the independent contractor, Deloitte and Touche, to review its systems and overall management of the program. All of this was tracked at the highest levels through an executive internal control committee which the CIO chaired and included the IG and key deputies.
SSA believed that the zero tolerance policy paid off, as evidenced by the fact that almost all of the recommendations made to the Agency by independent auditors in the late 1990s and the year 2000 were pre-emptive in nature as opposed to a remedy for actual past abuse. Nonetheless, when there was evidence of an abuse of system privileges, addressing the matter was a number one priority for the Agency. SSA’s IG was committed to the investigation and prosecution of any employee abuse case. Many of the employee cases turned over to the IG for investigation were first discovered by the Agency itself.
On June 22, 1998, Commissioner Apfel issued a notice to all SSA employees about administrative sanctions to be taken against any SSA employee who abused his or her systems privileges. Penalties were severe and led to the termination of employment for any offense that involved selling data. On March 2, 2000, the notice was revised and updated.
To ensure that SSA mission critical systems were up and running, a solid contingency plan was in place. In August 2000, SSA completed a successful test of all critical systems. Also, SSA had in place a hotsite as backup for its critical operations. These were recommendations that Pricewaterhouse Coopers thought it was important for SSA to complete.
Moving Away From Mainframe Systems
Addressing systems security continued as a high priority for SSA. By design, the Agency used a system architecture that relied almost exclusively on mainframe systems and centralized databases. With this architecture, the Agency was able to more tightly control computer security than those Agencies who were faced with large numbers of local and/or distributed systems. However, SSA, in an increasingly technological environment, has moved away from the mainframe environment to more distributive systems, it carefully considered at every step of the process as to how to build in security features. SSA took a number of steps to ensure that the new systems were as secure as possible.
The Agency was on constant alert to identify both intrusion detection and denial-of-service type attacks. SSA’s firewall team used various services that list current hacker activity in order to identify the different types of attacks and how to respond and avoid them. SSA uses various filters on routers to deny these specific intrusions.
SSA supported the independent audit of its financial statements along with the auditors’ detailed testing of SSA’s systems. The Agency worked with various oversight bodies (e.g., the GAO and the IG) to review what it was doing and identify any issues they believed SSA needed to address. This assured that SSA was getting all the advice that was available, and doing its utmost to maintain the security of the computer systems and the data they contain.
New Emerging Concerns
The Agency took both preventive and enforcement actions to protect information in Social Security files from any wrongful use by its own employees and from any unauthorized access by outsiders. SSA took a very proactive approach to identify hacker activity and adopt the proper defensive posture to prevent interruption to SSA’s Internet services. The Agency used state-of-the-art technology to protect its network and was on constant alert to detect both intrusion and denial-of-service types of attacks. SSA’s network was monitored 24 hours a day, not only by SSA technicians, but also by contract services.
The Agency constantly re-evaluated and, when necessary, upgraded the security features necessary to maintain the public’s confidence that systems were secure. Computer security was top management priority.
When Social Security first became independent in 1995 and had its own IG devoted only to SSA activities for the first time, the Commissioner asked the IG to make employee integrity the number one issue. The IG did so, and SSA had consistently requested additional resources for the IG and received support from the Congress for those requests. The IG’s accomplishments and value to the Agency’s efforts to maintain program integrity are well documented in the office of the Inspector General’s semi-annual reports to Congress.
SSA continued its long-standing tradition of assuring the public that their personal records were secure. Both the Commissioner and the Deputy Commissioner gave systems security a very high priority. Emphasis became greater with the emergence of the Internet as a service delivery vehicle. Secure information systems was an ongoing part of the mission. The Agency was aware that it could not rest on past practices, but must continue its vigilance in every way to assure that it kept the public’s records private and secure while providing exemplary service to its constituents.
Commissioner Apfel continued to provide leadership in “Program Integrity” by developing plans for dealing with rapidly changing demographics and future projections by Agency strategists. His creation of the 2010 Vision helped position the Agency for years to come to deal with the many implications and consequences of future program integrity activities.
 Section 111 of P.L. 104-193, Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (Welfare Reform Act) and section 657 of P.L. 104-208, Division C, Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (Immigration Reform Act).