Do Not Pay Privacy Program
The Payment Integrity Information Act of 2019 (PIIA) codifies ongoing efforts to develop and enhance steps taken to prevent, waste, fraud, and abuse in Federal spending.
All federal agencies must adhere to the Privacy Act of 1974 which seeks to protect the privacy of information found in records used by federal agencies. A number of the data sources utilized by DNP are labeled as "Restricted" because they contain personally identifiable information. When an agency requests access to Restricted data sources, a Computer Matching Agreement (CMA) may be required to ensure agencies are in compliance with the governance that protects this information.
Privacy Act of 1974
The Privacy Act of 1974 as amended to present 5 U.S.C. § 552a, governs DNP in the handling of data, to ensure the protection of records about individuals retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. On March 5, 2021 the Office of Management and Budget (OMB) released Memorandum M-21-19 to ensure that individual privacy is fully protected while reducing improper payments with the DNP Initiative.
Computer Matching Programs
The Computer Matching and Privacy Protection Act of 1988 (the Act), Pub.L.100-503, amends the Privacy Act of 1974, and establishes procedural safeguards affecting agencies' use of Privacy Act records in performing certain types of computerized matching programs. The Act regulates the use of computer matching by federal agencies involving personally identifiable records maintained in a system of records subject to the Privacy Act. The Act requires agencies to have written agreements in place specifying the terms under which matches are to be conducted. The Act applies to the computerized comparison of two or more automated systems of records (or federal personnel or payroll systems of records) between federal agencies or between a federal agency and a non-federal agency. for the purpose of establishing or verifying eligibility or compliance as it relates to cash or in-kind assistance or payments under federal benefit programs. Computer Matching Programs are more commonly stated as Computer Matching Agreements or CMAs.
Under to 5 U.S.C. § 552a(o), any record contained in a system of records may only be disclosed to a recipient agency or non-federal agency for use in a computer matching program pursuant to a CMA. DNP computer matching programs published in the Federal Register and other matching documentation are provided below:
DNP CMA with HHS Centers for Medicare & Medicaid Services (CMS)
DNP CMA Waiver with the Small Business Administration - March 2021
DNP CMA Waiver with the Small Business Administration - October 2023
System of Records Notices (SORNs)
A system of records is defined by the Privacy Act of 1974 as “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.”
Rules exempting systems of records from certain Privacy Act requirements are in 28 CFR Part 16, Subpart E. Below is a listing of systems of records maintained by DNP and original source agencies that are subject to the Privacy Act of 1974.
-
Credit Alert System (CAIVRS)– CAIVRS is comprised of data from the following agencies:
- Department of Education (Education)
-
Department of Justice (DOJ) - Debt Collection Enforcement System, JUSTICE/DOJ-016
-
Small Business Administration (SBA) - SBA 21 -- Loan System and SBA 20-Disaster Loan Case File
-
Veterans Affairs (VA) - VA's Privacy Act System of Records, Compensation, Pension, Education, and Rehabilitation Records--VA (58VA21/22/28)
Some agencies are currently in the process of confirming their applicable CAIVRS SORNs and routine uses that allow for disclosures to DNP. Links to those SORNs will be posted as they are identified.
-
Treasury Offset Program (TOP) Debt Check of the Department of the Treasury - FMS .014 – Debt Collection Operations System
-
SAM Entity Registration and Exclusion Records (referred to in IPERIA as Excluded Party List System) of the General Services Administration (GSA)
-
List of Excluded Individuals & Entities of the Office of Inspector General of the Department of Health and Human Services (HHS) – Health Care Program Violations
-
Treasury/Fiscal Service .017 – Do Not Pay Payment Verification Records
Variations between data source record retention schedules or other restrictions (e.g. routine uses) and the Treasury/Bureau of the Fiscal Service .023 SORN will be listed below.
On October 7, 2012, the Secretary of the Treasury issued Treasury Order 136–01, establishing within the Department of the Treasury the Bureau of the Fiscal Service (Fiscal Service). The new bureau consolidated the bureaus formerly known as the Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). On October 2, 2013, Fiscal Service published a final rule that changed references in 31 CFR Part 202-391 from “FMS” or “BPD” to "Fiscal Service."
Data Correction Process
The Payment Integrity Information Act of 2019 (PIIA) requires that DNP describe the data correction process on its website.
Whenever an original source agency receives a request for correction of data, it may follow its existing process for handling such requests in accordance with applicable laws, regulations, or policies. The agency will promptly review the request and make a determination.
If the agency determines that corrections are needed to data, the data will be corrected at both the original source agency and in the DNP portal to avoid discrepancies between two versions of the same dataset.
Please direct any requests to correct the original source agency's data to the corresponding original source agency. The data sources and corresponding agencies are listed below:
Table may scroll on smaller screens
Data Source | Contact Information | Examples of Data Correction Request Triggers |
---|---|---|
DEATH | Verify if a payee is deceased | |
American InfoSource Obituary & Probate (AIS) | Website:https://www.americaninfosource.com/contact-us/deceased-data-inquiry |
If a payee is listed as deceased and that is not the case. |
Social Security Administration Death Master File (DMF) | The individual’s local social security office, which can be found at: Website: secure.ssa.gov/ICON/main.jsp |
If a payee is listed as deceased and that is not the case. |
Department of Defense Death Data (DOD) | Email: dmdc.drshelpdesk@mail.mil | If a payee is listed as deceased and that is not the case. |
Department of State Death Data (DOS) | Email: OCSSystemsLiaison@state.gov | If a payee is listed as deceased and that is not the case. |
National Association for Public Health Statistics and Information Systems (NAPHSIS) Electronic Verification of Vital Events Fact of Death (EVVE FOD) | Contact List: EVVE FOD Contacts | If a payee is listed as deceased and that is not the case. |
DEBARMENT | Verify whether an individual or entity is ineligible | |
Internal Revenue Service (IRS) | Tax Exempt Organization irs.gov/charities-non-profits/automatic-revocation-of-exemption Non-Profit Taxes Phone: 877-829-5500 |
|
|
|
|
|
|
|
|
|
|
Health & Human Services Office of Inspector General (HHS OIG) List of Excluded Individuals & Entities (LEIE) | HHS OIG External Affairs Office Phone: 202-691-2311 Email: sanction@oig.hhs.gov |
If an entity should not be excluded from participating in federal health care programs. |
Office of Foreign Assets Control (OFAC) | Website: ofac.treasury.gov/specially-designated-nationals-list-sdn-list/filing-a-petition-for-removal-from-an-ofac-list | "Specially Designated Nationals" or "SDNs"; assets are blocked, and U.S. persons are generally prohibited from doing business with them |
GSA’s System for Award Management (SAM) – Entity Registration Records and Exclusion Records | The agency taking the exclusion action and that agency’s designated Exclusions Point of Contact. SAM Customer Service: Federal Service DeskWebsite: fsd.gov Phone: 866-606-8220 |
If an individual is listed as debarred and that is not the case. |
DEBT | Verify if an individual or entity is delinquent, owes non-tax debt, or child support | |
Credit Alert System (CAIVRS) - DOJ | https://www.justice.gov/opcl/doj-privacy-act-requests Requesting Amendment or Correction of Records in Accordance with the Privacy Act Making a Privacy Act Amendment or Correction Request Department of Justice Room 115 LOC Building Washington, DC 20530-0001 Phone: (202) 616-3837 E-mail: MRUFOIA.Requests@usdoj.gov Personnel in the Mail Referral Unit will then forward your request to the DOJ component they determine is most likely to maintain the records you would like to amend or correct. |
If an individual is not a delinquent federal borrower. |
Credit Alert System (CAIVRS) – HUD | If you are making a written request for data correction, letters should be addressed to: Privacy Act OfficerDepartment of Housing and Urban Development 451 7th St. SW, CVB-4th Floor Washington, DC 20410 |
If an individual is not a delinquent federal borrower. |
Credit Alert System (CAIVRS) – SBA | Website: sba.gov/about-sba/open-government/privacy-act-request-guide | If an individual is not a delinquent federal borrower. |
Credit Alert System (CAIVRS) – USDA Rural Development (RD) | Phone: 800-428-9643 |
If an individual is not a delinquent federal borrower. |
Credit Alert System (CAIVRS) - USDA Farm Service Agency (FSA) | Phone: 800-428-9643 |
If an individual is not a delinquent federal borrower. |
Credit Alert System (CAIVRS) – VA | VA Debt Management Center |
If an individual is not a delinquent federal borrower. |
Treasury Offset Program (TOP) Debt Check | If you owe a debt to the government: |
If an individual does not owe delinquent non-tax debts to the federal government (and participating States). |
INCARCERATION | Verify if an individual is incarcerated in a federal prison | |
Bureau of Prisons Data (BOP) | If a payee is listed as incarcerated and that is not the case. |
Privacy Impact Assessments
Section 208 of the E-Government Act of 2002 requires agencies to conduct Privacy Impact Assessments (PIA) for information technology (IT) systems or projects that collect, maintain or disseminate personally identifiable information (PII) from or about members of the public. A PIA is required for new systems or projects, those systems undergoing modification or enhancement, and Paperwork Reduction Act electronic collections of information. OMB Memorandum M-03-22, (9/26/2003), contains guidance for conducting PIAs as well as procedures for processing and posting completed assessments. Below are links to individual PIAs relevant to DNP: Treasury’s Working System PIA
Designation Requests for New Data Sources
For OMB to consider adding a new government or commercial data source, Do Not Pay must submit to OMB a written assessment to document the suitability of the new data source. When considering additional data sources for designation, OMB will consider at a minimum:
- Statutory or other limitations on the use and sharing of specific data;
- Privacy restrictions and risks associated with specific data;
- Likelihood that the data will strengthen program integrity across programs and agencies;
- Benefits of streamlining access to the data through the central DNP Initiative;
- Costs associated with expanding or centralizing access, including modifications needed to system interfaces or other capabilities in order to make data accessible; and
- Other policy and stakeholder considerations, as appropriate. Before designating additional data sources, OMB will publish a 30-day notice of the designation proposal in the Federal Register asking for public comment. At the conclusion of the 30-day comment period, if OMB decides to finalize the designation, OMB will publish a notice in the Federal Register to officially designate the data source for inclusion in the DNP Initiative.