Privacy Act of 1974, As Amended: Proposed New Routine Use

AGENCY:

Social Security Administration.

ACTION:

New Proposed Routine Use Applicable to Four Systems of Records.

SUMMARY:

In accordance with the Privacy Act of 1974 (5 U.S.C. 552a(e)(4) and (e)(11)) and our disclosure regulations (20 CFR Part 401), we are issuing public notice of our intent to publish a new routine use applicable to our systems of records entitled:

• Master Files of Social Security Number (SSN) Holders and SSN Applications, (60-0058) (the Enumeration System)
• Earnings Recording and Self-Employment Income System, (60-0059)
• Master Beneficiary Record (MBR), (60-0090)
• Prisoner Update Processing System (PUPS), (60-0269)

The Patient Protection and Affordable Care Act of 2010 (Pub. L. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152) (collectively, the ACA) requires the use of a single, streamlined application to determine eligibility for an Insurance Affordability Program (IAP), which includes:

• a Qualified Health Plan (QHP) through an Exchange,
• Advance Payments of the Premium Tax Credit (APTC),
• Cost-Sharing Reductions (CSR),
• Medicaid,
• the Children's Health Insurance Program (CHIP), and
• the Basic Health Program (BHP).

As a part of the eligibility determination process, individuals may apply for an exemption from the individual responsibility requirement to maintain coverage (certification of exemption). The new routine use will enable SSA to disclose information to the Department of Health and Human Services (DHHS)/Centers for Medicare & Medicaid Services (CMS) to confirm the accuracy of attestations made by an individual to determine eligibility and entitlement to an IAP and identify individuals who qualify for certifications of exemption under the ACA. We discuss the routine use in detail in the Supplementary Information section below. We invite public comment on this proposal.

DATES:

We filed a report of the routine use with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Oversight and Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB). The routine use will become effective on August 31, 2013 unless we receive comments before that date that would result in a contrary determination.

ADDRESSES:

Interested persons may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, Room 617 Altmeyer Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401. All comments we receive will be available for public inspection at the above address.

FOR FURTHER INFORMATION CONTACT:

Keisha Mahoney, Government Information Specialist, The Electronic Interchange and Liaison Division, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, Room 617 Altmeyer Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 966-9048, Email: Keisha.Mahoney@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed New Routine Use

Section 1411(c) of the ACA requires the Secretary of DHHS/CMS to establish a program meeting the requirements of the ACA to determine eligibility for and enrollment in an IAP, including:

• a QHP through the Exchange,
• APTC,
• CSRs,
• Medicaid,
• the CHIP, and
• the BHP.

As a part of the eligibility determination process, individuals may apply for certifications of exemption under the ACA. Specifically, individuals must furnish their name, date of birth, Social Security number (SSN), and attestation of citizenship status to the Secretary of DHHS/CMS. The Secretary of DHHS/CMS will submit the information to the Commissioner of SSA for a determination as to whether the information submitted is consistent with the records of SSA. The ACA also permits the Secretary of DHHS/CMS to request additional information that is relevant to determining entitlement and eligibility to programs. To accommodate such requests, SSA will disclose (1) Disability indicator, (2) death indicator, (3) prisoner data, (4) quarters of coverage, and (5) monthly and annual Social Security benefit information under title II of the Social Security Act (Act). Section 1411(c)(4) of the ACA requires DHHS/CMS and SSA to use an on-line system or a system otherwise involving electronic exchange to support such transactions. To support this need, we are establishing a new routine use to allow for such disclosures by SSA to DHHS/CMS. DHHS/CMS will use the data for the purpose of the administration of IAPs and for certifications of exemption under the ACA.

II. Proposed New Routine Use

The Privacy Act requires that agencies publish a notice in the Federal Register of “each routine use of the records contained in the system, including the categories of users and the purpose of such use.” 5 U.S.C. 552a(e)(4)(D). We developed the following new routine use that will allow us to disclose information to DHHS/CMS:

To the Department of Health and Human Services (DHHS)/Centers for Medicare and Medicaid Services (CMS) for the purpose of the administration of Insurance Affordability Programs (IAP) and to identify individuals who qualify for an exemption from the individual responsibility requirement in accordance with the Patient Protection and Affordable Care Act of 2010 (Pub. L. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152). IAPs include a Qualified Health Plan through the Exchange, Advance Payments of the Premium Tax Credit, Cost Sharing Reductions, Medicaid, the Children's Health Insurance Program, and the Basic Health Program.

The new routine use will be included in the following systems of records:

• 60-0058, Master Files of SSN Holders and SSN Applications, last published on December 29, 2010 at 74 FR 62866, as new routine use 45;
• 60-0059, Earnings Recording and Self-Employment Income System, last published on January 11, 2006 at 71 FR 1819, as new routine use 34;
• 60-0090, Master Beneficiary Record, last published on January 11, 2006 at 71 FR 1826, as new routine use 39; and
• 60-0269, Prisoner Update Processing System (PUPS), last published on March 8, 1999 at 64 FR 11076, as new routine use 13.

SSA will rely on this routine use to disclose only those data elements from SSA's system of records that DHHS/CMS has demonstrated are necessary for the administration of IAPs and certifications of exemption in accordance with the ACA.

III. Compatibility of Routine Use

In accordance with the Privacy Act (5 U.S.C. 552(a) and (b)(3)), and our disclosure regulations (20 CFR Part 401), we are proposing to establish a new routine use to support the ACA.

We can disclose information when the disclosure is required by law (20 CFR 401.120).

• Section 1411(c) of the ACA requires SSA to determine whether the name, date of birth, SSN and attestation of citizenship of individuals applying for IAPs under the ACA are consistent with information in SSA's records.
• Section 205(r)(3) of the Social Security Act (Act) permits SSA to disclose, on a reimbursable basis, death information to a Federal or State agency that administers a Federally-funded benefit other than pursuant to the Act to ensure proper payment of such benefit. Section 7213 of the Intelligence Reform and Terrorism Prevention Act of 2004 provides SSA authority to add a death indicator to verification routines that the agency deems appropriate.
• Sections 202(x)(3)(B)(iv) and 1611(e)(1)(I)(iii) of the Act permit SSA to disclose, on a reimbursable basis, prisoner information to an agency administering a Federal or Federally-funded cash, food, or medical assistance program for eligibility and other administrative purposes under such program.

We can also disclose information when the purpose is compatible with the purpose for which we collected the information and is supported by a published routine use (20 CFR 401.150). The Privacy Act allows us to disclose information maintained in a system of records without consent of the record subject to another party if such disclosure is pursuant to a routine use published in the system of records. 5 U.S.C. 552a(b)(3). A “routine use” must be compatible with the purpose for which SSA collected the information (5 U.S.C. 552a(a)(7)). Under SSA's regulations, SSA may publish a routine use permitting it to disclose information to another government entity for the administration of other government programs when the information requested concerns eligibility, benefit amounts, or other matters of benefit status in a Social Security program and is relevant to determining the same matters in other programs. 20 CFR 401.150(c). SSA collects information from applicants for, and beneficiaries of, Social Security benefits to determine entitlement and eligibility to such SSA benefits and the amount of those benefits. Under the new routine use and in accordance with the ACA, SSA will disclose information concerning eligibility, benefit amounts, or other matters of benefit status in a Social Security program to DHHS/CMS for use in making initial eligibility determinations, and eligibility redetermination and renewal decisions, including appeal determinations for IAPs, and certifications of exemption under the ACA. Specifically, DHHS/CMS will use the information SSA provides to determine entitlement and eligibility in QHPs offered through an Exchange, including the APTCs under section 36B of the Internal Revenue Code of 1986 and CSRs under section 1402 of the ACA; a State Medicaid program under title XIX of the Act; the CHIP under title XXI of the Act; a State program under section 1331 of the ACA establishing qualified BHPs; and a certification of exemption pursuant to section 1311(d)(4)(H) of the ACA. The verification and disclosure of information in our records to DHHS/CMS for its use in administering the health and income maintenance programs under ACA and the Act, meet the statutory and compatibility requirements for routine use disclosures.

IV. Effect of the Routine Use on the Rights of Individuals

DHHS/CMS and SSA are subject to Privacy Act requirements. Our disclosures to DHHS/CMS are compliant with the Privacy Act, the ACA, and the Social Security Act. The Privacy Act requires that our routine use be compatible with the purpose for which we collected the information. 5 U.S.C. 552a(a)(7) and (b)(3). In this case, we collect the information we plan to disclose in order to administer our programs. We will disclose this information to DHHS/CMS in connection with the administration of IAPs and certifications of exemption under ACA. We have determined that this is a compatible purpose under the Privacy Act and our regulation. After we disclose information to DHHS/CMS under the new routine use, the information is subject to the relevant DHHS System of Records Notices. We will enter into a Computer Matching and Privacy Protection Act (CMPPA) agreement with DHHS/CMS to support the new routine use disclosures. CMPPA agreements have specific provisions to protect the privacy rights of record subjects; to protect the confidentiality and integrity of the records; and to prohibit unauthorized use of the records. Therefore, we do not anticipate that the routine use will have an unwarranted adverse effect on the privacy or other rights of individuals about whom we will disclose information.