In the world of HIPAA compliance, sometimes the only constant is change. It is not out of the norm for one of our clients to come to us with a question or request that at times, takes us by surprise. This occurred recently when a client contacted us about acting as an “Accredited Conformity Assessment Body” (ACAB) so they could access the Social Security Limited Access Death Master File (LADMF) also called DMF…. Just when you thought you had enough acronyms to keep track of!
What is the LADMF
The DMF is essentially a database maintained by the Social Security Administration (SSA) and contains over 86 million records on deceased individuals. Used to verify death, the online file has many purposes and is used by a variety of users, including: medical researchers, hospitals, oncology programs (tracking former patients and subjects), investigative firms (payment of pension funds), insurance organizations, and the list goes on.
In November 2016, changes were made to the access requirements for individuals or organizations seeking to view the DMF. Due to the sensitive nature of the information coupled with an effort to prevent identify theft and fraud, individuals or entities must now submit a attestation form filled out by an ACAB to prove that the appropriate systems, facilities and procedures are in place to safeguard information and maintain the confidentiality and security of that information.
Complete an SRA
In order for a healthcare entity to prove they have the appropriate safeguards in place to view the DMF, they must complete a Security Risk Analysis (SRA) PRIOR to requesting access. Along with a myriad of other benefits; an SRA accurately displays an organization’s safeguards and subsequent remediation plan to correct any deficiencies. By completing an SRA, healthcare organizations prove their commitment to properly securing sensitive information and building an overall “culture of compliance” at their workforce.
HIPAA One = ACAB
As your HIPAA compliance vendor, we are happy to offer our services and act as your ACAB free of charge if you use our software to complete your SRA*. However; we are unable to assume that role for clients who conducted an SRA independently or without using our software. If your organization meets our requirements and you would like us to act as your accredited assessment body, these are the steps to complete prior to sending us the DMF attestation form:
- Pay the Fee – There is an annual fee of $1,575.00 for processing the LADMF Subscriber Certification Form, payment can be processed here: https://classic.ntis.gov/Search/Home/titleDetail?abbr=DMFCERT0002. Additionally, every three years a processing fee of $525.00 to have access to the LADMF ACAB Systems Safeguards Attestation Form is required.
- Complete Subscriber Form – After the payment has been accepted, complete and submit the LADMF Subscriber Certification Form at https://dmfcert.ntis.gov. Certification must be renewed each year.
- Order Number Assigned – Each organization is assigned a specific order number which will be used on the ACAB Systems Safeguard Attestation Form.
- Form Completed – HIPAA One will fill out the ACAB form free of charge.
- Form Submitted – HIPAA One will submit the form on behalf of the client.
*completed within the past 3 years, remote or onsite
Example of the ACAB Attestation Form: