Last May, we wrote a “How To” blog on the Social Security Limited Access Death Master File (LADMF) aka DMF and the response has been overwhelming! The HIPAA One team is delighted by how many of you have come forward and asked us to assist your organization in accessing this file. As the rest of the industry catches up and the need continues to grow, we want to revisit the content again. Being that this file contains critical information for healthcare providers, continue reading on to learn “how and why” HIPAA One can act as an Accredited Conformity Assessment Body (ACAB) for your organization.
What is the LADMF
The DMF is essentially a database maintained by the Social Security Administration and contains over 86 million records on deceased individuals. Used to verify death, the online file has many purposes and is used by a variety of users, including: medical researchers, hospitals, oncology programs (tracking former patients and subjects), investigative firms (payment of pension funds), insurance organizations, etc.
In November 2016, changes were made to the access requirements for individuals or organizations seeking to access the DMF. Due to the sensitive nature of the information coupled with an effort to prevent identify theft and fraud, individuals or entities must now submit a written attestation form an ACAB to prove that the appropriate systems, facilities and procedures are in place to safeguard information and maintain the confidentiality and security of that information.
In order for a healthcare entity to prove they have the appropriate safeguards in place to access the DMF file, they must complete a Security Risk Analysis (SRA.) Along with a myriad of other benefits; an SRA accurately displays an organization’s safeguards and subsequent remediation plan to correct any deficiencies. By completing an SRA, healthcare organizations prove their commitment to properly securing sensitive information and building an overall “culture of compliance” at their workforce.
HIPAA One = ACAB
As your HIPAA compliance vendor, we are happy to offer our services and act as your ACAB if you used our software to complete your SRA*. However; we are unable to assume that role for clients who conducted an SRA independently or without using our tools.
If your organization meets our requirements and would like us to act as your accredited assessment body to access the DMF, these are the steps you must complete prior to sending us the attestation form:
- There is an annual fee for processing the LADMF Subscriber Certification Form, payment can be processed here: https://classic.ntis.gov/Search/Home/titleDetail?abbr=DMFCERT0002. Additionally, every three years a processing fee of $525.00 LADMF ACAB Systems Safeguards Attestation Form is required.
- After the payment has been accepted, complete and submit the LADMF Subscriber Certification Form at https://dmfcert.ntis.gov. Certification must be renewed each year.
- An order number will be assigned to the organization
- HIPAA One will then fill out the ACAB form free of chare
- HIPAA One will submit the form on behalf of the client to the email provided on the form
*completed within the past 3 years, remote or onsite
EXAMPLE OF THE ACAB ATTESTATION FORM
Contact us at firstname.lastname@example.org or call 801-770-1199 to speak with one of our experienced auditors.