BASIC (09-05)

A. Policy – Disclosure Within SSA

The Privacy Act (5 U.S.C. 552a(b)(1)) allows disclosures of personal information within SSA to officers and employees who have a need for the information in the performance of their duties.

SSA employees and officials must adhere to established standards of conduct when accessing, using, and disclosing personal information in the Agency’s files. The standards of conduct are explained in the annual personnel reminders to all employees and in SSA’s disclosure regulations, 20 C.F.R. Part 401, Appendix A. See, respectively, http://personnel.ba.ssa.gov/ope/cpps/APR.html. and http://policynet.ba.ssa.gov/repository/cfr20/401/401-app-01.htm.

B. Policy – State Disability Determination Service (DDS) Role In SSA Disclosures

For the purpose of making disability determinations under sections 221 and 1633 of the Social Security Act (Act), SSA’s disclosure regulations define ‘Social Security Administration’ as including State DDS units (see 20 C.F.R. § 401.25). State DDSs are bound by and must comply with SSA’s confidentiality and disclosure requirements (see SSA regulations 20 C.F.R. § 404.1631.)

State DDSs may disclose information to third parties, as necessary, to carry out the disability determination functions under sections 221 and 1633 of the Act. States DDSs should not make decisions to disclose SSA information for purposes unrelated to the disability determination function unless:

• the DDS is specifically authorized in POMS Chapter GN 033 or the DDS Security Manual to disclose information, or

• a DDS has received authorization from an SSA regional office (RO) to disclose information.

An SSA RO may approve arrangements for a DDS to disclose information to other State agencies when:

• SSA has the authority to disclose information to that State agency,

• the DDS and other State agency agrees to abide by SSA’s confidentiality and disclosure rules and requirements, and

• a data exchange agreement is negotiated between SSA and the State agency allowing the DDS to provide information to the State agency.

C. Policy - Disclosure To Third Parties For Program Purposes

1. General

SSA has established routine uses under the Privacy Act that allow the Agency to disclose personal information to Federal, State, and local agencies and private entities, as necessary, to administer SSA programs and responsibilities under the Social Security Act (Act). Primarily, the disclosures relate to determining initial and continuing entitlement to or eligibility for benefits under the programs SSA administers under the Act. Examples of allowable disclosures to third parties include releases of information pertaining to:

• verifying an individual’s entitlement to or eligibility for benefits;

• verifying an individual’s capability to manage his/her benefit payments;

• verifying information provided by representative payees or payee applicants;

• locating an individual in connection with an SSA program matter when his/her address is unknown to SSA;

• verifying SSNs for employers for wage reporting purposes;

• disclosing wage reports to employers or former employers to reconstruct wage records submitted to SSA;

• disclosing information to social security agencies of foreign countries with which SSA has entered into international social security (totalization) agreements to adjudicate claims filed under the U.S. or foreign social security system and for carrying on other SSA or foreign program-related activities;

• disclosing information to medical and vocational consultants to prepare for or evaluate consultative examinations or vocational assessment of individuals applying for disability benefits under sections 221 and 1633 of the Act;

• processing an individual’s application for a Social Security number;

• conducting investigations of fraud and other criminal abuse in SSA programs; and

• reporting the activities of persons that pose a risk to the safety and security of SSA employees, customers, and facilities to appropriate law enforcement officials.

When necessary to administer the Title II Federal Old-Age, Survivors, and Disability Insurance Benefits program, Title VIII Special Benefits for Certain World War II Veterans, or the Title XVI Supplemental Security Income program, or provisions of Title XVIII Medicare for which SSA has responsibility, when relevant, both tax return information and non-tax return information may be disclosed.

2. Systems of Record from Which Disclosure May Be Made

A disclosure necessary to assist in administering an SSA program or responsibility may be made from any SSA system of records containing a statement of routine use allowing the particular disclosure. The systems of records from which disclosures are most frequently made are the following:

• 60-0058—Master Files of Social Security Number (SSN) Holders and SSN Applications,

• 60-0059—Earnings Recording and Self-Employment Income System,

• 60-0089—Claims Folders System,

• 60-0090—Master Beneficiary Record,

• 60-0103—Supplemental Security Income Record and Special Veterans Benefits System,

• 60-0222—Master Representative Payee File,

• 60-0269—Prisoner Update Processing System (PUPS),

• 60-0320—Electronic Disability (eDib) Claims File, and

• 60-0330—eWork System.

D. Policy - Minimization

SSA employs a policy of minimization when disclosing information to third parties, i.e., to the extent practicable, disclosing only the minimal information necessary to accomplish the purpose at hand. For example, if you are disclosing information to a third party in order to obtain information to process a claim for benefits, do not disclose the type of claim unless it is necessary to the particular situation.

When a disclosure is necessary, the following standards apply:

• Only the minimal information that is relevant and necessary should be disclosed.

• Only a minimum number of contacts should be made. The disclosure to the third party might be nothing more than the individual’s name and Social Security number (SSN), the fact that the individual has a claim before SSA, and, by inference, the nature of the situation. If it is not necessary to disclose the SSN, it should not be disclosed. For example, if there is no indication that the third party from whom SSA is seeking information maintains that information by SSN or otherwise needs to know the SSN, do not disclose it.

• When deciding how much information to disclose, consider whether the information can be obtained elsewhere without making a disclosure, and what uses the third party might make of any information disclosed by SSA.

EXAMPLE: When processing a claim for benefits, if it becomes necessary to disclose information to a third party to obtain information relative to the claim for benefits, disclose only the information the third party needs to in order to provide the requested records. For example, do not disclose the individual’s address, telephone number, SSN, or the fact that he/she has filed a claim with SSA, if it is not necessary to disclose this information.

E. Policy - Disclosure To Protect SSA Employees, Clients, And Facilities

Disclosure of information to appropriate law enforcement agencies, including private contractor security guards, to protect the safety and security of SSA employees, clients, and facilities is an extension of administration of SSA programs. SSA has established a routine use that allows these disclosures as warranted (see GN 03316.045A.2. and GN 03312.010A.1.).