TN 1 (12-16)
GN 03313.001 Disclosure Without Consent to Federal Agencies and Officials
The Privacy Act of 1974, Social Security Act, Internal Revenue Code (IRC), applicable Federal laws, and our disclosure regulations at 20 C.F.R. Part 401 require or permit us to disclose information to certain Federal agencies and officials without the written consent of the person, who is the subject of the record. This subchapter discusses the policy and procedures concerning disclosures without written consent that we make to certain Federal agencies and officials.
Federal agencies should not make requests for information in our records within field offices (FO). If the FO receives a request from a Federal agency, the FO should consult with its regional Privacy Act Coordinator (PAC). The following disclosure policies are intended to assist the regional PACs and Data Exchange Coordinators (DEC) in handling these requests. We exchange the majority of information from our records with other Federal agencies through centralized data exchange processes established and managed at Headquarters. Therefore, in assessing the request, it is important for the PACs and DECs to determine if a data exchange process already exists or whether we should establish one with the requesting agency
A. Requirements for a request
If a Federal agency makes a singular request for information from the FO, that request must meet certain criteria. It must:
be addressed from the head of the agency, or an employee or other official who the head of the agency has authorized to request information from us;
be written on the agency’s letterhead;
contain sufficient justification to enable us to determine whether we can disclose the information;
describe the information the third party is requesting; and
contain sufficient identifying information to enable us to locate the information in our systems.
For data exchange requests, the Office of Data Exchange and Policy Publications has created a public website that Federal agencies can access. This site details the process a Federal agency needs to go through in order to request information from us. Requesters can find the site at: https://www.ssa.gov/dataexchange/request_dx.html.
The Privacy Act requires us to employ a policy of minimization when we disclose information to third parties. Thus, to the extent possible, we disclose only the minimal information that is relevant and necessary to accomplish the purpose for which the third party requests the information. Further, in determining how much information we may disclose to a third party, we should consider whether the requested information can be obtained from some other source (e.g., outside of the Social Security Administration) as well as what uses the third party might make of the information we disclose.
C. Basic disclosure criteria
The Privacy Act permits us to disclose information to Federal agencies and officials without the written consent of the subject of a record when one of twelve exceptions apply. The following is a list of the eight Privacy Act exceptions we use most frequently to disclose information to Federal agencies and officials. You can find a complete list of the exceptions in GN 03301.099D, Exhibits – Confidentiality and Disclosure, Exhibit 3.
|Privacy Act Citation Exceptions||Purpose of Disclosure|
5 U.S.C. § 552a(b)(3) — Routine use disclosure
Allows disclosure for purposes that are compatible with the purpose for which we collect the information.
5 U.S.C. § 552a(b)(4)) — Bureau of Census (Census) disclosure exception
Allows disclosure to Census to plan or carry out a census, survey, or related activity pursuant to the provisions of Title 13.
5 U.S.C. § 552a(b)(6) — National Archives and Records Administration (NARA) disclosure exception
Allows disclosure to NARA to determine if a record has sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Archivist of the United States (or designee) to determine whether the record has such value.
5 U.S.C. § 552a(b)(7) — Law enforcement disclosure exception
Allows disclosure to law enforcement agencies for civil and criminal law enforcement activities when the head of the agency makes a written request for information.
NOTE: These disclosures must also meet SSA’s regulatory requirements for disclosure at 20 C.F.R. § 401.155.
5 U.S.C. § 552a(b)(9) — Congressional disclosure exception
Allows disclosure to either House of Congress, or a congressional committee, subcommittee, or joint committee or subcommittee for a matter within its jurisdiction.
NOTE: This does not authorize disclosure to an individual Member of Congress acting on his own behalf or on behalf of a constituent.
5 U.S.C. § 552a(b)(10) — Comptroller General (Government Accountability Office (GAO) disclosure exception
Allows disclosure to the Comptroller General to perform the duties of the GAO.
5 U.S.C. § 552a(b)(11) — Court order disclosure exception
Allows disclosure pursuant to an order of a Federal court of competent jurisdiction.
NOTE: These disclosures must also meet SSA’s regulatory requirements at 20 C.F.R. § 401.180
1. Records, systems of records and routine uses
A record is any item, collection, or grouping of information about an individual that we maintain, including, but not limited to, education, financial transactions, medical history, and criminal or employment history. A record contains a name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint, voiceprint, or a photograph.
b. Systems of records and routine uses
A system of records is a group of records from which we retrieve information by the name of the individual, an identifying number, symbol, or other identifying particular assigned to the individual. Each of our systems of records has a section titled “Routine uses of records maintained in the system, including categories of users and the purposes of such uses.” We may disclose information without consent to Federal agencies for purposes described by these routine uses listed in our systems of records. You may view our systems of records and their applicable routine uses at https://www.ssa.gov/privacy/sorn.html.
c. Analyzing a disclosure request
When analyzing a disclosure request you should:
ensure the requester identifies the specific information he/she seeks;
identify the system of record(s) that controls the collection and disclosure of the requested information; and
determine if the applicable system of record(s) contains a routine use that authorizes the disclosure of the information to the requester.
d. Routine uses permitting disclosure for health and income programs
One of our most common routine uses allows us to provide information without consent to Federal agencies (or agents on their behalf) that administer health maintenance or income maintenance programs similar to our programs. The administration of health or income maintenance programs includes conducting investigations and prosecutions of fraud or other criminal abuse of such programs by clients or employees.
A health maintenance program is any noncommercial program (such as Medicare and Medicaid) that a government agency administers to provide an individual with health care (both prevention and treatment) or to subsidize the cost of such care.
An income maintenance program is any noncommercial program that a government agency administers to provide an individual with the basic necessities of life (such as food, clothing, shelter and utilities), or supplement the individual’s income to permit the purchase of such necessities. Loan programs of any type are not income maintenance programs, even if subsidized by a government agency such as the Department of Housing and Urban Development.
Some of our systems of records that contain routine uses that permit disclosure for health and income maintenance programs are the:
60-0089—Claims Folders System,
60-0090—Master Beneficiary Record,
60-0103—Supplemental Security Income Record and Special Veterans Benefits System, and
60-0320—Electronic Disability Claims File.
e. eRoutine uses permitting disclosure for Social Security Number (SSN) verifications
Another common routine use allows us to disclose SSN verifications and identifying information as recorded in our records to Federal agencies that have a need for that information. SSN verifications pull certain information from our system of records 60-0058, the Master Files of Social Security Number (SSN) and SSN Applications System. When analyzing an SSN verification request, you should review this system’s routine uses to see if the requested disclosure is permissible.
f. Other routine uses
We may also disclose information from our records to Federal agencies for other purposes that are not related to administering health and income maintenance programs or not specific to requirements for SSN verification disclosures. For instance, we also have routine uses for specific agencies that administer specific programs. You should refer to our complete list of systems of records and their routine uses contained in the link above for further guidance on when we may disclose certain information from our records to Federal agencies.
2. Disclosure required by Federal law
Some Federal laws require us to disclose information to another government agency. These laws usually contain wording such as, “SSA shall disclose...” or “The head of each Federal agency shall disclose . . .” In such cases, we comply with the statutory mandate to disclose information consistent with SSA disclosure regulations, which provide that we disclose information without consent when a law specifically requires disclosure. For more information about disclosures required by law, see 20 C.F.R. § 401.120. We also establish routine uses based upon the statutory mandate to disclose information, deeming the disclosure compatible based on the mandate to disclose.
3. Disclosure to an agent of a Federal agency
A Federal agency may use a third party as an “agent” (e.g., a contractor) to administer or assist in administering its income maintenance or health maintenance programs. Before disclosing information to the agent, you should send these requests to the Office of Privacy and Disclosure (OPD) at ^OGC OPD Controls. OPD will determine if the request meets the following criteria:
the agent is in a contractual or similar arrangement with the Federal agency to act on the Federal agency’s behalf to administer or assist in administering an income maintenance or health maintenance program; and
we have proof of the relationship from the Federal agency (e.g., a copy of its contract or other formal agreement with the agent or written communication on the Federal agency’s letterhead stating that the agent is acting as its agent in the matter at hand); and
the purpose of the disclosure and use of the data by the agent is consistent with the written data exchange agreement between us and the Federal agency; and
we have a routine use that allows the disclosure; and
the agent agrees in writing to abide by all of the use, redisclosure restrictions, and security requirements in the data exchange agreement.
4. Kinds of information that Federal agencies and officials may request
We may disclose non-tax return information to Federal agencies and officials, without the consent of the subject of the records, when the requests meet our disclosure criteria.
a. Non-tax return information
Non-tax return information includes:
|Types of Information||Specific Data Elements|
Name, SSN, date of birth, place of birth, sex, parents’ names, date of application, and citizenship.
Title II, title XVI, and title VIII initial and post entitlement eligibility information, payment data such as monthly benefit amount, claim type, and claim status.
Health Insurance Information
Date(s) of entitlement, premium amount collectable.
Medical reports, test results, consultative exam results, etc
NOTE: We cannot disclose records with drug and alcohol abuse indicators without consent.
Earnings or Wage Data
Quarters of coverage, average current earnings, information that the employer furnishes other than on a tax report filed with the Internal Revenue Service, and Employee State government tax returns filed with us prior to January 1, 1987 for Social Security coverage.
b. Tax return information
The IRC permits us to disclose tax return information, in certain situations, to Federal agencies and officials. For more information concerning the disclosure of tax return information to Federal agencies, see GN 03320.015, Disclosure of Tax Information Without Consent.
Examples of tax return information include:
|Types of Information||Specific Data elements|
|Earnings Information (Reported by employers on Form W-2).||Employer names and addresses, employee names and SSNs, the amount of wages earned and the period(s) during which the employee earned such wages.|
Tax Returns/Employer Reports
Schedules, Employer’s Quarterly Federal Tax Return.
Form SS-4 (Application for Employer Identification Number)
The form and any information derived from it.
Social Security Statements
The portion of the Social Security Statement that identifies a person’s earnings.
Information Pertaining to Identifiable Taxpayers
Summary Earnings Query, Detailed Earnings Query, and Full Claims Earning Record.
5. Office of the General Counsel (OGC) opinions
At times, an individual’s claim file may contain an OGC opinion. Generally, we only disclose OGC legal precedent opinions. A legal precedent opinion is legal advice that the Regional Chief Counsel issues on the application of State law in a title II or title XVI domestic claim. OGC also issues legal precedent opinions on the application of District of Columbia law in a title II foreign claim that the substantive Central Office (CO) policy component designates for national distribution. For more information on legal precedent opinions, see GN 01010.810. Refer all requests involving OGC non-precedent opinions to OPD.
6. Program case integrity files
Refer requests for information from the agency’s Program Integrity Case Files to the Office of the Inspector General.
7. Disclosure via electronic data exchanges
We have established efficient and cost-effective computer matching and other formal electronic data exchanges to facilitate the majority of disclosures of information from our records to Federal agencies.
As necessary, FOs should consult with the regional office DEC and CO components should consult with ODEPP to determine if we have a data exchange program in operation with a particular Federal agency if it makes a request for information. Federal agencies seeking information from SSA should be aware of the existing data exchange processes before making any requests.
In addition, ODEPP has created a public website that Federal agencies should access and use to make data exchange requests. This site details the process a Federal agency needs to complete to request a data exchange with SSA. The site is located at: https://www.ssa.gov/dataexchange/request_dx.htm
D. Requests for Information via telephone
We may disclose information by telephone to Federal agencies only after we establish the identity of the caller. For telephone requests from Federal agencies, follow requirements in GN 03360.005A.8, Releasing Information by Telephone. When the calling party does not know the SSN of record, see GN 03360.005A.1.b.
E. Releasing personal information via email
Our policy on the use of email conforms to the National Institute of Standards and Technology’s Special Publication 800-45, “Guidelines on Electronic Mail Security.” We only transmit Personally Identifiable Information (PII) outside of the SSA firewall by secure encrypted email. We have secure encrypted email connections with several Federal agencies:
Railroad Retirement Board
Department of the Interior
Federal Bureau of Investigation
United States Treasury
United States Department of Justice
Department of State
Department of Veterans Affairs
Department of Homeland Security
Office of Personnel Management
Department of Transportation
Department of Labor
Health and Human Service
We maintain a full, updated list of our secure partner agencies at http://ois.ssahost.ba.ssa.gov/dse/data_loss_prevention/secure_partners.htm. Sending PII via email must be done in strict accordance with SSA policies and procedures.