SOCIAL SECURITY ADMINISTRATION

PRIVACY IMPACT ASSESSMENT

 

·         Name of project.

Recovery of Overpayments, Accounting and Reporting System

·         Unique project identifier.

016-00-SSA/DCS-M-007

·         Privacy Impact Assessment Contact.

      Director
      Division of Title II Payments and Accounting
      Office of Retirement Survivors and Insurance Systems
      Social Security Administration
      6401 Security Boulevard
      Baltimore, MD 21235

·         Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.

The Recovery of Overpayments, Accounting and Reporting (ROAR) System is a Social Security Administration (SSA) certified and accredited Major Application consisting of several sub-systems to record and control the recovery of overpaid Title II (Retirement, Survivors, Disability Insurance) program benefits, overpaid Title XVI (Supplemental Security Income) and Title VIII (Special Veterans Benefits) programs benefits which are recoverable against Title II benefits, and Title XVIII (Health Insurance) overpayments that the Centers for Medicare and Medicaid Services has requested SSA to recover on their behalf.  The ROAR system also has on record some Black Lung overpayments as they were at the point in time when the Department of Labor took responsibility for all Black Lung overpayment related functions.  The ROAR system controls the recovery activity when a refund is requested or adjustment is proposed for an overpayment, incorrect payment and/or misused or conserved funds debts.  The ROAR system also provides information to other SSA systems which handle other overpayment recovery actions.

Generally, the ROAR System master file contains the overpayment record, the actions against the overpayment record, the causes of the overpayment, the overpayment amounts, the collection status of the overpayment, remittance agreements, waiver and reconsideration information, information about the individual who is liable for the debt, the trust fund to which the debt is owed, amounts collected or written off, and the component that has jurisdiction for recovery of the debt.  The information on the ROAR System is collected in order to control and document the recovery of the overpayments as well as provide financial information on SSA's Title II accounts receivable.

We generally disclose this information only as necessary to collect payment from individuals who owe monies to SSA, or as authorized by Federal law.  The ROAR System is not accessible to members of the public.

·         Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.

The ROAR System has undergone authentication and security risk analyses.  The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems.  These include technical, management, and operational controls that permit access to those users who have an official “need to know.”  Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.

We protect the information in the ROAR System by requiring employees who are authorized to access the information system to use a unique Personal Identification Number.  In addition, we store the computerized records in secure areas that are accessible to those employees who require the information to perform their official duties.  Furthermore, all of our employees who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.

·         Describe the impact on individuals’ privacy rights.

Are individuals afforded an opportunity to decline to provide information? 

We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act.  When we collect personal information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information.  The individuals can then make informed decisions as to whether or not they should provide the information.

Are individuals afforded an opportunity to consent to only particular uses of the information?

When we collect information from individuals, we advise them of the purposes for which we will use the information.  We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so

(e.g., the Privacy Act).   

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?

No.  An existing system of records, Recovery of Overpayments, Accounting and Reporting (60-0094), covers the ROAR System, and it does not require any changes.

PIA CONDUCTED BY PRIVACY OFFICER, SSA:

Privacy Officer Willie J Polk

______________________________                     September 25, 2007

SIGNATURE                                                          DATE

PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:

   /S/    Thomas W. Crawley________                       September 27, 2007

SIGNATURE                                                             DATE


Privacy Policy