The National Technical Information Service (NTIS) published a final rule in the Federal Register on June 1, 2016, related to the “Certificate Program for Access to the Death Master File.” This rule, which goes into effect on November 28, 2016, impacts all companies planning to receive the Social Security Administration’s Limited Access Death Master File (DMF). To obtain access to the DMF, companies must demonstrate sufficient data security infrastructure and controls and receive documentation from an “Accredited Conformity Assessment Body” attesting to these safeguards. Companies must also demonstrate a legitimate fraud prevention or business purpose pursuant to a law, governmental rule, regulation, or fiduciary duty.
The final rule replaces an interim final rule enacted in March 2014, and it meets the requirements of the Bipartisan Budget Act of 2013, which called for a restriction of access to the DMF via a certification program. Certification costs are expected to increase compared to the interim rule; additional cost considerations, including attestation fees, will impose further financial burden on subscribers.
This article reviews the key changes in the NTIS Final Rule and the impact it will have on companies, the current state and concerns with the DMF, and solutions to DMF issues.