Do Not Pay Privacy Program

The Payment Integrity Information Act of 2019 (PIIA) codifies ongoing efforts to develop and enhance steps taken to prevent, waste, fraud, and abuse in Federal spending.

All federal agencies must adhere to the Privacy Act of 1974 which seeks to protect the privacy of information found in records used by federal agencies. A number of the data sources utilized by DNP are labeled as "Restricted" because they contain personally identifiable information. When an agency requests access to Restricted data sources, a Computer Matching Agreement (CMA) may be required to ensure agencies are in compliance with the governance that protects this information.

Privacy Act of 1974

The Privacy Act of 1974 as amended to present 5 U.S.C. § 552a, governs DNP in the handling of data, to ensure the protection of records about individuals retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. On March 5, 2021 the Office of Management and Budget (OMB) released Memorandum M-21-19 to ensure that individual privacy is fully protected while reducing improper payments with the DNP Initiative.

Computer Matching Programs

The Computer Matching and Privacy Protection Act of 1988 (the Act), Pub.L.100-503, amends the Privacy Act of 1974, and establishes procedural safeguards affecting agencies' use of Privacy Act records in performing certain types of computerized matching programs. The Act regulates the use of computer matching by federal agencies involving personally identifiable records maintained in a system of records subject to the Privacy Act. The Act requires agencies to have written agreements in place specifying the terms under which matches are to be conducted. The Act applies to the computerized comparison of two or more automated systems of records (or federal personnel or payroll systems of records) between federal agencies or between a federal agency and a non-federal agency. for the purpose of establishing or verifying eligibility or compliance as it relates to cash or in-kind assistance or payments under federal benefit programs. Computer Matching Programs are more commonly stated as Computer Matching Agreements or CMAs.

Under to 5 U.S.C. § 552a(o), any record contained in a system of records may only be disclosed to a recipient agency or non-federal agency for use in a computer matching program pursuant to a CMA. DNP computer matching programs published in the Federal Register and other matching documentation are provided below:

DNP CMA with HHS Centers for Medicare & Medicaid Services (CMS)

DNP CMA Waiver with the Small Business Administration - March 2021

DNP CMA Waiver with the Small Business Administration - October 2023

DNP CMA with Veterans Affairs

System of Records Notices (SORNs)

A system of records is defined by the Privacy Act of 1974 as “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.”

Rules exempting systems of records from certain Privacy Act requirements are in 28 CFR Part 16, Subpart E. Below is a listing of systems of records maintained by DNP and original source agencies that are subject to the Privacy Act of 1974.

Credit Alert System (CAIVRS)– CAIVRS is comprised of data from the following agencies:
1. Department of Education (Education)
2. Department of Housing and Urban Development (HUD)
3. Department of Justice (DOJ) - Debt Collection Enforcement System, JUSTICE/DOJ-016
4. Small Business Administration (SBA) - SBA 21 -- Loan System and SBA 20-Disaster Loan Case File
5. U.S. Department of Agriculture (USDA)
6. Veterans Affairs (VA) - VA's Privacy Act System of Records, Compensation, Pension, Education, and Rehabilitation Records--VA (58VA21/22/28)
Some agencies are currently in the process of confirming their applicable CAIVRS SORNs and routine uses that allow for disclosures to DNP. Links to those SORNs will be posted as they are identified.
Treasury Offset Program (TOP) Debt Check of the Department of the Treasury - FMS .014 – Debt Collection Operations System
SAM Entity Registration and Exclusion Records (referred to in IPERIA as Excluded Party List System) of the General Services Administration (GSA)
List of Excluded Individuals & Entities of the Office of Inspector General of the Department of Health and Human Services (HHS) – Health Care Program Violations
Treasury/Fiscal Service .017 – Do Not Pay Payment Verification Records

Variations between data source record retention schedules or other restrictions (e.g. routine uses) and the Treasury/Bureau of the Fiscal Service .023 SORN will be listed below.

On October 7, 2012, the Secretary of the Treasury issued Treasury Order 136–01, establishing within the Department of the Treasury the Bureau of the Fiscal Service (Fiscal Service). The new bureau consolidated the bureaus formerly known as the Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). On October 2, 2013, Fiscal Service published a final rule that changed references in 31 CFR Part 202-391 from “FMS” or “BPD” to "Fiscal Service."

Final Rule (October 2, 2013)

Data Correction Process

The Payment Integrity Information Act of 2019 (PIIA) requires that DNP describe the data correction process on its website.

Whenever an original source agency receives a request for correction of data, it may follow its existing process for handling such requests in accordance with applicable laws, regulations, or policies. The agency will promptly review the request and make a determination.

If the agency determines that corrections are needed to data, the data will be corrected at both the original source agency and in the DNP portal to avoid discrepancies between two versions of the same dataset.

Please direct any requests to correct the original source agency's data to the corresponding original source agency. The data sources and corresponding agencies are listed below:

Table may scroll on smaller screens

Data Source	Contact Information	Examples of Data Correction Request Triggers
DEATH		Verify if a payee is deceased
American InfoSource Obituary & Probate (AIS)	Website:https://www.americaninfosource.com/contact-us/deceased-data-inquiry	If a payee is listed as deceased and that is not the case.
Social Security Administration Death Master File (DMF)	The individual’s local social security office, which can be found at: Website: secure.ssa.gov/ICON/main.jsp	If a payee is listed as deceased and that is not the case.
Department of Defense Death Data (DOD)	Email: dmdc.drshelpdesk@mail.mil	If a payee is listed as deceased and that is not the case.
Department of State Death Data (DOS)	Email: OCSSystemsLiaison@state.gov	If a payee is listed as deceased and that is not the case.
National Association for Public Health Statistics and Information Systems (NAPHSIS) Electronic Verification of Vital Events Fact of Death (EVVE FOD)	Contact List: EVVE FOD Contacts	If a payee is listed as deceased and that is not the case.
DEBARMENT		Verify whether an individual or entity is ineligible
Internal Revenue Service (IRS)	Tax Exempt Organization irs.gov/charities-non-profits/automatic-revocation-of-exemption Non-Profit Taxes Phone: 877-829-5500
Automatic Revocation of Exemption List (ARL)		Tax exempt status is revoked
Publication 78 (PUB 78)		List of organizations that can receive tax-deductible contributions
Form 990-N (e-Postcard) (990-N)		Small tax-exempt organizations (annual gross receipts normally $50,000 or less) are eligible to file instead or Form 990 or Form 990-EZ
Health & Human Services Office of Inspector General (HHS OIG) List of Excluded Individuals & Entities (LEIE)	HHS OIG External Affairs Office Phone: 202-691-2311 Email: sanction@oig.hhs.gov	If an entity should not be excluded from participating in federal health care programs.
Office of Foreign Assets Control (OFAC)	Website: ofac.treasury.gov/specially-designated-nationals-list-sdn-list/filing-a-petition-for-removal-from-an-ofac-list	"Specially Designated Nationals" or "SDNs"; assets are blocked, and U.S. persons are generally prohibited from doing business with them
GSA’s System for Award Management (SAM) – Entity Registration Records and Exclusion Records	The agency taking the exclusion action and that agency’s designated Exclusions Point of Contact. SAM Customer Service: Federal Service Desk Website: fsd.gov Phone: 866-606-8220	If an individual is listed as debarred and that is not the case.
DEBT		Verify if an individual or entity is delinquent, owes non-tax debt, or child support
Credit Alert System (CAIVRS) - DOJ	https://www.justice.gov/opcl/doj-privacy-act-requests *Requesting Amendment or Correction of Records in Accordance with the Privacy Act* The Privacy Act also permits an individual to request an amendment or correction of a record pertaining to that individual, subject to certain limitations and exemptions. *Making a Privacy Act Amendment or Correction Request* A request for amendment or correction of a Department of Justice record about yourself may be made by appearing in person or by writing directly to the Department component that maintains the record. In most cases, a component’s central Privacy Act or Privacy Act/FOIA office is the appropriate place to send a Privacy Act amendment request. A list of contacts can be found at: https://www.justice.gov/oip/find-foia-contact-doj/list. If you believe that DOJ maintains the records you would like to amend or correct, but you are uncertain about which component has the records, you may send your request to the Department’s Mail Referral Unit at: FOIA/PA Mail Referral Unit Department of Justice Room 115 LOC Building Washington, DC 20530-0001 Phone: (202) 616-3837 E-mail: MRUFOIA.Requests@usdoj.gov Personnel in the Mail Referral Unit will then forward your request to the DOJ component they determine is most likely to maintain the records you would like to amend or correct.	If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – HUD	If you are making a written request for data correction, letters should be addressed to: Privacy Act Officer Department of Housing and Urban Development 451 7th St. SW, CVB-4th Floor Washington, DC 20410 Read More at HUD.gov	If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – SBA	Website: sba.gov/about-sba/open-government/privacy-act-request-guide	If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – USDA Rural Development (RD)	Phone: 800-428-9643 Email: rd.nfaoc.dcib@stl.usda.gov	If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) - USDA Farm Service Agency (FSA)	Phone: 800-428-9643 Email: rd.nfaoc.dcib@stl.usda.gov	If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – VA	VA Debt Management Center https://www.va.gov/debtman/ Phone: 800-827-0648	If an individual is not a delinquent federal borrower.
Treasury Offset Program (TOP) Debt Check	If you owe a debt to the government: You must contact the specific federal agency or state you owe the money to. TOP cannot make arrangements for you to pay off your debt, discuss your debt with you or refund your money. The TOP Interactive Voice Response (IVR) system on 800-304-3107 can tell you who to call. Hearing impaired customers may use the Federal Relay Service by dialing 800-877-8339 to reach a Communications Assistant (CA) who will dial the toll free number.	If an individual does not owe delinquent non-tax debts to the federal government (and participating States).

Privacy Impact Assessments

Section 208 of the E-Government Act of 2002 requires agencies to conduct Privacy Impact Assessments (PIA) for information technology (IT) systems or projects that collect, maintain or disseminate personally identifiable information (PII) from or about members of the public. A PIA is required for new systems or projects, those systems undergoing modification or enhancement, and Paperwork Reduction Act electronic collections of information. OMB Memorandum M-03-22, (9/26/2003), contains guidance for conducting PIAs as well as procedures for processing and posting completed assessments. Below are links to individual PIAs relevant to DNP: Treasury’s Working System PIA

Designation Requests for New Data Sources

For OMB to consider adding a new government or commercial data source, Do Not Pay must submit to OMB a written assessment to document the suitability of the new data source. When considering additional data sources for designation, OMB will consider at a minimum:

Statutory or other limitations on the use and sharing of specific data;
Privacy restrictions and risks associated with specific data;
Likelihood that the data will strengthen program integrity across programs and agencies;
Benefits of streamlining access to the data through the central DNP Initiative;
Costs associated with expanding or centralizing access, including modifications needed to system interfaces or other capabilities in order to make data accessible; and
Other policy and stakeholder considerations, as appropriate. Before designating additional data sources, OMB will publish a 30-day notice of the designation proposal in the Federal Register asking for public comment. At the conclusion of the 30-day comment period, if OMB decides to finalize the designation, OMB will publish a notice in the Federal Register to officially designate the data source for inclusion in the DNP Initiative.

Last modified 12/22/23