How is PII Data Used Commercially?

September 19, 2017

The NCVHS Next Gen Vitals Hearing took place September 11-12, 2017, and while we weren’t able to attend the conference, we did want to provide some additional considerations for Panel 3 on how vital statistics data is used commercially to listed members who attended the conference.

Types of Data Required in the Commercial Sector

Vital statistics data includes a wide variety of data types, though in the Death Audit industry, we require non-public Personally Identifiable Information (PII). This type of data includes SSN, First Name, Last Name, Date of Birth, Address, City, State, Zip Code, Date of Death, Location of Death, Extended Contact Information and, potentially, Relative Information. While we maintain the highest levels of security on our proprietary SaaS platform, the information within these files is also protected by the Gramm-Leach-Billey Act and the Fair Credit Reporting Act.

By law, we are required to ascertain that the companies we work with have a legal right to access this data. Under these statues, it is our responsibility to document that we have made a reasonable effort to verify and validate the permissible purpose and permissible use of the data we provide our customers.

Users of Vital Statistics

In the commercial sector, Death Audit providers such as LifeStatus360 provide services to the insurance and retirement industries. Our customers provide participant information based on their individual data sets, and we search for and find death and life information as required.

While we provide our customers with Death Audit information, we also use additional PII data for our Life Audit Services, which allows us to locate our customers’ lost plan participants or shareholders. The additional information we provide allows our customers to remain in proper contact with their participants to maintain Governmental rules and regulations.

How Do We Protect Data Sharing & Transmission

Each of our customers is fully vetted and proven to be a proper business in good standing before being granted access to our platform. Each customer can then assign their selected and vetted employees access as required, as we maintain limited access to our data sources, which include:

  • Limited Access DMF
  • LifeStatus Proprietary
  • Obit360
  • States’ Data

Customers can only view their data and their results, and we always set each account to the lowest privilege to maintain security compliance.

We differ from our competitors in several ways; one of these ways is that we require our vetted customers to perform their own data uploads according to our guidelines. Each customer is responsible for viewing their individual data results behind our fully encrypted and protected SaaS LifeStatus360 website. Our site maintains the latest and greatest SSL certificate with extended validations and additional certifications to provide the highest degree of authentications, SSL encryption and protection. At LifeStatus360, we closely monitor our SSL site to ensure that all configuration protocols, cipher suites and protocols are properly set to ensure protection against any and all security threats.

We maintain a Cybersecurity Framework as described in the Information Security Guidelines for Use and Protection of the Limited Access DMF Information, and maintain a triple-layer security level.

Current Issues & Resolution: The Limited Access DMF & Closed States

To increase vigilance against fraud, waste and abuse; maintain ever-increasing compliance, and proactively detect potential fraud, waste and abuse, we need data. Our industry needs access to the complete Social Security Death Master File readily available and usable to meet the requirements and regulations set forth by the state and federal government bodies of the United States.

The state and federal governments seek to protect citizens from identity theft by hiding or limiting data. However, by hiding and limiting public and non-public PII data, the state and federal governments are increasing the very issues they seek to prevent with new legislation. We need the tools for FWAC and Detection.

Those tools are the data found in the Death Master File and the Closed States. The more we know, the more we can help to prevent fraud, waste, abuse, assist in the detection of fraud and ensure our customers maintain their compliance.

Leave a Reply

Your email address will not be published.