What is the Limited Access Death Master File (LADMF)?
The LADMF, or Limited Access Death Master File, contains sensitive information that cannot be disclosed during the three-year period following an individual’s death, including:
- Social Security Number
- Name
- Date of Birth
- Date of Death
Effective November 28, 2016, organizations face a more stringent certification process to be granted access to the DMF. To access the DMF, an individual or entity must:
- Have a legitimate fraud prevention interest; or
- Have a legitimate business purpose to a law, government rule, regulation, or fiduciary duty
The main changes that organizations need to be prepared for are:
- Annual recertification by the organization seeking access
- Third-party conformity attestation every three years
- Agreement to schedule and unscheduled audits, conducted by National Technical Information Service (NTIS) or the Accredited Conformity Assessment Body (ACAB) at the request of NTIS
- Fines up to $250,000 per year for noncompliance
The entity wishing to access the DMF must submit written attestation from an ACAB to prove that the appropriate systems, facilities and procedures are in place to safeguard information and maintain the confidentiality, security, and appropriate use of the information.
To better understand the requirement, organizations can find the sample certification forms here:
- Subscriber Certification Form – Sample
- Accredited Conformity Assessment Body Systems Safeguards Attestation Form – Sample
- State or Local Government Auditor General or Inspector General Systems Safeguards Attestation Form – Sample
Subscriber Certification must be completed annually. The LADMF Systems Safeguards Attestation Form must be completed every three years.
The U.S. Department of Commerce’s National Technical Information Service (NTIS), the governing body behind the DMF, can conduct both scheduled and unscheduled compliance audits and fine organizations up to $250,000 for noncompliance, with even higher penalties for willful violations. Due to the potential for substantial fines, it is important that entities be able to implement the appropriate systems facilities and procedures to safeguard the information.
How A-LIGN Can Help
A-LIGN is an ACAB that can attest to organizations’ systems and procedures in place. A-LIGN utilizes various published information security standards, including the AICPA SOC 2 and ISO 27001 to satisfy the rule’s audit requirements.
Since 2015, A-LIGN has been working to help our clients meet their DMF audit requirements, and has successfully submitted the appropriate attestation forms to NTIS, resulting in certification for our clients. We have extensive experience testing the controls required by LADMF and understand the certification process and requirements.