Privacy Act; Systems of Records

Privacy Act of 1974; System of Records

DATES:

The system of records notice (SORN) is applicable upon its publication in today's Federal Register , with the exception of the new routine uses, which are effective May 15, 2026.

We invite public comment on the routine uses or other aspects of this SORN. In accordance with the Privacy Act of 1974, we are providing the public a 30-day period in which to submit comments. Therefore, please submit any comments by May 15, 2026.

SUPPLEMENTARY INFORMATION:

We are clarifying the system location to clarify the offices in which we will maintain records and recognize that we may also maintain records in a cloud-based environment. We are modifying the system manager to reflect the accurate SSA office. We are expanding the authority for the maintenance of the system to include sections 702 and 1633 of the Social Security Act, as amended. We are expanding the purposes for which we may use the information in this system to include tracking opt-in and opt-out of electronic messaging selections. We are deleting vendor information from medical examiners or providers from the categories of records, as it is duplicative. We are also expanding the categories of records to include opt-in and opt-out of electronic messaging selections; information about a medical examiner or provider ( e.g., license number, license expiration date); and clarifying that the tax identification number for medical examiner or provider may also include Social Security number (SSN).

In addition, we are revising existing routine use Nos. 2, 3, 4, 10, 11, 12, 15, 17, 20, and 22 for easier reading. We are clarifying routine use No. 6 to explain when we are making disclosures to an individual when information about themselves or others, which is filed under someone else's SSN, affects the individual's entitlement to social security benefits or the amount of those benefits. We are expanding the entities listed in existing routine use No. 25 to include cooperative agreement awardees.

We are deleting sub-bullets (iv) and (v) of routine use No. 4 because we added a new routine use, which covers the intent of those sub-bullets and will permit disclosures to third parties, when an individual involved with a request needs assistance to communicate because of a hearing impairment or a language barrier ( e.g., to interpreters, telecommunications relay system operators). We are deleting sub-bullet (b) of routine use No. 10 because existing routine use No. 3 covers the intent of the sub-bullet, which permits disclosures to the Department of Justice (DOJ) for litigation purposes.

We are also adding two additional routine uses that will permit disclosures to the following:

• limited information to third parties, as necessary, to reach claimants, beneficiaries, and others SSA has a business need to reach related to records in this system, and
• the U.S. Department of the Treasury, to review SSA's payment and award eligibility through the Do Not Pay Working System for the purpose of identifying, preventing, or recouping fraud and improper payments when disclosure meets the requirements in 20 CFR 401.150(c).

Lastly, we are modifying the policies and practices for the retrieval of records to clarify that we will retrieve records by the medical examiner or provider's name and tax identification number. We are modifying the administrative, technical, and physical safeguards for easier reading. We are modifying the notice throughout to correct miscellaneous stylistic formatting and typographical errors of the previously published notice, and to ensure the language reads consistently across multiple systems. We are republishing the entire notice for ease of reference.

In accordance with 5 U.S.C. 552a(r), we provided a report to OMB and Congress on this modified system of records.

SYSTEM NAME AND NUMBER:

Electronic Disability (eDIB) Claim File, 60-0320

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

eDIB Claim Files are virtually established in SSA field offices when claims for benefits are filed, or a lead is expected to result in a claim (See Appendix E at https://www.ssa.gov/privacy/sorn/app_e.htm for field office locations).

Electronic records are maintained at: Social Security Administration, Chief Information Officer, National Computer Center, 6401 Security Boulevard, Baltimore, MD 21235.

Information is also located in additional locations in connection with cloud-based services and kept at an additional location as backup for business continuity purposes.

SYSTEM MANAGER(S):

Social Security Administration, Head of Disability Policy, Law and Policy, 6401 Security Boulevard, Baltimore, MD 21235, (410) 965-1727.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Sections 202-205, 216, 221, 223-226, 228, 702, 1611-1614, 1631, 1633, 1818, 1836, 1840 of the Social Security Act, as amended.

PURPOSE(S) OF THE SYSTEM:

We use the information in this system of records to:

• Pursue claims;
• Collect, document, organize, and maintain information and documents for making determinations of eligibility for disability benefits, benefit amounts, and the appropriate payee for benefits;
• Review continuing eligibility;
• Hold hearings or administrative review processes;
• Ensure that proper adjustments are made based on events affecting entitlement;
• Answer inquiries;
• Track opt-in and opt-out of electronic messaging selections; and
• Conduct quality review, evaluation, and measurement studies, and other statistical and research purposes. We may maintain extracts as interviewing tools, activity logs, records of claims clearance, and records of type or nature of actions taken.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system maintains information about claimants and those acting on their behalf, applicants, beneficiaries and potential claimants for disability benefits and payments administered by SSA. The system also maintains information about medical examiners and medical providers.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system maintains records related to the request for, or continuation of, benefit payments under Titles II and XVI of the Social Security Act. These records include, but are not limited to, the name, SSN, and date of birth of the claimant or potential claimant and may contain the application for benefits; supporting evidence and documentation for initial and continuing entitlement ( e.g., diagnosis, beginning and end dates of disability, basis for disability determination, copies of medical reports, work history, educational level, and reexamination date (if applicable)); date of application; payment documentation; correspondence to and from claimants or representatives; information about representative payees; information received from third parties regarding claimants' potential entitlement; beneficiary notice control (BNC) number; data collected as a result of inquiries and complaints or evaluation and measurement studies, which assess the effectiveness of claims policies; records of post-adjudicative actions entered directly into the computer processes ( e.g., reports of changes of address and work status); opt-in and opt-out of electronic messaging selections; and abstracts used for statistical purposes ( e.g., disallowances, technical denials, and demographic and statistical information relating to disability decisions).

The system may also include names and titles of persons making or reviewing the determination and certain administrative data as well as data relative to the location of the file and the status of the claim.

Finally, this system includes information about a medical examiner or provider, including but not limited to name, address, tax identification number, e.g., SSN or employee identification number (EIN), medical license number, license expiration date, and an indicator when the medical examiner or provider is listed on the Department of Health and Human Services Office of Inspector General's List of Excluded Individuals and Entities (LEIE). The LEIE identifies medical examiners or providers who may submit medical evidence to SSA that we cannot consider.

RECORD SOURCE CATEGORIES:

We obtain information in this system from claimants, beneficiaries, applicants, and recipients; medical examiners and providers; accumulated by SSA from reports of employers or self-employed individuals; various local, State, and Federal agencies, including from the LEIE; claimant representatives; and other sources that support factors of entitlement and continuing eligibility, ( i.e., information received from third parties regarding a claimant's potential entitlement or eligibility).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

We will disclose records pursuant to the following routine uses; however, we will not disclose any information defined as "return or return information" under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless authorized by statute, the Internal Revenue Service (IRS), or IRS regulations.

1. To the Office of the President in response to an inquiry from that office made on behalf of, and at the request of, the subject of the record or a third party acting on the subject's behalf.

2. To a congressional office in response to an inquiry from that office made on behalf of, and at the request of, the subject of the record.

3. To the DOJ, a court or other tribunal, or another party before such court or tribunal, when:

(a) SSA, or any component thereof; or

(b) any SSA employee in the employee's official capacity; or

(c) any SSA employee in the employee's individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) the United States or any agency thereof where SSA determines the litigation is likely to affect SSA or any of its components, SSA is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before the tribunal is relevant and necessary to the litigation, provided, however, that in each case, we determine that such disclosure is compatible with the purpose for which the records were collected.

4. To third party contacts ( e.g., employers and private pension plans) in situations where the party to be contacted has, or is expected to have, information relating to the individual's capability to manage the individual's benefits or payments, or the individual's eligibility for or entitlement to benefits or eligibility for payments, under the Social Security program when:

(a) The individual is unable to provide information being sought. An individual is considered to be unable to provide certain types of information when:

i. The individual is incapable or of questionable mental capability;

ii. The individual cannot read or write;

iii. The individual cannot afford the cost of obtaining the information; or

iv. The custodian of the information will not, as a matter of policy, provide it to the individual; or

(b) The data is necessary to establish the validity of evidence or to verify the accuracy of information presented by the individual, and it concerns one or more of the following:

i. The individual's eligibility for benefits under the Social Security program;

ii. the amount of the individual's benefit or payment; or

iii. any case in which the evidence is being reviewed as a result of suspected abuse or fraud or concern for program integrity, quality appraisal, or evaluation and measurement activities.

5. To third party contacts, where necessary, to establish or verify information provided by representative payees or payee applicants.

6. To an individual, when information about themselves or others, which is filed under someone else's SSN, affects the individual's entitlement to Social Security benefits or the amount of those benefits ( e.g., relevant records to an adversely affected beneficiary).

7. To employers, current or former, for correcting or reconstructing earnings records and for Social Security tax purposes.

8. To the U.S. Department of the Treasury for:

(a) collecting Social Security taxes, or as otherwise pertinent to tax and benefit payment provisions of the Social Security Act, including SSN verification services; and

(b) investigating alleged theft, forgery, or unlawful negotiation of Social Security checks.

9. To the United States Postal Service, for investigating the alleged theft or forgery of Social Security checks.

10. To DOJ, for the purposes of:

(a) investigating and prosecuting violations of the Social Security Act to which criminal penalties attach; and

(b) investigating issues of fraud or violations of civil rights by officers or SSA employees.

11. To the Department of State (DOS), for administration of the Social Security Act in foreign countries through facilities and services of that agency.

12. To the American Institute, a private corporation under contract to the DOS, for administering the Social Security Act in Taiwan through facilities and services of that agency.

13. To the Department of Veterans Affairs (VA), Regional Office, Manila, Philippines, for the administration of the Social Security Act in the Philippines and other parts of the Asia-Pacific region through services and facilities of that agency.

14. To the Department of Interior and its agents, for the purpose of administering the Social Security Act in the Northern Mariana Islands through facilities and services of that agency.

15. To State Social Security administrators, for administering agreements pursuant to section 218 of the Social Security Act.

16. To private medical and vocational consultants, for use in preparing for, or evaluating the results of, consultative medical examinations or vocational assessments which they were engaged to perform by SSA or a State agency, in accordance with sections 221 or 1633 of the Social Security Act.

17. To specified businesses and other community members and Federal, State, and local agencies for verification of eligibility for benefits under section 1631(e) of the Social Security Act.

18. To claimants, prospective claimants (other than the data subject), and their appointed representatives and those working with such representatives (including, but not limited to, partners, associates, and contractors) when the information pertains to the individuals whom the appointed representative is representing; and to representative payees, when the information pertains to individuals for whom they serve as representative payees, for the purpose of assisting us in administering representative payment responsibilities under the Social Security Act, to the extent necessary to pursue Social Security claims, and for the purpose of assisting them in performing their duties as payees, including receiving and accounting for benefits for individuals for whom they serve as payees.

19. In response to legal process or interrogatories relating to the enforcement of an individual's child support or alimony obligations, as required by sections 459 and 460 of the Social Security Act.

20. To Federal, State, or local agencies (or agents on their behalf) for administering income or health maintenance programs, including programs under the Social Security Act. Such disclosures include the release of information to the following agencies, but are not limited to:

(a) Railroad Retirement Board, for administering provisions of the Railroad Retirement and Social Security Acts relating to railroad employment, and for administering the Railroad Unemployment Insurance Act;

(b) VA, for administering 38 U.S.C. 1312, and upon request, for determining eligibility for, or amount of, veterans' benefits or verifying other information with respect thereto pursuant to 38 U.S.C. 5106;

(c) Department of Labor, for administering provisions of Title IV of the Federal Coal Mine Health and Safety Act, as amended by the Black Lung Benefits Act;

(d) State agencies for administering the Medicaid program;

(e) State agencies for making determinations of food stamp eligibility under the Supplemental Nutrition Assistance Program;

(f) State audit agencies for auditing State supplementation payments and Medicaid eligibility considerations; and expenditures of Federal funds by the State in support of the Disability Determination Services (DDS);

(g) State welfare departments pursuant to agreements with SSA, for administration of State supplementation payments; for enrollment of welfare beneficiaries for medical insurance under section 1843 of the Social Security Act; and for conducting independent quality assurance reviews of Supplemental Security Income recipient records, provided that the agreement for Federal administration of the supplementation provides for such an independent review; and

(h) State vocational rehabilitation agencies, State health departments, or other agencies providing services to disabled children, for consideration of rehabilitation services, per sections 222 and 1615 of the Social Security Act.

21. To the Social Security agency of a foreign country, to carry out the purpose of an international Social Security agreement entered into between the United States and the other country, pursuant to section 233 of the Social Security Act.

22. To the Department of the Treasury, IRS, for the purpose of auditing SSA's compliance with the safeguard provisions of the IRC of 1986, as amended.

23. To third party contacts (including private collection agencies under contract with SSA), for the purpose of their assisting us in recovering overpayments.

24. To the Department of Homeland Security, upon request, to identify and locate aliens in the United States pursuant to section 290(b) of the Immigration and Nationality Act (8 U.S.C. 1360(b)).

25. To contractors, cooperative agreement awardees, and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs. We disclose information under this routine use only in situations in which SSA establishes a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records with appropriate safeguards.

26. To the Department of Education, addresses of beneficiaries who are obligated on loans held by the Secretary of Education or a loan made in accordance with 20 U.S.C. 1071, et seq. (the Robert T. Stafford Student Loan Program), as authorized by section 489A of the Higher Education Act of 1965.

27. To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for SSA, as authorized by law, and they need access to personally identifiable information (PII) in SSA records in order to perform their assigned agency functions.

28. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary:

(a) to enable them to protect the safety of SSA employees and customers, the security of the SSA workplace, the operation of SSA facilities, or

(b) to assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operations of SSA facilities.

29. To the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906.

30. To another Federal agency or Federal entity, when SSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:

(a) responding to a suspected or confirmed breach; or

(b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

31. To appropriate agencies, entities, and persons when:

(a) SSA suspects or has confirmed that there has been a breach of the system of records;

(b) SSA has determined that, as a result of the suspected or confirmed breach, there is a risk of harm to individuals, SSA (including its information systems, programs, and operations), the Federal Government, or national security; and

(c) The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with SSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

32. To contractors, cooperative agreement awardees, State agencies, Federal agencies, and Federal congressional support agencies for research and statistical activities that are designed to increase knowledge about present or alternative Social Security programs; are of importance to the Social Security program or the Social Security beneficiaries; or are for an epidemiological project that relates to the Social Security program or beneficiaries. We will disclose information under this routine use pursuant only to a written agreement with us.

33. To third parties when an individual involved with a request needs assistance to communicate because of a hearing impairment or a language barrier ( e.g., to interpreters, telecommunications relay system operators).

34. Limited information to third parties as necessary to reach claimants, beneficiaries, and others SSA has a business need to reach related to records in this system.

35. To the U.S. Department of the Treasury, when disclosure of the information is relevant to review SSA's payment and award eligibility through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program. This routine use will be applied when disclosure meets the requirements in 20 CFR 401.150(c).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

We will maintain records in this system in electronic and paper form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

We will retrieve claim file records by SSN, name, or BNC number. We will retrieve medical examiner and medical provider records by name and tax identification number, e.g., EIN or SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

In accordance with NARA rules codified at 36 CFR 1225.16, we maintain records in accordance with approved agency-specific records schedule N1-047-05-001 and approved NARA General Records Schedule 5.2, items 010 and 020.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

We retain electronic and paper files containing personal identifiers in secure storage areas accessible only by authorized individuals, including our employees and contractors, who have a need for the information when performing their official duties. Security measures include, but are not limited to, the use of codes and profiles, personal identification number and password, and personal identification verification cards. We restrict access to specific correspondence within the system based on assigned roles and authorized users. We use audit mechanisms to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.

We annually provide authorized individuals, including our employees and contractors, with appropriate security awareness training that includes reminders about the need to protect PII and the criminal penalties that apply to unauthorized access to, or disclosure of PII (5 U.S.C. 552a(i)(1)). Furthermore, authorized individuals with access to databases maintaining PII must annually sign a sanction document that acknowledges their accountability for inappropriately accessing or disclosing such information.

RECORD ACCESS PROCEDURES:

Individuals may submit requests for information about whether this system contains a record about them by submitting a written request to the system manager at the above address, which includes their name, SSN, or other information that may be in this system of records that will identify them. Individuals requesting notification of, or access to, a record by mail must include: (1) a notarized statement to us to verify their identity; or (2) must certify in the request that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

Individuals requesting notification of, or access to, records in person must provide their name, SSN, or other information that may be in this system of records that will identify them, as well as provide an identity document, preferably with a photograph, such as a driver's license. Individuals lacking identification documents sufficient to establish their identity must certify in writing that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

These procedures are in accordance with our regulations at 20 CFR 401.40, 401.45, and 401.55.

CONTESTING RECORD PROCEDURES:

Same as record access procedures. Individuals should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:

Same as record access procedures. These procedures are in accordance with our regulations at 20 CFR 401.40, 401.45, and 401.55.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

85 FR 34477 (June 4, 2020), Electronic Disability Claim File.

89 FR 14554 (February 27, 2024), Electronic Disability Claim File.

[FR Doc. 2026-07300 Filed 4-14-26; 8:45 am]

BILLING CODE 4191-02-P