What is the LADMF?
Healthcare organizations must access the LADMF to keep records up to date and prevent fraud. LADMF stands for Limited Access Death Master File, it is a database maintained by the Social Security Administration and contains over 86 million records on deceased individuals. This online file has many uses, but it is primarily used to verify death by a variety of users, including medical researchers, hospitals, oncology programs, investigative firms, insurance organizations, etc.
In November of 2016, the US National Technical Information Service (NTIS) established a certification program for those seeking access to the Limited Access Death Master File (LADMF). Entities requesting access to the LADMF must be assessed by an independent third party known as an Accredited Conformity Assessment Body (ACAB). Individuals and entities are obligated to submit an attestation form filled out by an ACAB to prove that the appropriate systems, facilities, and procedures are in place to safeguard information and maintain its confidentiality and security. The creation of this program was due to the sensitive nature of the information coupled with an effort to prevent identity theft and fraud.
Verify Information Safety
For covered entities or business associates, to prove they have the appropriate safeguards in place to view the LADMF, they must complete a HIPAA Security Risk Analysis (SRA) or other methodology and criteria such as ISO/IEC Standard 27006-2011 or AICPA SOC 2, prior to requesting access. An SRA accurately displays an organization’s safeguards and subsequent remediation plan to correct any deficiencies sorted by risk. By completing an SRA, healthcare organizations prove their commitment to properly securing sensitive information and building an overall “culture of compliance” within their workforce.
At HIPAA One, we utilize the Office for Civil Rights HIPAA Audit Protocol and NIST methodologies when conducting a HIPAA Security Risk Analysis pursuant to 45 CFR 164.308(a)(1)(ii)(A) for the purposes of satisfying the assessment requirements set forth in 15 CFR Part 1110 in connection with the review and issuance of a Systems Safeguards Attestation Form to our clients as required by the National Technical Information Service.
HIPAA One is an Accredited Conformity Assessment Body
At HIPAA One, we are happy to offer our services and act as an independent third party Accredited Conformity Assessment Body as required by 15 CFR Part 1110, (ACAB) free of charge for clients that have completed their SRA using the HIPAA One software. To be more specific, for these clients we can submit an LADMF Systems Safeguards Attestation Form (FM100A) to the National Technical Information Service as required under 15 CFR Part 1110. We are however unable to assume that role for clients who conducted an SRA independently or without using our software; however, If your organization meets our requirements and you would like us to act as your accredited assessment body, please use this form to connect with us to discuss options.
In summary, the following steps should be completed prior to sending HIPAA One the DMF attestation form:
- Step One – Complete the HIPAA Security Risk Analysis (SRA)
- Individuals and entities are obligated to prove that the appropriate systems, facilities, and procedures are in place to safeguard information and maintain its confidentiality and security. You can do so by completing a HIPAA Security Risk Analysis.
- Step Two - Pay the Fee
- The US National Technical Information Service requires an annual payment of $2,390.00 for processing the LADMF Subscriber Certification Form. Additionally, every three years a processing fee is required to have access to the LADMF ACAB Systems Safeguards Attestation Form.
- Step Three - Complete Subscriber Form
- After the payment has been accepted, complete and submit the LADMF Subscriber Certification Form. Certification must be renewed each year.
- Step Four - Order Number Assigned
- Each organization is assigned a specific order number which will be used on the ACAB Systems Safeguard Attestation Form.
- You will need to provide HIPAA One with the NTIS Invoice/Processing Fee Number, the Attestation Order Number, and the NTIS Customer Number.
- Step Five - Form Completed
- HIPAA One will fill out and submit the ACAB form free of charge and submit the form on behalf of the client.