Jump to content

Is it safe to assign my ERE login credentials to other parties?


Recommended Posts

The practice of assigning user login credentials to the Social Security Administration's (SSA) Electronic Records Express (ERE) portal to third-party companies is a serious violation of the SSA's Terms of Service (TOS). Not only does it undermine the security of the SSA's systems, but it also creates an unnecessary risk of identity theft and fraud.

The ERE portal is a secure online system that allows users to access and manage their client's Social Security records. This includes information such as Social Security numbers, income, medical, and other personal information. For this reason, it is imperative that access to the system be limited to only those who are authorized to access the information. By allowing third-party companies to access the ERE portal, the security of the system is compromised and the risk of identity theft and fraud increases. The SSA's TOS explicitly states that no user may share their login credentials with anyone else. By assigning user login credentials to third-party companies, the assignors are in direct violation of the SSA's TOS. This practice carries serious legal penalties, including fines and potential criminal prosecution.

This kind of data abuse happens more often than you may think, even inside the SSA. There are frequent reports of employees using identity theft and other fraudulent activity to steal monies from clients. Even with all of the internal controls the agency has, organize theft can go on for years undetected. Despite the regular prosecution of abusers,  the SSA OIG is constantly discovering new criminal activity with the agency. Outside vendors are not subject to the same oversight and scrutiny that SSA's staff are. There is no telling how much fraud and abuse has taken place since these vendors started operating in the space.

It is understandable that you may want to grant access to third-party companies in exchange for value added services, but that is not authorized by SSA.  The problem is, these companies are not regulated or audited by the SSA and, as such, represent a major security risk. Unregulated 3rd party vendors could also retain and store copies of your client's records indefinitely without your knowledge. Once the vendors have your client's records, you have no idea who else can internally or externally access your data and how strong their security measures are. Your security is only as strong as the weakest link.

In conclusion, assigning your ERE login credentials isn't just a bad idea, its illegal. This is a serious violation of the SSA's TOS and those who knowingly or negligently engage in this practice could face serious legal consequences, especially if a breach were to occur to one of these vendors. If that were to happen, you and your firm could face legal penalties for violating SSA's TOS.

Link to comment
Share on other sites

  • Admin unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...