Admin Posted February 14 Share Posted February 14 The practice of assigning user login credentials to the Social Security Administration's (SSA) Electronic Records Express (ERE) portal to third-party companies is a serious violation of the SSA's Terms of Service (TOS). Not only does it undermine the security of the SSA's systems, but it also creates an unnecessary risk of identity theft and fraud. The ERE portal is a secure online system that allows users to access and manage their client's Social Security records. This includes information such as Social Security numbers, income, medical, and other personal information. For this reason, it is imperative that access to the system be limited to only those who are authorized to access the information. By allowing third-party companies to access the ERE portal, the security of the system is compromised and the risk of identity theft and fraud increases. The SSA's TOS explicitly states that no user may share their login credentials with anyone else. By assigning user login credentials to third-party companies, the assignors are in direct violation of the SSA's TOS. This practice carries serious legal penalties, including fines and potential criminal prosecution. This kind of data abuse happens more often than you may think, even inside the SSA. There are frequent reports of employees using identity theft and other fraudulent activity to steal monies from clients. Even with all of the internal controls the agency has, organize theft can go on for years undetected. Despite the regular prosecution of abusers, the SSA OIG is constantly discovering new criminal activity with the agency. Outside vendors are not subject to the same oversight and scrutiny that SSA's staff are. There is no telling how much fraud and abuse has taken place since these vendors started operating in the space. It is understandable that you may want to grant access to third-party companies in exchange for value added services, but that is not authorized by SSA. The problem is, these companies are not regulated or audited by the SSA and, as such, represent a major security risk. Unregulated 3rd party vendors could also retain and store copies of your client's records indefinitely without your knowledge. Once the vendors have your client's records, you have no idea who else can internally or externally access your data and how strong their security measures are. Your security is only as strong as the weakest link. In conclusion, assigning your ERE login credentials isn't just a bad idea, its illegal. This is a serious violation of the SSA's TOS and those who knowingly or negligently engage in this practice could face serious legal consequences, especially if a breach were to occur to one of these vendors. If that were to happen, you and your firm could face legal penalties for violating SSA's TOS. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.