GAO: Better guidance needed on Computer Matching Act
OMB needs to be more consistent if the law is to achieve its purpose of avoiding waste and duplication, a new report says.
What: A report on agencies' efforts to share information under the Computer Matching Act, produced by the Government Accountability Office in response to a request from several lawmakers on the Senate Homeland Security and Governmental Affairs Committee.
Why: According to GAO, the Office of Management and Budget is failing to provide agencies with consistent guidance on how to comply with the demands of the Computer Matching Act, which comes into play when federal agencies seek to analyze data across systems to catch improper or duplicate payments made via government benefit programs.
Matching programs governed by the act include E-Verify, which employers use to make sure new hires are eligible to work in the United States, and the Secure Flight program, which checks airline passenger manifests against the government's No Fly List. However, as the report notes, "without adequate protection, individuals' information could be compromised through inappropriate use, modification or disclosure."
A law enacted in January 2013 exempts one key government dataset, the Social Security Administration's Death Master File, from the Computer Matching Act's oversight. Other exemptions are designed to prevent prison inmates from collecting benefits and keep medical providers from receiving fraudulent payments under Medicare and Medicaid.
Agencies are subject to strict rules when it comes to forging matching agreements with other agencies, including details on the data, the purpose, expected cost savings, provisions for guaranteeing the integrity and accuracy of the data, and a description of how the security of records is to be maintained. Congress and OMB must be notified, and notice of the agreement must be published in the Federal Register.
Although OMB is responsible for issuing guidelines for complying with the administrative rules for matching agreements, the GAO report indicates that there is no current checklist for agencies to follow. Officials at three agencies indicated that they used a 1986 GAO report on computer agreements as a guide to complying with the law. "OMB has provided little assistance to agencies in implementing the act, which may contribute to inconsistent implementation," GAO auditors wrote.
Verbatim: "OMB guidance does not resolve questions about what types of matching are covered by the act, as well as how to assess costs and benefits, resulting in confusion among the agencies. Without clearer guidance and assistance from OMB, the agencies we reviewed are likely to continue implementing the act inconsistently and potentially conducting computer matching programs that are neither cost-effective nor protective of privacy, as provided for by the act."
Full report: GAO.gov