With total improper payments across all agencies estimated at $2.4 trillion since 2003, including $247 billion in FY 2022 alone, the federal government has been seeking new solutions to address this costly problem. As we learned from fraud and improper payment expert Linda Miller, CEO of Audient Group, LLC, in part one of the Government Spending series, government agencies have made significant improvements in reining in improper payments over the last two decades through new legislation, reporting requirements, and transparency initiatives, but there’s still significant work to be done. In part two, we delve into the critical solutions that support payment integrity and could reshape the challenges of improper payments.
How Interagency Data Sharing Could Help with Informed Decisions
For federal agencies, the struggle with payment integrity is closely tied to the inability to verify crucial information. In a recent Federal News Network podcast, Renata Miskell, Treasury Deputy Assistant Secretary for Accounting, explained, “In FY 2022, [the Government Accountability Office (GAO)] reported that improper payments have decreased, at least since last year. That’s a very positive thing, however, the root cause of the payments still continues to be lack of access to data and an inability to use the data in the right way to prevent the improper payment because of some of the hurdles that exist.”
Despite previous concerns, agencies are finally beginning to consider “interagency data sharing to help make better decisions and improve payment integrity,” Brett Barganz, Public Sector Senior Principal, Verizon, explained in an interview with Government Technology Insider. As an example of how this could help agencies make more informed decisions, Barganz discussed childcare tax credits and the Treasury Department. As the system is set up currently, if two divorced parents living in separate households apply for the credit, there may be no verification to see who is primarily responsible for the child. Using data shared between agencies, the IRS could potentially verify with the Department of Health and Human Services whether one parent is receiving a childcare subsidy, which can help identify which parent is entitled to the credit and avoid an improper payment. While this is just one example, this practice can have far-reaching consequences when applied across the federal government.
In December 2023, the Treasury Bureau of the Fiscal Service, which handles approximately 90 percent of all federal payments, will gain access to the Social Security Administration’s Death Master File in further efforts to increase interagency data sharing and payment integrity. While Miskell said the bureau will have access to the database for three or four years through the Do Not Pay portal, the goal is to convince lawmakers to make it permanent. “It’s actually really challenging to get access to that full Death Master File, both in terms of costs, and because of privacy and security reasons. So, it’s really all about breaking through some of those complex challenges and making it easy to do the right thing–protecting privacy, protecting security, but also enabling access to those key data sources,” Miskell said.
Securing Data for Effective Collaboration
Historically, agencies have been hesitant to collaborate on data sharing because of concerns about data security and integrity. In the digital age, safeguarding sensitive information is a top priority and, as much as agencies have advanced in their security measures, so have the bad actors advanced their capability to breach those safeguards. With employees more distributed as hybrid work becomes more common, the attack surface continues to expand. Agencies must work hard to protect data at rest and in motion, in the data center, in the cloud, and at the edge. This is where innovative solutions involving private connections come into play to ensure that data is secured at all times.
Networks that use the public internet are susceptible to cyber threats, which pose significant risks to data security. By establishing secure, private networks, agencies can exchange information with confidence, knowing that their data is better protected from potential threats. Scott Andersen, Federal Solutions Architect at Verizon, said when the Cybersecurity and Infrastructure Security Agency (CISA) released their most recent directive for agencies in June with the message as Andersen paraphrased, “thou shalt not use public internet.” He said it’s a good thing that CISA guidance is beginning to help steer agencies away from the public Internet in a move to more secure private connections. To do this, they must have the right technologies, for example, circuits that will “empower how they use the internet.” In the end, the problem isn’t just having a private connection, for true payment integrity, there needs to be a private connection to other government agencies and to banks,” Andersen added.
While data sharing is the solution, agencies must also ensure Zero Trust architecture is embraced and in place. This is vital not only to sharing data with other agencies, but within agencies as employees work more remotely. Barganz discussed how agencies can achieve this through secure web gateway technology and Zero Trust technology that helps protect end-user devices and connections, as well as private networks that share data completely separate from the public internet, from mobile device or home office. “When Zero Trust technology is implemented, we are essentially encrypting all communications that goes from any device being used at home all the way to the point where they are accessing data and back. We also authenticate both user and device at the point they try to access any application, and throughout their session with that application. Finally, we prevent data loss through policies designed to detect and prevent sharing any sensitive information (for example, a Social Security number).”
Agencies can create private connections using a secure cloud fabric that allows them to route data through a private network. Private networks are more challenging to hack than virtual private networks (VPNs) that send encrypted data over the public internet. This is because “hackers can access the encrypted data, potentially pull down the information that you’re sending, put it someplace and keep it until a few years down the road when this quantum decryption technology is available. All the information that was decrypted that the hackers set aside, they may be able to use quantum decryption to open all that data in the future.” Andersen followed-up, emphasizing, “we are ahead now with quantum, but that’s not necessarily going to be the case for long as hackers don’t have to follow the rules.”
In the ongoing quest for payment integrity, federal agencies are constantly learning and evolving. They are in the early stages of harnessing the power of data sharing and adopting secure data exchange solutions to enhance payment integrity. With a secure, private connection that allows for interagency data sharing, identifying fraud, waste, and abuse, as well as duplicate payments and overpayments will be a far simpler proposition and help address the problem of improper payments. The benefits to this type of collaboration make it vital to figure out how to properly share this information so personally identifiable information (PII) is protected, data is protected at rest and in motion, and payment integrity is achieved.
To learn more about how agencies can privately share data through a secure cloud fabric, click here.