Privacy Impact Assessment for the Staged Accident Data Mining Initiative
March 2008

Contact Point
 Financial Crimes Intelligence Unit
Federal Bureau of Investigation

Reviewing Official
Vance Hitch
Chief Information Officer
Department of Justice

Approving Officials 
David C. Larson
Privacy and Civil Liberties Officer
Federal Bureau of Investigation

Kenneth P. Mortensen
Acting Privacy and Civil Liberties Officer
Department of Justice
 (202) 353-0078

INTRODUCTION

The FBI has jurisdiction with respect to the investigation and prosecution of mail and wire fraud, including insurance fraud claims arising from automobile accidents. In order to pro-actively identify national fraud trends in automobile accident insurance claims, the FBI initiated a liaison effort with the National Insurance Crime Bureau (NICB) in order to obtain data from the NICB Claimsearch database. The initiative, directly supported by the FBI Directorate of Intelligence’s Financial Crimes Intelligence Unit (FCIU), is named the Automobile Accident Insurance Fraud Initiative (AAIFI, or “Staged Accident”). The goal of this initiative is to identify and analyze information regarding potential and ongoing staged accident cases and schemes as well as other automobile insurance fraud schemes.

In the regular course of business, NICB analysts review claims in order to discover and analyze claim and fraud trends. Subsequently, NICB began to provide the FBI with data from the Claimsearch database that NICB analysts had determined to be suspicious in nature. The FBI’s use and analysis of data provided by the NICB enables the FBI to more efficiently direct investigations and allocate resources to automobile accident fraud investigations.

The Staged Accident initiative does not involve an identifiable database that would constitute an information system. Rather, information is simply forwarded to the FBI’s FICU from the National Insurance Crime Bureau (NICB), a not-for-profit organization supported by property and casualty insurance companies targeting insurance crimes, via Word document after analysis and sanitation by NICB. The data transferred from NICB identifies, in list form, individuals or groups of individuals suspected of making suspicious or staged automobile accident claims within the Area of Responsibility (AOR) of the Field Office initially participating in the pilot project. The list of individuals forwarded to the FBI by NICB also includes any identifiers known to NICB as a result of the claims process, such as the name, address, date of birth of the claimant and any injured parties, as well as the name and address of any treating physician or attorney associated with the claim. The data forwarded by NICB, in conjunction with data obtained from FBI databases and open sources, is then transmitted to the appropriate FBI Field Office for appropriate follow-up. While the Staged Accident initiative is presently limited to one field office, it may be expanded to additional field offices in the future.       

1.1    What information is to be collected?

Pursuant to 18 U.S.C. sections 1341 and 1343, the FBI is authorized to investigate fraud schemes by mail or wire, including insurance fraud, and collect information relevant to such investigations.  In the initial stages of this initiative,  c laims data specific to the AOR of the Field Office participating in the pilot project was  and may   collected by NICB member companies and submitted to NICB’s Insurance Service Office (ISO) Claimsearch database.  This data was  then analyzed by NICB analysts using fraud indicators established by NICB and its member companies to determine  which claims were suspicious in nature and related  to staged automobile accidents.  Thus, to the extent this initiative constitutes data mining, the mining was performed by the NICB before the data was provided to the FBI.  The individual data, consisting of claimant and insured personal identifiers such as names, addresses, dates of birth, and social security numbers, was then forwarded by NICB to the FBI, along with a brief description of the claim submitted.  The Personally Identifiable Information (PII) provided by NICB to the FBI is the same PII provided by an individual to his/her insurance company when filing a claim. 

1.2    From whom is the information collected?

Information pertaining to automobile accident insurance claims is initially collected by NICB from its member insurance companies.  That data is then incorporated into the NICB Insurance Services Office (ISO) Claimsearch database, a repository of claims-related data submitted by NICB members.  The ISO database includes property and casualty claims submitted by policyholders.  While the FBI is not permitted direct access to the Claimsearch database, NICB analysts extract possible fraudulent claims data within the AOR of the initial Field Office participating in the project.

The FICU also compares the claims data forwarded by NICB to open source material such as Lexis/Nexis (to identify any existing additional public information regarding underlying claims, if available) and to information in FBI databases such as the Automated Case Support (ACS) system and the Investigative Data Warehouse (IDW), to determine if individuals identified by NICB have previously been of investigative interest to the FBI.  The FBI also reviewed information in the Chiropractic Information Network/Board Action Databank (CIN-BAD), maintained by the Federation of Chiropractic Licensing Boards, which contains information on chiropractors who have been the subject of public disciplinary actions taken by chiropractic licensing boards or excluded from eligibility for Medicare/Medicaid reimbursement by the United States Department of Health and Human Services (HHS).  Information provided by NICB was also compared with Medicare billing information for medical providers contained in the Health Care Information Services (HCIS) databases, maintained by HHS’ Centers for Medicare and Medicaid Services (CMS).

Section 2.0
The Purpose of the System and the Information Collected and Stored within the System.

2.1    Why is the information being collected?

The information collected and identified by the NICB is provided to the FBI in order to assist the FBI in the investigation and prosecution of mail and wire fraud, including insurance fraud claims arising from automobile accidents.  Information from the NICB Claimsearch database is reviewed by NICB analysts in order to discover and analyze claim and fraud trends.  Information deemed by NICB analysts to be suspicious is forwarded to the FCIU.  The FBI’s use and analysis of data provided by the NICB enables the FBI to more efficiently direct investigations and allocate resources to automobile accident fraud investigations.

Section 3.0
Uses of the System and the Information

3.1    Describe all uses of the information.

The information provided by NICB will be used to identify potential staged accident insurance claims in order to open investigations into cases of possible health care and insurance fraud.  The data received from NICB is cross-referenced by FBI personnel with data in FBI indices such as Automated Case Support (ACS) and Investigative Data Warehouse (IDW).  Open sources such as Lexis/Nexis may also be used if necessary to verify data.  Positive search hits in FBI indices are analyzed for potential heath care fraud or other links to criminal activity and are then incorporated with the original information provided by NICB into a single analytical product which is sent to the FBI Field Office initially participating in this initiative.  The Field Office evaluates the information and pursues additional investigative action as warranted.  Since the information forwarded by FCIU is included in the FBI’s Central Records System (CRS) and uploaded into ACS, the information is subject to access by other FBI employees.  However, access to both CRS and ACS is subject to FBI information systems access and security controls, including monitoring and access audits.        

Section 4.0
Internal Sharing and Disclosure of Information within the System

4.1    With which internal components of the Department is the information shared?

The information received from NICB is shared with personnel in the FBI’s FCIU, as well as with managers and personnel assigned to the FBI Field Office participating in this initiative.  The information may also be provided to personnel within the appropriate U.S. Attorney’s Office for purposes of prosecution. 

Section 5.0
External Sharing and Disclosure

5.1    With which external (non-DOJ) recipient(s) is the information shared?

The information provided by NICB will not be shared outside of the FBI or the Department of Justice.  The FBI does not, for example, provide the analytic product prepared by FCIU to the NICB.

Section 6.0
Notice

6.2    Do individuals have an opportunity and/or right to decline to provide information?

Individuals whose information is collected by the NICB and provided by the NICB to the FBI do not have the opportunity to refuse to allow NICB to forward their claim information to the FBI.  Based on general insurance industry practice, and subject to the provisions of any individual insurance contract, individuals are generally required to provide their insurance carrier with information necessary to process a claim.  Failure to provide an insurance carrier with claim-related information may result in denial of that claim.
Before such information is provided by NICB to the FBI, the information is first reviewed by NICB personnel.  Only data indicating possible fraudulent automobile accident insurance claims is forwarded to the FBI.     

6.3    Do individuals have an opportunity to consent to particular uses of the information, and if so, what is the procedure by which an individual would provide such consent?

Individuals who are the subject of information provided to the FBI by the NICB do not have the opportunity to consent to specific uses of that information by the FBI, as that information is used for law enforcement investigative purposes. 

Section 8.0
Technical Access and Security

8.9    Privacy Impact Analysis: Given access and security controls, what privacy risks were identified and describe how they were mitigated.

It should be noted that the FBI does not have direct access to personally identifiable information in the control of NICB.  The principal privacy risks identified with respect to Staged Accident were unauthorized access to, or disclosure of, personally identifiable information acquired by the FBI from the NICB.  The information provided by NICB to the FICU is forwarded via the Law Enforcement Online (LEO) secure e-mail system.  LEO utilizes a virtual private network (VPN) to ensure the security of information; e-mail messages are encrypted and routed across a private circuit.  Access to the e-mail system requires a valid user name and password and access and use of LEO is subject to monitoring and audit.  Once the NICB data has been received by the FBI, FBI technical and personal security measures apply to the information in order to prevent the unauthorized access to, or disclosure of, personally identifiable information.  To the extent the information received from NICB exists in an electronic form, it is stored within the FBI’s secure computer system on the hard drive of an FICU employee supporting the initiative.  Access to the employee’s hard drive requires the appropriate username and password.  To the extent that the information is incorporated with other FBI information and sent to the field, it is considered law enforcement sensitive information; access to such products is restricted to FBI employees with a need to know, such as field office personnel investigating insurance fraud and personnel within FCIU and CID directly supporting the Staged Accident initiative.  Access to the FBI’s secure computer system requires a valid user name and password; access to the system is subject to monitoring and the system has a robust audit capability.    

CONCLUSION

The goal of the Staged Accident initiative is to identify and analyze information regarding potential and ongoing staged automobile accident cases and schemes as well as other automobile insurance fraud schemes while also protecting individual privacy and complying with privacy laws.  These issues were analyzed and discussed by the FICU, HCFU and the NICB as the initiative was developed.  As a result of these discussions, access to the NICB information provided to the FBI is restricted to authorized FBI personnel for law enforcement purposes.  Access to the information by FBI personnel is subject to user verification and audit logs are maintained.

This initiative employs data mining technology to identify individuals or groups of individuals suspected of making  suspicious or staged automobile accident claims within the Area of Responsibility (AOR) of the Field Office initially participating in the pilot project.  The data mining is, however, carried out by the NICB before the data is forwarded to the FBI in the form of a Word document.  The PII transferred to the FBI by NICB is limited to the same data a claimant provides when submitting a claim.  Thus, this initiative uses data mining technology indirectly and limits access to PII to those elements already provided in claims.  Privacy risks have been mitigated by limiting information forwarded by NICB to the FBI and then by the FBI’s restricting access to, and monitoring the use of, the information received from the NICB.

Approval Signature Page 

_____/S/________03/10/2008_________ 

            David C. Larson
Acting Deputy General Counsel and
FBI Privacy and Civil Liberties Officer 

_____/S/________05/05/2008_________ 
Kenneth P. Mortensen
Acting Privacy and Civil Liberties Officer
Department of Justice

   This initiative was included in the Department of Justice’s Report on Data-Mining Activities Pursuant to Section 126 of the Patriot Improvement and Reauthorization Act of 2005, which was forwarded to the Congress in July, 2007.  That report indicated that a Privacy Impact Assessment would be completed for this initiative.