Testimony by Rajive Mathur,
Chief Information Officer & Deputy Commissioner Systems for Social Security Administration
House Ways and Means Subcommittee on Social Security

September 27, 2018

Chairman Johnson, Ranking Member Larson, and Members of the Subcommittee:

Thank you for inviting me to discuss modernizing information technology (IT) at the Social Security Administration (SSA). I am Rajive Mathur, SSA’s Chief Information Officer (CIO) and Deputy Commissioner for Systems.

Before beginning my testimony, I want to first take the opportunity to recognize Chairman Johnson for his leadership on this issue. For many years, you have stressed the importance of modernizing our information technology. Now, because of your and the Congress’s support, we are engaged in that effort. Our IT modernization program will have a tangible effect on the lives of those who are counting on Social Security. As you look back on your long career of public service accomplishments, I hope you count this achievement among your proudest. On behalf of all of us at the Social Security Administration, please let me congratulate you and wish you and your family the best in retirement.

Our Programs and Organization

Social Security touches the lives of nearly every American, whether at the birth of a child, the loss of a loved one, the onset of a disability, or the transition from work to retirement. For more than 80 years, our programs have provided a safety net for the public and have contributed to the financial security of the elderly and the disabled. In Fiscal Year (FY) 2018, we expect to pay over $1 trillion in benefits to Social Security beneficiaries and Supplemental Security Income (SSI) recipients. Each month, we pay, on average, more than 70 million Social Security beneficiaries and SSI recipients.

Our approximately 63,000 Federal employees and 15,000 State employees serve the public through a network of more than 1,200 field offices, a national toll-free number, eight processing centers, 52 State agencies that make disability determinations, and more than 160 hearing offices.
Every day, about 170,000 people visit and 250,000 people call one of our field offices. This FY, we expect to:

  • handle approximately 33 million calls on our National 800 Number;
  • complete over 5.8 million claims for retirement and survivor benefits, 2.3 million initial disability claims, 518,000 reconsiderations, and 759,000 hearing dispositions;
  • complete about 17 million original and replacement Social Security card applications; and
  • complete 890,000 full medical Continuing Disability Reviews and nearly 2.9 million SSI non-medical redeterminations.

We offer highly-rated online services for those who choose to do business with us online, and in FY 2017, the public completed 155 million transactions using our website.

In addition to our direct service to the public, we perform critical work that supports the efficiency and effectiveness of programs across the government. We process all employer wage reports (forms W-2) as an agent of the Internal Revenue Service (IRS), from which we obtain the earnings information we need to accurately calculate Social Security benefits, and information the IRS needs for tax administration. Last year we posted over 279 million earnings items to workers’ records.

In addition, when authorized by law, we share the data we maintain on beneficiaries and individuals with other Federal and State agencies, who use it to prevent improper payments, collect taxes, provide health insurance, and more. We have thousands of such data exchanges. In FY 2017, we performed more than 2.1 billion automated Social Security number verifications that, among other things, allow employers to more accurately report wages to us.

Information Technology at SSA

The scope of our programs is immense, and information technology is vital to nearly every aspect of the work we do to serve the public. IT allows our field office employees to collect pertinent information and perform complex benefit calculations; it provides for electronic storage and retrieval of medical records and other information; it protects the sensitive personal, benefits, and earnings information that we maintain; and it helps identify and prevent fraud and improper payments in our programs and across government.

Our IT program operates in a bi-modal environment. That is, we concurrently develop new IT capabilities, while providing stable access to our existing systems. We are continuously engaged in activities related to IT planning, building new capabilities or purchasing them from the private sector, and operating and protecting our current systems.1 I like to describe it as reengineering the plane while it’s in the air. Since becoming CIO, one of my focuses has been to ensure that we have sound governance and processes in place for each of these categories of activities, and that we are identifying and capturing metrics in each area so we can evaluate our performance.
Most of our core systems are over 30 years old. Over the years, we have modified and expanded their capabilities to keep up with changes in the law and in our regulations, policies, and business processes.

However, much of their underlying design was established when these systems were first built decades ago. For example, our core systems still rely on COBOL, a programming language that was created in the 1950s.
While these systems have performed capably––allowing us to provide uninterrupted services for many years––this old foundation limits what we can accomplish and our ability to adapt to changes, and has forced us to deliver IT functionality that gets the job done but does not keep up with either the public’s or our own employees’ expectations. It also makes our IT more expensive to maintain. Our total IT expenditures in FY 2017, including our staff and contractors, was about $1.8 billion, or about 14.6 percent of our total expenses, and the majority of that was used for the ongoing costs of maintaining our existing applications.

Many experienced employees in our IT workforce are approaching retirement age, especially those employees who are experts in handling COBOL. We will be losing the expertise of our existing systems that they have built up over time. Our newer employees are highly skilled and capable of maintaining our level of service, but many have not developed the in-depth knowledge of our existing systems that is necessary to add incremental improvements or help us recover if a significant software issue were to arise.

Modernizing our Information Technology

We have embarked on modernizing our entire IT program. Our five-year plan will modernize Social Security’s major systems using modern architectures; product investment techniques, such as agile software engineering methods; cloud provisioning; and shared services.2 The goals of our IT Modernization Plan are:

  • Improve Service to the Public through increasing online services, real-time processing, and having a more service-centric organization, technical structure, and overall better customer experience.
  • Increase the Value of IT for Business by increasing IT and data reliability, security, and enabling faster claim and post-entitlement decisions.
  • Improve IT Workforce Engagement by enabling a quicker path to fielding new capabilities, modernizing the development environment to improve productivity, and building a culture to attract new and retain our current top technology talent.
  • Improve Business Workforce Engagement by enabling better service with enhanced user-centric tools and the ability to move routine work through the systems quickly, enabling our workforce to focus more on the most challenging service needs.
  • Reduce IT and other Operating Costs through expanding shared services, the cloud, and Commercial Off-The-Shelf (COTS) packages, increasing benefits available through disciplined approaches and reuse of code, and encouraging innovation to improve operational efficiency.
  • Reduce Risk to Continuity of Operations by increasing awareness of cyber threats and capacity to defend against these threats, and by replacing time-worn systems with maintainable technology.

This initiative will transform all dimensions of SSA’s IT program, from our software, to our hardware and infrastructure, to the structure of our IT organization itself and the processes we use to procure and develop IT products. We will build a modern IT organization that is fast, accountable, competent, transparent, secure, and laser focused on understanding and meeting the needs of the public and our employees. It will involve not only modernizing our IT program, but also reengineering our business processes to improve the effectiveness and efficiency of our programs.

Our modernized systems will streamline processes in a user-friendly and intuitive way for our front-line employees. Automation will relieve employees of having to perform many of the routine tasks that today require manual entry and re-entry, which will reduce errors. Our employees will have a complete view of a person’s interactions with SSA, which will facilitate better and more consistent service. The system will facilitate completing transactions at the first point of contact by replacing overnight processing of transactions with real-time processing where possible. If real-time processing is not feasible, we will put in place better tools to test whether all the necessary information has been provided. Doing so will reduce the need to re-contact an individual for additional information and reduce the amount of manual rework, thus providing more efficient and responsive service to the public, while reducing administrative costs.

Our modernized systems will be less expensive to maintain and easier to update. IT modernization will put SSA in a better position to respond more quickly and less expensively to program changes and the evolving expectations of our employees and the American public. We will also be better able to integrate future technological advancements and data sharing with other agencies.

Modernizing Core Programmatic Business Processes

Our modernization plan addresses the redesign of core programmatic business processes, the technology that underlies them, and the methods we use to develop them. The programmatic systems work under IT Modernization is divided into six major business areas, or “domains.” Each domain has specific objectives and outcomes, as well as dedicated IT and business staff to plan and complete the work. Below is an overview of these programmatic domains:

  • Communications –We engage with the public through face-to-face field office visits, call centers, and by mail. This domain focuses on developing a comprehensive approach to how we connect with the public, which includes developing additional communications channels, updating communications systems and infrastructure, and ensuring that are communications are clear and concise.
  • Disability – Our existing disability systems are a collection of several, inter-related subsystems, each designed to facilitate a part of the disability determination process, from intake (in a field office or via the phone or internet) through hearings and appeals. This domain focuses on streamlining workflow and leveraging modern technology to support the full life cycle of a disability claim, in order to expedite and simplify processing, and improve service.
  • Title II – We have already made strides in modernizing our Title II system, which supports our Old Age, Survivors and Disability Insurance (OASDI) programs (commonly referred to as “Social Security”). This domain focuses on reducing operational and maintenance costs; providing additional safe, secure, and convenient online services; increasing automation; and reducing situations that require us to re-contact an applicant to obtain additional information.
  • Title XVI – In recent years, we have also made strides in modernizing our Title XVI system––which supports the SSI program, our means tested program for people who are blind, disabled, or aged 65 or older––by converting its database to a modern structure and replacing green screens with web-based interfaces. This domain focuses on building on that progress by automating more actions and adding more tools to reduce improper payments.
  • Earnings – This domain focuses on more quickly processing the millions of wage reports we receive each year and providing additional tools for employers to report and correct those reports. We will take advantage of new technologies to reduce maintenance costs, increase flexibility, and accelerate our development and deployment process.
  • Enumeration – This domain focuses on improving the methods our employees use to access, and the infrastructure behind, the “Numident,” which is our database of records concerning the Social Security numbers we have assigned. We will modernize user interfaces, update and automate business processes, and replace out-of-date technologies with a more robust infrastructure.

Modernizing Our Infrastructure

Our modernization plan also includes three technical domains to facilitate the programmatic systems changes I described above and allow us to maintain expected levels of service. Below is an overview of these technical domains:

  • Infrastructure – This domain focuses on modernizing the underlying technology and processes that enable the programmatic changes I described above. This includes modernizing the methods we use to develop IT products; using cloud technologies to improve availability, flexibility and cost effectiveness; and providing multiple alternative computing platforms for each modernized system to enable the optimal platform for each situation.
  • Data – This domain focuses on consolidating our data, using state-of-the-art approaches to simplify, organize and provide data and services to fully modernized systems, which can more effectively use data. Retiring legacy data sources and formats in favor of modern tools and techniques will optimize the way we store and process data, and improve data quality. Moreover, it will provide an integrated source of historical data for business intelligence and predictive analytics across the agency.
  • Cybersecurity – Cybersecurity is a top priority, and securing the systems and data we need to administer our programs is foundational to our modernization efforts. This domain is focused on addressing ongoing cyber threats and ensuring that data and business processes remain safe and secure. It involves incorporating security and privacy controls into our applications and the design of our IT environments and systems. It also involves adding security controls to address the risks inherent in our legacy applications, ensuring employees have access to resources appropriate for their role and job function, continuous monitoring, and a comprehensive integrity review process.

Focusing on Success

To achieve our IT modernization goals, we will invest $691 million over five years, including the $280 million that Congress appropriated in FY 2018. This dedicated funding has allowed us to increase the quality and accelerate the pace of delivering public-facing services.

This is a considerable investment, and successfully delivering on our plan is a top priority. Active and engaged leadership is critical for success, as any endeavor of this magnitude carries significant risks. In 2016, we established the Information Technology Investment Review Board (ITIRB), which governs SSA’S IT investment executive decision making and oversight process. As CIO, I chair the ITIRB, with the rest of the board consisting of the top executives for SSA components. Through the ITIRB, we ensure that investment proposals undergo rigorous planning, informed investment selection, transparent investment control, and relevant investment evaluation to provide the greatest benefit to SSA’s mission and to the taxpayer. For all investment proposals, the ITIRB process requires us to consider whether we can purchase COTS software or whether an internal build is required. It is important to note that when commercial software is available, in most cases we still need to do development work to integrate such software into our systems.

In addition to governing our regular IT investment decision making process, the ITIRB is engaged and focused on IT modernization. Furthermore, we have established a Program Management Office (PMO), led by a Chief Program Officer (CPO), with end-to-end accountability and associated decisional authority for delivering IT modernization. The CPO has built a PMO team with key resources from our systems and business components to oversee the functions required to execute the plan. The intent is to make sure the decisions and direction of the IT Modernization effort, along with potential impacts on other programmatic areas, are well coordinated and communicated throughout execution.

We have not only strengthened leadership and management oversight, but also changed the day-to-day processes by which we develop IT products. We have adopted a product investment approach, which places a premium on understanding the needs of customers (i.e. the public or our employees) and cross-component collaboration. Our product management teams continuously work to understand the customers, to successfully develop the IT products that meet their needs.

This approach includes transitioning away from using primarily the older, waterfall model to develop IT products. The waterfall method requires stakeholders to specify the software’s requirements up front before moving to software development, and traditionally involves less direct involvement between the customers and developers.

We are moving to a modern Agile IT development model. The Agile method consists of using iterative cycles of design and development to incrementally develop software components using small, self-managed teams comprising subject matter experts from across organizational component lines. The key feature of the Agile method is its focus on meeting the unique and constantly evolving requirements and expectations of the end user, using short time frames (or “sprints”) to develop software that is immediately shared with users for feedback.

We have successfully used Agile methods to develop products such as IMAGEN, which extracts information from medical evidence, and Insight, a decisional quality tool. In addition, we are using Agile methods to modernize a national system for disability case processing. This modern system will allow for the replacement of outdated, independently-operated legacy systems used by State agencies (the Disability Determination Services (DDS)) with a common, national disability case processing system (DCPS2). This modern, national system will simplify system support and maintenance, improve speed and quality of the disability determination process, and reduce administrative costs. In addition, it provides efficiency, consistency, and flexibility as we will be able to nationally implement software enhancements and modifications, including as required by evolving laws, regulations, and policy.

Currently, ten DDSs are using DCPS2 in production environments, and we will continue product development and rollout to additional DDSs in FYs 2019 and 2020. This year, we focused on increasing functionality, enabling users to process additional categories of disability claims. In January 2018, DCPS2 delivered core case processing functionality on schedule. Core functionality included adult and child case processing for both initial and reconsideration cases. Throughout FY 2018, we steadily have increased functionality, working closely with users to assess and prioritize release of bimonthly product increments.

Our Progress and Accomplishments

I am proud of the progress we have made in concurrently implementing our IT modernization plan and deploying new applications and enhancements, while maintaining the security and availability of our systems. I am happy to report that our IT modernization effort is on schedule and on budget. In addition, I want to share with you some examples of our other, recent IT accomplishments:

Programmatic Applications

  • SSI Modernization (February, May) – We eliminated green screens that employees use to document SSI claims information, and replaced them with modern web screens. This also eliminated the COBOL code supporting those screens.
  • Hearings and Appeals Case Management System (June) – We released the Case Analysis Tool to assist in the development, writing, and decision-making for hearing cases.
  • Insight (March, June, and August) – Initially developed for use in the Office of Appellate Operations, we subsequently deployed this decisional quality tool to all hearings offices.
  • IMAGEN (August) – We began testing an application that uses natural language processing and related technologies to extract relevant content from medical evidence of record (MER), which makes it easier for disability adjudicators to search, filter, and identify the necessary content for adjudicating disability claims.

Customer Service Tools

  • Click to Chat (Dec, May) – We introduced an option for my Social Security users to receive help from an employee via live chat.
  • Dynamic Help (May) – We upgraded to a modern knowledgebase in the cloud; improving our ability to proactively answer online customer questions.
  • Email Us (May) – We modernized our website’s “Contact Us” feature, which allows customers to submit general questions about SSA’s programs and services.
  • OAO iAppeals (June) – We provided claimants the ability to electronically file a Request for Review of a hearing decision.
  • myWageReport (January, June) – We enhanced our online wage reporting application to improve the user experience and allow disabled SSI beneficiaries and their representative payees to use the application.
  • Representative Payee (July) – We added functionality so that representative payees can submit accounting reports online.
  • Internet Social Security Number Replacement Card (August) – We continued to expand the availability of our online application for a replacement Social Security card to other States, bringing the total number of States in which its available to 31, plus the District of Columbia.

Data/Infrastructure

  • Continuing Death Data Improvement (March, April, May, June, July) – We addednearly 8 million dates of death to the Death Master File (DMF).
  • Quantum Leap – We increased the network bandwidth capacity of additional field offices,which increases computer speed and performance. Prior to upgrade, field offices havedownload speeds between 3 to 10 megabits per second (about as fast as a single iPhone 6 ona 4G network). The upgrade increases the download speed to 100 megabits per second. Weexpect to upgrade all offices by November 2018.
  • Releases on Time – Through June, we completed 96 percent of our scheduled releases ontime or early.
    In addition to our systems releases, I’m proud of the work we’ve done to engage and learn from the broader IT community, including the government and the private sector. In June, we hosted an IT Transformation Industry Day, where we provided an overview of our modernization plan and procurement process to 205 vendors. We also met with senior staff in Johns Hopkins Applied Physics Lab to learn from their work on automated intelligence, big data analytics, and other topics.

Finally, I want to give you an update on our progress in implementing Section 215 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (P.L. 115-174). As you know, this law requires us to develop a system that allows financial institutions and related entities to—after obtaining a person’s consent––verify the person’s name, Social Security Number, and date of birth in connection with a credit transaction.
We are working diligently on a number of fronts to implement this law as quickly as possible, including reaching out to the financial institution community as well as experts in privacy and security. We are also updating our regulations, and developing the user agreements, as well as developing the e-signature requirements for authorizing one’s consent to share personal data. We are also using this opportunity to look at ways we can improve our data exchange systems and processes.

Conclusion

Information technology is vital to nearly every part of the work we do to serve the American people. Our IT modernization plan will improve the efficiency and effectiveness of our service, allow us to keep pace with changing technology and expectations, and ensure that we can continue to safeguard the sensitive information entrusted to us. We are focused on successfully implementing our IT modernization plan. We appreciate the Subcommittee’s and the Congress’s support.

Appendix A – Maturing IT Towards the Target State

Image of Appendix A Chart on Maturing IT Towards the Target State

1 See Appendix A for an illustration of these activities.

2 My testimony summarizes our IT Modernization Plan. Our full plan is available on our website at https://www.ssa.gov/agency/materials/IT-Mod-Plan.pdf.