Transmitting Personally Identifiable Information (PII)

Definition of PII

PII is any information that can be used to distinguish or trace an individual’s identity either alone or when combined with other personal identifying information. PII includes but is not limited to:

  • Person's name or initials (e.g., John Doe, John D, JD)
  • Date of birth
  • Social Security Number (SSN)
  • Bank details
  • Home address
  • Phone number
  • Health records
  • Social Security benefit payment data

Sending PII to Social Security or the Ticket Program Manager (TPM)

ENs are prohibited from sending PII by email to Social Security and TPM, even if it is encrypted. The only exception is when ENs submit documentation to the Center for Suitability and Personnel Security (CSPS) as part of the Suitability process.

ENs must use any of the methods noted below to submit PII to Social Security or TPM:

  • Email: Send an email message using the Work Case (WC) number, which does not require sending PII, to  ENPaymentsHelp@yourtickettowork.ssa.gov
  • Fax: Send a fax message to  1-703-893-4020
  • Mail: Direct a memorandum to P.O. Box 1433, Alexandria, VA 22313
  • Call the Payments Help Desk: 1-866-949-9687 (Monday through Friday, 9 a.m. – 5 p.m. ET)

TPM will route all faxes and mail to the correct department. Please allow extra time for processing.

Best practices for faxing or mailing PII to TPM

  • Always use a cover sheet.
  • Include the EN name, Provider ID (PID) and the state in which you are located.
  • Include the subject and area of interest, for example: " Services and Supports Review".
  • Organize your documents so that all documents pertaining to one Ticketholder are grouped together.
  • If faxing, always print a confirmation sheet in case there are faxing issues.

Please contact ENservice@ssa.gov with any questions concerning the use of electronic systems for transmitting PII.

Sending PII to other (non SSA/TPM) email addresses

If EN employees are using the EN's own or any other non-SSA email system (e.g., Yahoo!, Gmail), they may send email messages transmitting PII only if the PII is entirely contained in an encrypted attachment. ENs may not include PII in the body of the email or in an unencrypted attachment. This procedure applies when emailing PII from a non-SSA system to any email address.

  • Note: This includes Ticketholder resumes. ENs can submit Ticketholder resumes through an employer website if the employer website is secure and encrypted (https).

ENs text messaging with beneficiaries

ENs are not permitted to send PII to Ticketholders via text message. SSA does not govern what Ticketholders send to ENs via text message.

Consequences for PII Violations

SSA will take the following actions against ENs that transmit PII through email to Social Security, TPM, or any unintended recipient.

First Violation

  • The Signatory Authority or Suitability Contact must send a statement to SSA describing how the EN will mitigate the PII security issue. 
  • SSA will remove the EN from ePay for three months or one ePay file, whichever comes first.
  • SSA will require the EN to complete a virtual refresher training on Properly Safeguarding Personally Identifiable Information.

Second Violation

  • The Signatory Authority or Suitability Contact must submit a PII quality control plan to ensure no further violations occur.
  • SSA will require that the EN participate in a call involving EN Leadership and SSA to discuss the quality control plan and consequences of a further violation.
  • SSA may remove the EN from ePay for one year.

Third Violation

  • Social Security may terminate the EN’s TPA due to noncompliance with the requirement to protect PII.