Skip to main content

Medicaid.gov Privacy Policy

Privacy Information Regarding Third-Party Services

SMS Terms and Conditions and Privacy Policy 
Types of information we collect 
How CMS uses information collected on Medicaid.gov 
How CMS uses cookies & other technologies on Medicaid.gov 
Your choices about tracking & data collection on Medicaid.gov 
How CMS uses third-party websites & applications with Medicaid.gov 
How CMS protects your personal information 
How long CMS keeps data & how it’s accessed 
Children & privacy on Medicaid.gov 
Links to other sites 
Additional privacy information

Protecting your privacy is very important to us. This privacy policy describes what information we collect, why we collect it, and what we do with it.  This privacy notice covers Medicaid.gov and data.Medicaid.gov.  These websites are referred to as “Medicaid.gov” throughout the rest of this notice and are maintained and operated by the Centers for Medicare Medicaid Services (CMS).  

Medicaid.gov doesn’t collect name, contact information, or other similar information through these websites unless you choose to provide it. We do collect other, limited, non-personally identifiable information automatically from visitors who read, browse, and/or download information from our website. We do this so we can understand how the website is being used and how we can make it more helpful. For more information, see Types of information we collect.

Personally identifiable information (PII), defined by the Office of Management and Budget (OMB), refers to information that can be used to distinguish or trace an individual's identity, like their name, Medicare Number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, like date and place of birth, mother’s maiden name, etc. Medicare Fee-for-Service eligibility and enrollment information and claims data are considered protected health information (PHI) under the Health Insurance Portability and Accountability Act (1996) (HIPAA) regulations.

We don’t sell any information you provide when you visit Medicaid.gov. For information on how we share information, see How CMS uses information collected on Medicaid.gov.

 

SMS Terms and Conditions and Privacy Policy

Terms and Conditions 

The Center for Medicare & Medicaid Services (CMS) is committed to building user trust and confidence by promoting and complying with the use of practices that help protect the privacy and the security of the customer and their respective data. You can review our combined Privacy Policy below concerning the CMS Community Engagement Outreach Campaign.  

CMS is conducting an outreach campaign using certain non-medical data you provided during your application for certain public benefits. This outreach campaign is intended to inform you of upcoming community engagement requirements for Medicaid. These messages are for informational purposes only and do not determine or change your Medicaid eligibility, benefits, coverage, or enrollment status.

This document will explain how we will use the information you provided to us as well as other terms and conditions. 

These SMS Texting Terms and Conditions (“Terms and Conditions”) and Privacy Policy apply when you provide prior consent to receive text messages with information about Medicaid eligibility from local governments, governmental contractors, and managed care entities when acting under contract and pursuant to the authorization and direction of a federal or state agency. Text messaging from Medicaid may include one-time or recurring outreach texts related to benefits, programs, products, services, tools, and/or general health information. Outreach text messages about Medicaid will be sent to your mobile number using an automatic dialing system. Message and Data rates may apply. Text messaging may not be available via all carriers. You will receive no more than 10 messages per month. If you have any questions about your message or data plan, contact your wireless service provider.

By providing your telephone number to your state’s Medicaid program, you consent to receiving text messages related to enrollment in Medicaid from CMS at the telephone number(s) that you provide and by consenting, you agree to be bound by these Terms and Conditions and Privacy Policy.

CMS offers this outreach program whereby CMS, and any applicable service providers, will text message you to provide you with information related to eligibility for Medicaid. 

You also acknowledge that you are the current wireless service plan subscriber and/or an authorized user of the mobile phone number(s) that have been linked to your account or you have been granted permission by the wireless service plan subscriber and/or authorized user of the mobile phone number(s) to enroll the mobile phone number(s) in this service. 

You grant CMS permission to send automated text messages about Medicaid eligibility to the enrolled mobile phone number(s) through your wireless phone carrier unless and until such permission is revoked in accordance with these Terms and Conditions. You are not required to agree to receive text messages to receive any service from CMS. 

Your privacy is important to us. Your private information is not shared with anyone or used except as described in these Terms and Conditions, this Privacy Policy or as otherwise permitted by law. By agreeing to receive information about Medicaid eligibility, including this CMS Community Engagement Outreach Campaign, you agree to the collection and use of information in accordance with this policy. 

Opt-Out Information: We do not require anyone to receive outreach text messages for the CMS Community Engagement Outreach Campaign. To stop receiving outreach text messages from CMS regarding the CMS Outreach Campaign, text STOP to 633767. If revoking your consent for the CMS Community Engagement Outreach Campaign by texting STOP to the outreach text message you have received regarding CMS, your text response should contain only the word STOP without any additional words, spaces, or characters either before or after the word. Unless you reply only with the word STOP, your intent to revoke your prior express permission may not be effective. CMS will confirm receipt of your cancellation request in a timely manner as well as indicate you will no longer receive outreach text messages from CMS regarding the CMS Community Engagement Outreach Campaign. CMS will not delete data already collected. Note: Opting out of outreach text messages for the CMS Community Engagement Outreach Campaign will not affect your choice to receive other text messages regarding other benefits from CMS or other public benefit sources. 

Assistance Information: For assistance, you can reply “HELP” to receive a link to information on the CMS website or visit https://www.medicaid.gov/privacy-policy.

Message Frequency: Some messages are sent based on your interaction with CMS and may vary in frequency depending on your activity and your communication with CMS. 

Supported Carriers List:

AT&T • ACS/Alaska • Advantage Cellular (DTC Wireless) • Aio Wireless/Cricket • Appalachian Wireless • Atlantic Tele-Network International (ATN) • Bandwidth • Bluegrass Cellular • Buffalo Wireless • C Spire Wireless • CableVision • Carolina West Wireless (CWW) • CellCom USA • Cellular Network Partnership (PIONEER) • Cellular One of East Central Illinois • Chariton Valley Cellular • Chat Mobility USA • Copper Valley • Coral Wireless (Mobi PCS) • Cross Telephone Company (MBO Wireless) • Duet IP (Maximum Communications New Core Wireless) • Element Mobile (Flat Wireless) • Epic Touch (Elkhart Telephone) • GCI Communications Corp • Golden State Cellular • Google Voice • i Wireless (IOWA Wireless) • Illinois Valley Cellular (IV Cellular) • Immix (Keystone Wireless) • Inland Cellular Telephone Company • Leaco • Live • Mosaic (Consolidated or CTC Telecom) • MTA Communications • MTPCS (Cellular One Nation) • Nex-Tech Wireless • Northwest Missouri Cellular Limited • Panhandle Telecommunications Systems (PTCI) • Peoples Wireless • Pine Belt Wireless • Pine Cellular • Revol Wireless USA • RINA • Sagebrush Cellular (Nemont) • SI Wireless/Mobile Nation • SouthernLinc • Sprint/Boost/Virgin • SRT Wireless • Texas RSA 3 Ltd(Plateau Wireless) • Thumb Cellular • TMobile/MetroPCS • U.S. Cellular • Union Telephone Company(Union Wireless) • United Wireless • Verizon Wireless • Viaero Wireless • West Central Wireless (5 Star Wireless) 
Note: T-Mobile is not liable for delayed or undelivered messages

Additional Terms and Conditions

Alerts sent via text may not be delivered to you if your phone is not in range of a transmission site, or if sufficient network capacity is not available at a particular time. Even within a coverage area, factors beyond the control of your wireless carrier may interfere with message delivery, including equipment, terrain, proximity to buildings, foliage, and weather. You acknowledge that alerts may not be received timely and that there is no guarantee that alerts will be delivered.

By consenting to receiving outreach text messages concerning the CMS Community Engagement Outreach Campaign, you represent that you are the owner or authorized user of the wireless device you use to subscribe for the service, and that you are authorized to approve the applicable charges.

Data used by CMS to send outreach text messages use standard text protocols and while CMS takes all reasonable security precautions, you acknowledge there is some risk that texts and data transmitted between you and CMS could be intercepted by third parties.

Information obtained from you in connection with this outreach texting campaign concerning CMS may include your mobile/cell phone number, your carrier’s name, and the date, time and content of your messages, and other information that you may provide. We may use this information to contact you and to provide the services you request from us, and to otherwise operate, develop and improve the service. Your wireless carrier and other service providers may also collect data about your usage, and their practices are governed by their own policies.

Changes in terms: CMS reserves the right to change these Terms and Conditions and Privacy Policy or cancel text messages service at any time. Any changes shall take effect when posted on this website. Your continued use and acceptance of text messages from CMS after changes are made to the Terms and Conditions and Privacy Policy are deemed as acceptance of the modified Terms and Conditions and Privacy Policy. Therefore, please check these Terms and Conditions and Privacy Policy on a regular basis to ensure that you are aware of any change.

Limitation of Liability: To the maximum extent permitted by applicable law, you hereby agree that CMS shall not be liable for any direct, indirect, consequential, special, incidental, punitive or any other damages, even if CMS has been advised of the possibility of such damage or loss, arising or resulting from or in any way relating to your use of CMS’s outreach text messages. The wireless carriers are not liable for delayed or undelivered messages. Furthermore, CMS shall not be liable for the acts or omissions of third parties, including but not limited to delays in the transmission of messages, inaccurate or incomplete content in a text message, or use or reliance on the content of any text message for any purpose.

Indemnity: To the maximum extent permitted by applicable law, you expressly agree to indemnify, defend and hold harmless CMS from and against any and all claims, damages, liabilities, actions, causes of action, costs, expenses (including reasonable attorneys' fees), judgments or penalties of any kind or nature whatsoever arising from your use or receipt of CMS’s text messages.

Governing law; jurisdiction: These Terms and Conditions and this Privacy Policy are governed by applicable federal law, including the Telephone Consumer Protection Act (TCPA) and Federal Communications Commission (FCC) rules and orders. Any claim arising out of or relating to these Terms and Conditions or Privacy Policy shall be brought only in a court of competent jurisdiction as determined by applicable federal law. Nothing in these Terms and Conditions or this Privacy Policy waives the sovereign immunity of the United States or authorizes any remedy not otherwise permitted by law.

Terms and Conditions incorporated herein: You agree that for all matters not explicitly addressed herein, including general terms applicable to both email and text messages, these Terms and Conditions and Privacy Policy shall apply and are incorporated herein by reference. In addition, you hereby reaffirm your agreement to these Terms and Conditions and Privacy Policy. 

 

Privacy Policy

Definitions

“We” or “Us” or “Our” means collectively CMS, affiliates, subsidiaries, agents, contractors, or vendors working on or on behalf of the CMS Community Engagement Outreach Campaign. 

“Data” means certain identifying information to enable CMS to contact you via your mobile phone like your name, email address, mobile phone number, and physical address, and does not include medical information or medical records.

What information will I receive?

The CMS Community Engagement Outreach Campaign will send information to you regarding Medicaid eligibility. The CMS Community Engagement Outreach Campaign is intended for eligible persons between the ages of 19 and 64 years old who meet certain qualifying criteria.  

If you receive an outreach text message regarding Community Engagement and are currently a member of your state’s Medicaid program, you are considered a part of the intended campaign audience.

If you receive an outreach text message regarding the Community Engagement and you are under the age of 18 or over the age of 64, please refer to the instructions in the above Terms and Conditions regarding how to opt-out of receiving outreach text messages concerning CMS.

What information will be collected?

The CMS Community Engagement Outreach Campaign may ask you to share the name and mobile phone number related to other persons interested in the Community Engagement Outreach Campaign. Additional information may be asked to further the purposes noted above.

The CMS Community Engagement Outreach Campaign will also collect data to determine if messages were delivered or undelivered to you. If received, you will receive a link with information inviting you to learn more about Medicaid community engagement requirements. The link will provide data to inform us whether it has been clicked.

Who will this information be shared with?

The data you share through the CMS Community Engagement Outreach Campaign will not be shared outside of CMS, HHS, their respective affiliates, contractors, and subcontractors in support of CMS.

How will this information be used?

To better understand how we might use your data, the following are some of the goals of the CMS Community Engagement Outreach Campaign: 

-  Alert current Medicaid members to upcoming community engagement requirements
-  Provide Medicaid members with resources to support community engagement
-  Remind Medicaid members to take action before community engagement requirements go into effect

We may also share your data if required by law to do so, such as if a court orders us to share this data. However, we will make every effort to protect your privacy to the extent allowed by law. 

Your Responsibilities

Review this policy periodically to see if it has been modified.

Opt-out if you no longer wish to receive outreach text messages concerning the CMS Community Engagement Outreach Campaign. If you opt-out in error, you may rejoin as instructed in the outreach text message concerning the CMS Community Engagement Outreach Campaign.

Who to Contact with Questions or Concerns

If you have any concerns or questions about how your data is used, please call 877-267-2323.

 

Types of information we collect

Information which is automatically collected:

When you browse:

Certain information about your visit can be collected when you browse websites. When you browse Medicaid.gov, we, and in some cases, our third-party service providers, can collect the following types of information about your visit, including:

  • Domain from which you accessed the internet (like Verizon.com if you’re using a Verizon account).
  • IP address (an IP or internet protocol address is a number that’s automatically assigned to a device connected to the internet).
  • Approximate geographic location based on the IP address of the user’s local system.
  • Operating system for the device that you’re using and information about the browser you used when visiting the site. The operating system is software that directs a computer’s basic functions, like executing programs and managing storage.
  • Date and time of your visit.
  • Pages you visited.
  • Address of the website that connected you to Medicaid.gov (like Google.com or Bing.com).
  • Device type (like desktop computer, tablet, or type of mobile device).
  • Screen resolution.
  • Browser language.
  • Geographic location.
  • Time spent on page.
  • Scroll depth (measures how much of a web page was viewed).
  • Your actions on Medicaid.gov (like clicking a button).

For more information, see How CMS uses third-party websites & applications with Medicaid.gov.

We use this information to:

  • Measure the number of visitors to Medicaid.gov.
  • Help make our website more useful for visitors.
  • Improve our public education and outreach through digital advertising.

Also, this information is sometimes used to personalize the content we show you on third-party sites. For more information on our practices, see How CMS uses third-party websites & applications with Medicaid.gov.

 

Information you may provide:

When you request information:

We collect information, including your email address, to deliver alerts or eNewsletters. We use this information to complete the subscription process and provide you with information. You can opt out of these communications at any time by editing your subscription preferences.

 

How CMS uses information collected on Medicaid.gov

Sending you Medicaid messages:

We use the email address you provide us to send emails related to Medicaid.

Conducting surveys to improve services:

We use online surveys to collect opinions and feedback. You don’t have to answer these questions. If you do answer these questions, don’t include any PII/PHI in your answers. We analyze and use the information from these surveys to improve the Medicaid.gov website. The information is available only to CMS managers, members of the CMS communications and web teams, and other designated federal staff and contractors who require this information to perform their duties.

Using third-party tools for website analytics

We use a variety of third-party web tools for web analytics. We don’t collect any PII/PHI with these tools.  We use these tools to collect basic information about visits to Medicaid.gov. This information is then used to maintain the website, including:

  • Monitoring website stability
  • Measuring website traffic
  • Optimizing website content
  • Helping make the website more useful to visitors

CMS staff analyzes the data collected from these tools. Reports are available only to CMS managers, teams who implement programs represented on Medicaid.gov, members of the CMS communications and web teams, and other designated federal staff and contractors who need this information to perform their jobs.

 

Using third-party tools for outreach and education through digital advertising:

We use third-party web services to conduct outreach and education through the use of digital advertising for Medicaid.gov. These third-party services may collect information through the use of web beacons (also called pixels) that are located on our pages. A web beacon is a see-through graphic image (usually 1 pixel x 1 pixel) that's placed on a web page and, in combination with a cookie, allows us to collect information regarding the use of the web page that contains the web beacon.

We use web beacons to tell when a user is redirected to Medicaid.gov by clicking or otherwise interacting with a CMS advertisement that we ran on another website. This is known as “click tracking” or “conversion tracking,” and we use it to better target CMS advertisements (known as “retargeting”) to inform consumers about the services available through Medicaid.gov. For more information on how these tools work, see How CMS uses third-party websites & applications with Medicaid.gov.

We also use third-party tools to help deliver advertising. Vendors that operate the third-party tools may also gather information about your visits to third-party sites outside of Medicaid.gov. While we don't track your internet activity outside of Medicaid.gov, our vendors may use information collected automatically by visiting Medicaid.gov, and combine it with data they collect elsewhere for targeted advertising purposes. You can opt out of this type of data collection via Privacy Settings, Ad Choices, and Do Not Track. For methods to opt out of this type of collection, see Your choices about tracking & data collection on Medicaid.gov.

The outreach and education analytics tools provide reports which aggregate data like the number of clicks on advertisements. The reports are available only to CMS managers, teams who implement programs represented on Medicaid.gov, members of the Medicaid.gov communications and web teams, and other designated federal staff and contractors who need this information to perform their duties.

 

How CMS uses cookies & other technologies on Medicaid.gov

The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies, allows federal agencies to use session and persistent cookies to improve the delivery of services.

When you visit a website, its server may generate a piece of text known as a “cookie” to place on your device. The cookie, which is unique to your browser, allows the server to "remember" specific information about your visit while you’re connected. The cookie makes it easier for you to use the dynamic features of web pages. Information that you enter into Medicaid.gov isn’t associated with cookies on Medicaid.gov. Depending on the third-party tool’s business practices, privacy policies, terms of service, and/or the privacy settings you selected, information you’ve provided to third parties could be used to identify you when you visit Medicaid.gov. These third parties don’t/won’t share your identity with CMS or the Department of Health and Human Services (HHS).

There are 2 types of cookies - single session (temporary) and multi-session (persistent). Single session cookies last only as long as your internet browser is open. Once you close your browser, the session cookie disappears. Persistent cookies are stored on your device for longer periods. Both types of cookies create an ID that’s unique to your device.

  • Session cookies: We use session cookies for technical purposes, like to allow better navigation through our website. These cookies let our server know that you’re continuing a visit to our website. The OMB Memo M-10-22 Guidance defines our use of session cookies as "Usage Tier 1—Single Session.” The policy says, "This tier encompasses any use of single session web measurement and customization technologies."
  • Persistent cookies: We use persistent cookies to understand the differences between new and returning visitors to Medicaid.gov. Persistent cookies remain on your device between visits to our website until they expire or are removed by the user. The OMB Memorandum M-10-22 Guidance defines our use of persistent cookies as "Usage Tier 2—Multi-session without personally identifiable information.” The policy says, "This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected." We don’t use persistent cookies to collect PII. We don’t identify a user by using cookies.

CMS also uses these technologies on Medicaid.gov:

  • Persistent cookies for digital advertising: Similar to persistent cookies identified above, CMS uses persistent cookies for outreach through digital advertising. These cookies can also be created on third-party websites and remain on your device between visits to our website until they expire or you remove them. Consistent with OMB guidance for “Usage Tier 2”, we don’t use persistent cookies for outreach to collect PII. CMS doesn’t identify a user by using such technologies.
  • Web beacons for digital advertising (also called pixels and/or tracking tags): See-through images placed on certain pages of Medicaid.gov are typically used in conjunction with cookies and aren’t stored on your device. When you access these pages, web beacons generate a notice of your visit. For information on how we use web beacons, see How CMS uses third-party websites & applications with Medicaid.gov.
  • Website log files: These are used as an analysis tool and to tell how visitors use Medicaid.gov, how often they return, and how they navigate through the website.
  • Flash: Flash is used to assess the performance of the site and as a player for selected videos depending on the browser a device is using.
  • Local Storage Objects: We use Flash Local Storage Objects (“LSOs”) to store your preferences and to personalize your visit.

 

Your choices about tracking & data collection on Medicaid.gov

Medicaid.gov offers Privacy Settings which gives you control over what tracking and data collection takes place during your visit. Third-party tools are enabled by default to provide a quality consumer experience.

The Privacy Settings provide you with the choice to opt in or to opt out of the different categories of third-party tools used by Medicaid.gov: Advertising, Analytics, or Social Media. The Privacy Settings prevents cookies, web beacons, and Local Storage Objects from being placed on your device. The Privacy Settings also prevents third-party tools from loading regardless of your cookie settings, which provides you with an additional layer of privacy that prevents the tool from loading at all. Because the Privacy Settings creates a cookie in your browser, the opt in and opt out choices you make through the Privacy Settings will only be effective on the device and browser you used to make your choices, and your choices will expire when the cookie expires. Once the cookie is created, the Privacy Settings will retain your settings for 3 years from the date of your most recent visit. You may revisit the Privacy Settings to change or renew your choices at any time.

If you disable cookies in your browser, our Privacy Settings won’t be able to store your preferences and won’t function properly. If you don’t wish to use our Privacy Settings to opt out of the tools used by Medicaid.gov, you can opt out of tools individually, or via the Digital Advertising Alliance (“DAA”) AdChoices icon, discussed in the next subsection.

If you opt out of the tools used by Medicaid.gov via the Privacy Settings or by opting out of the tools directly, you’ll still have access to information and resources at Medicaid.gov.

AdChoices: We include the AdChoices icon on all digital advertising that uses “conversion tracking” or “retargeting.” To learn about conversion tracking, targeted advertising, and retargeting, see How CMS uses third-party websites & applications with Medicaid.gov. The AdChoices icon is usually at or near the corner of digital ads. When you click on the AdChoices icon, it will provide information on what company served the ad and information on how to opt out. Learn more about AdChoices.

Do Not Track: We automatically observe the “Do Not Track” browser setting for digital advertising that uses “conversion tracking” or “retargeting.” If “Do Not Track” is set before a device visits Medicaid.gov, third-party conversion tracking and retargeting tools won’t load on the website. To learn more about conversion tracking and retargeting, see How CMS uses third-party websites & applications with Medicaid.govLearn more about Do Not Track and how to set the Do Not Track setting in your browser.

 

How CMS uses third-party websites & applications with Medicaid.gov

Medicaid.gov uses a variety of technologies and social media services to communicate and interact with the public. These third-party websites and applications include popular social networking and media websites, open source software communities, and more.

Third-party websites:

Your activity on the third-party websites that Medicaid.gov links to (like Facebook or Twitter) is governed by the security and privacy policies of those websites. You should review the privacy policies of all websites before using them so you understand how your information may be used.

Website analytics tools:

These tools collect basic site usage information, like:

  • How many visits Medicaid.gov gets
  • The pages visited
  • Time spent on Medicaid.gov
  • The number of return visits to Medicaid.gov
  • The approximate geographic location of the device used to access Medicaid.gov
  • Types of devices used

This information is used to maintain the website, including:

  • Monitoring website stability
  • Measuring website traffic
  • Optimizing website content
  • Improving your experience

Use the Medicaid.gov Privacy Settings to opt out of website analytics tools.

 

Digital advertising tools for outreach & education:

We use third-party tools to support our digital advertising outreach and education efforts. These tools enable us to reach new people and provide information to previous visitors. To use these tools, we use these technologies on Medicaid.gov:

Click tracking: We use click tracking to identify the ads that are most helpful to consumers and efficient for outreach. This enables us to improve the performance of ads that consumers click on. When users click on links from ads, data about what ad was viewed is collected. Reports are generated about ad performance – including the total number of views and clicks an ad received.

Conversion tracking: We use conversion tracking to identify ads that are helpful to consumers and efficient for outreach. It enables us to improve the performance of ads viewed by consumers. When a Medicaid.gov ad is viewed on a third-party site (like a banner ad), a cookie is placed in the browser of the device the ad was viewed on. If this device later visits Medicaid.gov, the visit is linked to the ad viewed on the same device. Use the Medicaid.gov Privacy Settings to opt out of advertising tools. Users can click on the “AdChoices” icon in the corner of our ads to opt out of this Ad Targeting. Users who have set their browser to “Do Not Track” will automatically be opted out of conversion tracking. For more information about AdChoices and Do Not Track, see Your choices about tracking & data collection on Medicaid.gov.

Retargeting: We use retargeting to provide information to consumers who have previously visited Medicaid.gov, like reminders about upcoming enrollment deadlines. Retargeting enables us to improve the performance of ads by delivering them to relevant audiences, like recent visitors to Medicaid.gov. During a visit to Medicaid.gov, a cookie is placed in the browser of the devices used to view the website. When that same device is used to visit third-party websites that are displaying Medicaid.gov ads, ads for Medicaid.gov may be shown to that device because it had previously visited Medicaid.gov. Using these cookies, we don't collect information about the third-party websites visited by a device. Reports are generated about ad performance – including the total number of views and clicks an ad received. Use the Medicaid.gov Privacy Settings to opt out of advertising tools. Users can click on the “AdChoices” icon in the corner of our ads to opt out of this Ad Targeting. Users who have set their browser to “Do Not Track” will automatically be opted out of conversion tracking. For more information about AdChoices and Do Not Track, see Your choices about tracking & data collection on Medicaid.gov.

Targeted advertising: We use third-party vendors to engage in targeted advertising (also called online behavioral or interest-based advertising) to provide information to consumers across their online activities. Targeted advertising involves the collection of data from a particular computer or device. Data regarding web viewing behaviors or application use is gathered to predict user preferences or interests. We can have ads delivered to computers or devices based on the preferences or interests inferred from the web-viewing behaviors or application use.

Third-party vendors engaged by us may also target advertising based on information automatically collected (not information you provide) when you browse our websites or other websites on the internet. You can opt out of this type of data collection via our Privacy Settings, Ad Choices, and Do Not Track. For methods to opt out of this type of collection, see Your choices about tracking & data collection on Medicaid.gov.

We may consider new third-party tools or the use of new third-party websites, but we'll first assess the tool or website before it’s used in connection with Medicaid.gov. We'll provide notice to the public before adding any new tool to Medicaid.gov. These assessments include a description about how information will be collected, accessed, secured, and stored. See a list of the third-party tools currently being used on Medicaid.gov. See risk assessments for third-party websites and applications.

 

How CMS protects your personal information

You don’t have to give us personal information when you visit Medicaid.gov, but if you want to get alerts or e-newsletters, you’ll need to give us your email address to subscribe.

If you choose to give us PII in an email, request for information, paper or electronic form, questionnaire, survey, etc., we’ll the information you give us only long enough to respond to your question or to fulfill the stated purpose of the communication.

If we need to contact you, we’ll save your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, home mailing address, personal or mobile phone number, etc.) and keep the information you give us safe according to the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

If we have a record system to retrieve information about you so we can carry out our mission, a Privacy Act Statement should be prominently displayed out in the open on the public-facing website or form asking you for PII. The statement has to address these 5 criteria:

  1. The legal authorization we have to collect information about you
  2. Why we’re collecting information
  3. Routine ways we disclose information outside of our websites
  4. Whether or not you legally have to give us the information we’re asking for
  5. What happens if you choose to not us the information we’re asking for

For more information about Medicaid.gov’s privacy policy, email Privacy@cms.hhs.gov.

Third-party services are web-based technologies that aren’t exclusively operated or controlled by a government entity, or that involve significant participation of a nongovernment entity. These services may be separate websites or may be applications embedded within our websites. The list of third-party services includes links to relevant third-party privacy policies.

 

How long CMS keeps data & how it’s accessed

We'll keep data collected long enough to achieve the specified objective for which they were collected. Once the specified objective is achieved, the data will be retired or destroyed in accordance with published draft records schedules of CMS as approved by the National Archives and Records Administration.

We don't store information from cookies on our systems. The persistent cookies used with third-party tools on Medicaid.gov can be stored on a user’s local system and are set to expire at varying time periods depending upon the cookie. We assess whether the expiration date of a cookie exceeds one year and provides an explanation as to why cookies with a longer life are used on the site in the associated Third-Party Website or Application Privacy Impact Assessment.

 

Children & privacy on Medicaid.gov

We believe it’s important to protect the privacy of children online. The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 13. Medicaid.gov isn’t intended to solicit information of any kind from children under age 13.

 

Links to other sites

Medicaid.gov may link to other HHS websites, other government websites, and/or private organizations (like health care providers). We link to other websites solely for your convenience and education. When you follow a link to an external site, you’re leaving Medicaid.gov and the external site’s privacy and security policies will apply. Non-federal websites don’t necessarily operate under the same laws, regulations, and policies as federal websites. Other than third-party websites highlighted in this privacy notice, we aren’t responsible for the contents of external web pages and a link to a page doesn’t constitute an endorsement.

Social media & other sites that require registration

We use social media websites (listed below) to:

  • Increase government transparency
  • Improve information sharing
  • Promote public participation
  • Encourage partnership with CMS

Social media websites aren’t government websites or applications. They’re controlled or operated by the social media website. We don’t own, manage, or control social media websites. In addition, we don’t collect, maintain, or disseminate information posted by visitors to those social media websites. If you choose to provide information to a social media website through registration or other interaction with the website, the use of any information you provide is controlled by your relationship with the social media website. For example, any information that you provide to register on Facebook is voluntarily contributed and isn’t maintained by us. This information may be available to our social media page administrators in whole or part, based on a user's privacy settings on the social media website. However, we won’t use PII, if provided by you to a social media website or other website that requires registration, for targeted advertising or retargeting. Although you may voluntarily contribute to a social media website with the intent to share the information with others on a CMS social media page, to protect your privacy, don’t disclose PII about yourself or others.

We don’t keep separate records or accounting of any social media website users or their interaction with the Medicaid.gov pages on social media websites. We don’t store or share this information. User information is retained by social media websites in accordance with the website’s policies. See each social media website’s privacy policy to see how long user information is retained after an account has been deleted. To learn more about how each social media website uses and maintains information visit their privacy policy, as follows:

Additional privacy information

Get more information about CMS privacy policies.