Skip to Main Content

CMS Contractor Website Guidelines

NOTE: As defined in this document, "contractors" refers to Carriers, Fiscal Intermediaries, QIOs, and other CMS business partners. This document does not apply to organizations/businesses contracted by CMS for development of Internet content or web-based applications that will reside on CMS servers or be delivered to CMS.

The CMS Contractor Web site Guidelines document is intended to aid CMS contractors in the development of web materials targeted towards CMS audiences (e.g., Medicare, Medicaid, and SCHIP beneficiaries, providers, and contractors). This document is not legally binding; however, it may reference external policies which are otherwise legally or contractually required. Adherence to these guidelines will improve the accuracy and accessibility of your website.

This document addresses the development of static, public web content. It does NOT address numerous issues associated with developing web-based applications or projects involving sensitive or Privacy Act-covered material. These projects require a much-greater degree of involvement by CMS. For more information about such projects, see CMS's Internet Security Policy in Related Links Inside CMS.
Guidelines
- Any content that is available on CMS web sites (www.cms.hhs.gov and www.medicare.gov) should be LINKED TO rather than DUPLICATED. Content that is duplicated becomes out of date. An example of a document that is frequently duplicated and updated is the "Medicare and You" publication.

Standards
- If displaying the CMS Identity Mark on your website, follow the CMS Identity Mark Usage Guidelines at http://www.cms.hhs.gov/Multimedia/
- Your site MUST be compliant with Section 508 (See Related Links Outside CMS)
- Your site MUST comply with all other applicable CMS and Program requirements.
Your site MUST display its Privacy Policy. If you collect information from site visitors, you MUST indicate what you do with the information you collect (e.g., it is only used internally, it is used to communicate and/or solicit business, or the information is sold or transferred to third parties). In addition to providing a human-readable policy, you should also provide a machine-readable format using the P3P specification (See Related Links Outside CMS).