Privacy Notice

This site is operated by National Government Services, Inc. (NGS) in its capacity as the JK and J6 Medicare Administrative Contractor (MAC) awarded by the Centers for Medicare & Medicaid Services (CMS) under the authority granted in Sections 1842, 1862(b), and 1874 of Title XVIII of the Social Security Act (42 U.S.C. §§ 1395u, 1395y(b), and 1395kk).

This Privacy Notice explains what information this site collects, how it is used and safeguarded, when it may be disclosed, and your rights regarding Protected Health Information (PHI) and Personally Identifiable Information (PII). NGS complies with the Privacy Act of 1974, the Health Insurance Portability and Accountability Act (HIPAA), CMS Information Security Acceptable Risk Safeguards (ARS), and applicable CMS contractual requirements.

Data Collection, Use, and Disclosure

NGS collects PII and PHI only when voluntarily provided by individuals or when required to administer authorized CMS programs. PII is information that can identify an individual, either alone or in combination with other data.

NGS uses, shares, and maintains PHI and PII solely for authorized CMS purposes and applies the minimum necessary standard in accordance with CMS security and privacy requirements.

NGS does not sell, rent, or trade PHI or PII. Information is disclosed only as permitted or required by law, CMS contract, or valid legal process.

PHI and PII may be shared with law enforcement, CMS, or CMS-contracted entities for authorized program administration and contractual activities. All disclosures are made in accordance with CMS privacy standards.

NGS and/or CMS uses third-party service providers to support website and program operations. These providers access information only on behalf of NGS and CMS and are subject to CMS security and privacy requirements.

Personal Information You Choose to Provide

This website offers opportunities to voluntarily provide personal information, such as when registering for education events, subscribing to email communications, completing surveys, or enrolling in the provider portal.

Providing personal information is optional; however, declining to provide information may limit access to certain website functions or services. Any PHI collected through the provider portal is submitted by providers about beneficiaries they treat and is used only for its intended purpose.

Information Automatically Collected When You Browse

When you visit this website, limited technical information that does not directly identify you may be collected automatically, such as IP address, browser and device type, date and time of access, pages visited, and interaction data.

This information is used to support system security, prevent fraud, waste or abuse, troubleshoot performance issues, and improve website functionality. Automatically collected information does not include PHI and is not used to identify individual users.

Session Recording & Replay

CMS uses session replay or similar monitoring technologies to understand how users interact with this website and to identify technical issues.

Session replay tools may capture mouse movements, clicks, scrolling behavior, and navigation activity. These tools are configured to exclude, mask, or suppress data entered into sensitive fields and are not used to collect PHI or sensitive personal information.

Visitors should not enter PHI or sensitive personal information into free-text fields unless explicitly instructed as part of an authorized CMS function. Users may opt out of session replay by not allowing cookies during time on this site.

Cookies and Tracking Technologies

NGS uses cookies to support essential website functionality, website performance measurement, and user experience improvements. Cookies are not used to identify individual users and are not shared for commercial purposes.

Not allowing cookies may limit certain website features and opts users out of session replay and other cookie-based technologies.

Data Retention and Safeguards

NGS retains PHI and PII only for the period necessary to fulfill authorized purposes and in accordance with CMS records retention schedules.

Records containing PHI or PII are safeguarded in accordance with the Privacy Act of 1974, HIPAA, CMS ARS, and CMS contractual requirements. Information is stored on secure systems, accessed only by individuals with a legitimate business need, and subject to monitoring and auditing. When no longer required, information is securely disposed of in accordance with CMS records retention policies.

Security Monitoring & Incident Response

NGS implements security monitoring, incident response, and breach reporting procedures consistent with CMS requirements. We monitor network traffic to identify unauthorized activity and attempts to upload or change information or otherwise damage to the web service. Any suspected or confirmed incidents involving PHI or PII are handled in accordance with CMS incident response and breach notification requirements.

Your Rights Under HIPAA

You have the right to:

  • Request access to your PHI.
  • Request an amendment to your PHI.
  • Request an accounting of disclosures.
  • Request restrictions on certain uses or disclosures, where applicable.

Requests must be submitted in accordance with CMS and NGS procedures. Not all requests may be granted, as permitted by law.

Email and Fax Communications

We may provide email and fax links to further facilitate communication. Electronic mail is not necessarily secure, so we do not recommend sending confidential or personal information via email. If you send us an email with questions or comments, we may use your PII to respond to your questions or comments, and we may save your questions or comments for future reference or to comply with government records retention policies.

Also, if you request that we email or fax information about you to someone using email and fax capabilities in our websites, that email or fax may not be completely secure. Please verify email addresses and fax numbers before submitting such a request.

External Links

NGS may provide links to websites not owned or controlled by NGS. These links do not constitute endorsement, and NGS is not responsible for the privacy practices, content, or security of external websites. We link to other websites solely for your convenience and education. When you follow a link to an external site, you’re leaving NGS websites and the external site’s privacy and security policies will apply.

Privacy Notice Updates

NGS may update this Privacy Notice periodically. Any changes will be posted on this page.

Contact Information

National Government Services, Inc.
Attention: NGS Privacy Officer
220 Virginia Ave Indianapolis, IN 46204

Email: NGSethicsandcompliance@elevancehealth.com

 

Last Updated: February 11, 2026, 4:00pm, Eastern Standard Time (EST)