Main Content

Privacy Policy

Registration for Technical Assistance Portal (REGTAP) Website Privacy Policy

The purpose of this privacy policy is to inform the REGTAP community about the type of information REGTAP collects, why it is collected, and what is done with it. This policy covers the following website:


REGTAP does not collect any personally identifiable information (PII) about you during your visit unless you choose to provide it by creating a REGTAP user account. REGTAP collects information from registered users who read, browse, and/or download information from REGTAP.  Integrity of the data provided during the registration process is validated for each new registrant; any inaccurate or outdated PII in use within REGTAP is corrected as necessary.

REGTAP never collects information for commercial marketing or any purpose unrelated to the Centers for Medicare & Medicaid Services (CMS) mission and goals.

Types of Non-Personally Identifiable Information REGTAP Collects

When you browse through any website, certain information about your visit can be collected. REGTAP’s web analytics tools automatically collect and temporarily store the following types of information about your visit:

  • Domain from which you access the Internet
  • Internet Protocol (IP) address (the unique number assigned to each computer connected to the Internet)
  • Operating system on your computer and information about the type of browser used to access the site
  • Date and time of your visit
  • Pages you visited
  • Address of the search engine that connected you to REGTAP (such as Google, Bing, Yahoo, etc. )

This information is used to measure the number of visitors to REGTAP and its various sections which help to make REGTAP more useful to visitors.

Types of Personally Identifiable Information REGTAP Collects

If you choose to become a registered user, REGTAP will collect the following information:

  • Email address
  • First Name and Last Name
  • Organization Name
  • State
  • Organization Type
  • Title
  • Role in Organization
  • Work Phone
  • Mobile Phone

How REGTAP Uses Information It Collects

REGTAP may use user account PII to respond to user inquiries and/or to assist with training event registration.

REGTAP also uses a variety of Web measurement/analytic software tools to collect the information listed in the “Types of Non-Personally Identifiable Information REGTAP Collects” section above. The tools collect information automatically and continuously. No personally identifiable information is collected by these tools. REGTAP staff analyze and report on the collected data from these tools. The reports are available only to CMS and REGTAP staff who need this information to perform their duties.

REGTAP may also use surveys to collect opinions and feedback. You do not  have to answer these questions. Please do not include any personally identifiable information (PII) in comments you submit for this survey. The REGTAP staff analyzes and uses this  information to improve the site's operation and content. The reports are available only to CMS and REGTAP staff who require this information to perform their duties.

REGTAP keeps the data for our measurement tools as long as needed to support the mission of CMS.

How REGTAP Uses Cookies

When you visit any website, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected. The cookie makes it easier for you to use the dynamic features of Web pages.

There are two types of cookies: single session (temporary) and multi-session (persistent). Session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears.

REGTAP uses single session, non-persistent cookies for user session management only (preventing multiple logins). This cookie contains no personal information about you, only a web session id.

REGTAP uses web analytics tools to help scale the application and servers to meet user load. That system has no PII but may use persistent cookies. No REGTAP data is shared with these web analytics tools.


How To Opt Out or Disable Cookies

If you do not wish to have session or persistent cookies placed on your computer, you can disable them through your Web browser. If you opt-out of cookies, you will not be able to successfully log in to access all information and resources on REGTAP. Instructions for disabling or opting-out of cookies in the most popular browsers are located at http://www.usa.gov/optout_instructions.shtml.

Please note that by opting-out of cookies, you will disable cookies from all sources, not just from REGTAP.

How We Protect Your Personal Information

If you choose to provide REGTAP with PII or to provide PII through an email message, request for information, paper or electronic form, questionnaire, survey, etc., REGTAP will maintain the information you provide only as long as needed to respond to your question or to fulfill the stated purpose of the communication.

In order to contact you, REGTAP stores your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, work phone, personal or mobile phone number, etc.), REGTAP safeguards the information you provide in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

Because REGTAP operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement is prominently and conspicuously displayed on each public-facing webpage or form which asks you to provide personally identifiable information. The notice addresses the following five criteria:

  1. 1. REGTAP’s legal authorization to collect information about you
  2. 2. Purpose of the information collection
  3. 3. Routine uses for disclosure of information outside of REGTAP
  4. 4. Whether the request made of you is voluntary or mandatory under law
  5. 5. Effects of non-disclosure if you choose to not provide the requested information

For further information about the REGTAP privacy policy, to amend/redact user account PII, or to address complaints, please contact registrar@regtap.info. Registered users may submit an inquiry using the Inquiry Tracking and Management System (ITMS) module within REGTAP to address complaints/concerns, questions, recommendations directly to the REGTAP Privacy Official.

Data Safeguards and Privacy

All uses of Web-based technologies comply with existing privacy and data safeguarding policies and standards. Information Technology (IT) systems used by REGTAP are assessed using Privacy Impact Assessments. To ensure REGTAP‘s information security controls are appropriate and adequately protect PII, an audit is performed in accordance with CMS information security guidelines and policies. Records that contain information about an individual may be covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For such records, REGTAP Systems of Record Notices (SORN) is available. Click here to view the SORN.    Get Adobe Reader

When you visit REGTAP, please look for the Privacy Notice posted on the bottom of the main pages. When Web measurement and customization technologies are used, the Privacy Policy/Notice provides:

  • Purpose of the web measurement and/or customization technology
  • Usage tier, session type, and technology used
  • Nature of the information collected
  • Purpose and use of the information
  • Whether and to whom the information will be disclosed
  • Privacy safeguards applied to the information
  • Data retention policy for the information
  • Whether the technology is enabled by default or not and why
  • How to opt out of the web measurement/customization technology
  • Statement that opting out still permits users to access comparable information or services
  • Identities of all third-party vendors involved in the measurement and customization process

How Long We Keep Data and How We Access It

REGTAP keeps data collected long enough to achieve the specified objective for which they were collected. The data generated from these activities fall under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC “Electronic Records,” and will be handled according to the requirements of that schedule (https://www.archives.gov/records-mgmt/policy/transfer-guidance.html).

Links to Other Sites

REGTAP links to external web sites that are managed by private organizations. Once you leave REGTAP, you are subject to the privacy policy for the site you are visiting.