Palmetto GBA CMS

Terms and Conditions

You are accessing a U.S. government information system, which includes: (1) this computer, (2) this computer network, (3) all computers connected to this network, and (4) all devices and storage media attached to this network or to a computer on this network. This information system is provided for U.S. Government-authorized use only. Unauthorized or improper use of this system may result in disciplinary action, as well as civil and criminal penalties. By using this information system, you understand and consent to the following:

  • At any time, and for any lawful Government purpose, the Government may monitor, intercept, and search and seize any communication or data transiting or stored on this information system. 
  • Any communication or data transiting or stored on this information system may be disclosed or used for any lawful Government purpose.

The Centers for Medicare and Medicaid Services (CMS) maintains ownership and responsibility for this computer system and allows Palmetto GBA to provide the services of this system. A user of Palmetto GBA’s Coverage Gap Discount Program (CGDP) Portal application must adhere to CMS information security policies, standards, and procedures.

Your usage of the CGDP Portal may be monitored, recorded, and audited. Your use of this information system establishes your consent to any and all monitoring and recording of your activities. Unauthorized use is prohibited and subject to criminal and civil penalties.

Palmetto GBA reserves the right to change these terms and conditions from time to time. You agree that you shall be bound by the terms and conditions appearing on this site at the time you are using the site. By using the CGDP Portal, you agree to release Palmetto GBA from any and all claims, liabilities, or damages related to your use. You further agree to indemnify and hold Palmetto GBA harmless, including the payment of attorneys' fees, for any breach of this agreement, negligence, violation of law, or willful conduct on your part in connection with the use of this website.


Use of Data and Information

Palmetto GBA provides the information on the CGDP Portal free for the purposes of fulfilling the obligations of the Coverage Gap Discount Program only. Although Palmetto GBA has attempted to ensure the contents of the CGDP Portal are correct and complete, you agree not to hold Palmetto GBA responsible for the accuracy of this information, and you assume all the risks associated with its use. Palmetto GBA may change, delete, or update information without notice as instructed by CMS.

Palmetto GBA may also make improvements or changes in the products or services described on the site at any given time without notice.

You may print a copy of the information displayed on this site. However, Palmetto GBA does not transfer or grant any intellectual property or other rights to you, including any copyright, trademark, service mark, or patent rights, all of which Palmetto GBA expressly reserves for itself. You agree not to distribute, manipulate, create derivative works from, or use the information on this site for any purpose other than as expressly authorized by Palmetto GBA.

Any copy and/or alteration of the original data displayed on this site, including conversion to other media or other data formats, is the responsibility of the requestor. Data that has been manipulated or reprocessed by the user is the responsibility of the user. The user may not present data that has been altered in any way as CMS or Palmetto GBA data. Palmetto GBA has no responsibility for the data after it has been converted, processed, or otherwise altered. Palmetto GBA has no responsibility for assisting users with converting the data to another format.




Use of Beneficiary Data

Palmetto GBA is obligated by the federal Privacy Act, 5 U.S.C. Section 552a and the HIPAA Privacy Rule, 45 C.F.R Parts 160 and 164, to protect the privacy of individual beneficiaries and other persons. By signing this agreement, the user agrees not to use Palmetto GBA or CMS data to determine the identity of individual persons. Attempting to determine individual identities from public data is a violation of the federal Privacy Act, 5 U.S.C and the HIPAA Privacy Rule.


Roles and Responsibilities

Palmetto GBA allows one user per contract or P-number to have access to the CGDP Portal. Optionally, payment initiation capability can be separated and assigned to a second authorized user. However, access for these two roles are only granted to authorized personnel as shown in Health Plan Management System (HPMS) for a given contract or P-number.

Each user of the CGDP Portal must have a unique user ID and password. Usernames are based upon a CGDP participant’s contract or P-number and role displayed in HPMS. Palmetto GBA will provide both the username and the initial password to authorized users for access to the CGDP Portal. No sharing of user IDs and passwords is permitted. Palmetto GBA will delete, without notice, any user names found to be compromised.

All login attempts to the CGDP Portal are monitored. Failed attempts are reviewed to identify suspicious activity. When these are identified, the User ID associated with the account will receive an email notification requiring a response within a specific time-frame provided. Failure to respond within the allotted time can result in termination of the user account access. Palmetto GBA has the right to terminate any user's access if suspicious or improper activity is determined.


Protect Your Password

All user accounts require a password for access. Passwords provide a means to authenticate the identity of the person using an account as the authorized user and to prevent misuse by unauthorized users. Do not leave the system accessible on your computer when you are away from the computer. Remember to log off and close your browser each and every time you exit the system.

Passwords are case sensitive and:

  • Must be at least 8 characters long
  • Must contain an uppercase letter
  • Must contain a lowercase letter
  • Must have at least one of the following special characters @, #, !, ?, +, & or $
  • Must contain numbers (0-9) and letters (A-Z, a-z)
  • Must start with a letter
  • Must contain at least six changed characters from the previous password
  • Must be changed every 30 days
  • Cannot contain spaces
  • Must be different from the previous 12 passwords

Additional secure password information can be found in the 'Passwords' section of this Terms of Use document listed in 'Rules of Behavior'.


Automated Interfaces

The use of any application, program, or macro (among other examples) that interfaces with the CGDP Portal is prohibited. The CGDP Portal is a stand-alone portal and shall only be used 'as is' by the user.



We may use 'cookies' or similar technologies in order to track usage of the CGDP Portal and help us in improving our services. Most Internet browsers allow a user to erase cookies from the hard drive, block all cookies, or receive a warning before a cookie is stored. Please refer to your Internet browser's help files or user guides to learn more about these functions.


Contacting Us

When sending feedback through the Contact Us link located on the CGDP Portal, do not transmit any personal information such as Social Security or Health Insurance Claim (HIC) numbers or any other form of personally identifiable information (PII) or protected health information (PHI) or otherwise financially sensitive information to Palmetto GBA. Revealing this information online could expose you or others as a target for Medicare fraud and abuse.


Rules of Behavior

Compliance with Security & Privacy Policies

As a user of the CGDP Portal, you:

  • Understand and accept responsibility for company security and privacy policies and rules of behavior
  • Understand that violation of laws, such as the Privacy Act of 1974, copyright law, and 18 U.S.C. 2071, can result in monetary fines and/or criminal charges that may result in imprisonment
  • Certify that you have not been sanctioned, reprimanded, excluded, debarred, or otherwise disciplined in connection with participation in any federal program
  • Understand that you may be granted access to U.S. Government information systems, and that such access is provided for U.S. Government-authorized use only and
    • Realize that you have no reasonable expectation of privacy regarding any communication or data that you transmit or store on these information systems; and that for any lawful U.S. Government purpose, activities on these information systems may be monitored, intercepted, and searched
  • Have knowledge of a security incident and fail to report it, as a user of this system you understand that you will share in the responsibility for the outcome and any consequences or actions that may arise
  • Will immediately report known or suspected disclosures or system problems that could lead to the unauthorized disclosure of confidential/sensitive information to Palmetto GBA
  • Will not direct or encourage others to violate policies
  • Will not use company resources for personal gain


Confidential/Sensitive Information

As a user of the CGDP Portal, you:

  • Are aware that you are responsible for learning and understanding how to recognize and identify confidential/sensitive information
  • Will only access confidential/sensitive information as required to perform your assigned job functions (i.e., a need-to-know basis); and that you will never attempt to access files or information for which you are not expressly authorized to view
  • Will not share confidential/sensitive information anyone who does not have a valid business need-to-know
  • Will not copy or duplicate information and data, whether confidential/sensitive in nature or not, unless required in support of a business-related responsibility or function and
    • Will never knowingly or willingly conceal, remove, mutilate, obliterate, falsify, or destroy information in an improper/unapproved manner
    • Understand that you are not permitted to use company or customer information for non-business or personal purposes


As a user of the CGDP Portal, you:

  • Will not disclose your password to anyone, whether in person or on the phone
    • This includes your manager, coworkers, auditors, the help desk, technical support, system administrators, CMS, visitors, family, friends, etc.
    • There are no exceptions.
  • Will not write down your passwords, automate their entry in macros or scripts, or store them in a computer file and
    • Will protect them as you would the most confidential/sensitive information
    • Will not share or sign someone else onto a system with your ID or password.
  • Will change your password when the system requires it or when you initiate it only and
    • Understand that Palmetto GBA will not call or email you requesting that you change your password
  • Will not use common words found in the dictionary, such as names of family, pets, or sports teams; dates of birth; or other identifiable phrases associated with you when creating a password
  • Will not use letters or numbers that are near each other on the keyboard (ex. QWERTY/hjkl) or appear in a logical sequence (ex. 123456 or ABCEDFG/abcdefg) when creating a password

End User Point and Click Agreement

By continuing to use the CGDP Portal, the user acknowledges they understand and accept responsibility for all of the Terms of Use and Conditions, including the Rules of Behavior, identified in this material.


This page was last updated on 1/5/2017.