Palmetto GBA, LLC Privacy Policy

Published 02/09/2024

Palmetto GBA, LLC ("Palmetto GBA" or "we") protects the privacy of personally identifiable information ("PII") collected on its websites: and eServices portal. This Privacy Policy describes the PII we collect and how we use, disclose, and protect the PII that the user ("you") provides to Palmetto GBA.  Please note that the “MEDICARE” section of the website and the website eServices portal are :specific to medical professionals, such as Physicians, Home Health and Hospice organizations, Hospitals, DME Suppliers, etc.  

You do not need to provide personal information to visit our Palmetto website. Should you choose to share personal information with us, please be aware that at this time, the Palmetto GBA website is unsecured. 

While Palmetto GBA makes every attempt to protect the personal information that you may share with us, electronic mail is currently not secure against interception.

For information regarding data collected via the eServices portal, please see the Collection, Dissemination & Distribution of Information section below.

Data Management


When you visit any website, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected. The cookie makes it easier for you to use the dynamic features of Web pages. Cookies from our websites collect only information about your browser's visit to the websites. They do not collect personal information about you.

If you do not wish to have cookies placed on your computer, you can disable them using your Web browser. If you opt out of cookies, you will still have access to all information and resources on our websites. Please note that by opting out of cookies, you will disable cookies from all sources, not just from our websites. Instructions for disabling or opting out of cookies in the most popular browsers are located at

Data we collect through our websites
We do not collect personally identifiable information via cookies.  Following are examples of data collected via cookies.

  • Date/time of visits
  • Geographic locations of visitors (i.e., country, state)
  • Pages frequently visited within our websites
  • Browser type, operating system

On the website, we will collect the following identifying information only if it is specifically and knowingly provided by you.

  • Name
  • Email address
  • Physical address
  • Telephone number
  • Any other identifier unique to you

Collection, Dissemination & Distribution of Information

While using the eServices portal, you may provide us with two types of PII:

  • Medicare Claims-Related PII. "Medicare Claims-Related PII" is information that directly relates to Palmetto GBA’s processing of claims for the Medicare Fee-for-Service program. This information includes, for example, the Legal Business Name, Company Address, Company Phone Number, Tax ID/EIN, PTAN, National Provider Identifier, and other information about the health care provider that you represent. It also includes claims, eligibility inquiries, claim status inquiries, redetermination requests, and information regarding repayments of Medicare overpayments.
  • Other PII. "Other PII" is information we collect that is NOT directly related to Palmetto GBA’s processing of claims for the Medicare Fee-for-Service program. This information includes, for example, names of administrators and users and their email addresses, Security Question information, and other identifying information. We also may collect any information you submit in questions you send us through our "Contact Us" or similar features. By providing Other PII to us, you authorize us to use the information in accordance with this Privacy Policy.

Medicare Claims-Related PII is subject to the privacy policies of the Centers for Medicare & Medicaid Services ("CMS"), which administers the Medicare program. CMS describes those policies on various forms you complete as part of the process to enroll in Medicare, on CMS claims forms and other CMS forms. We collect and use Medicare Claims-Related PII (including Social Security Numbers) on CMS' behalf under the authority of the Social Security Act §§ 1842, 1862(b), and 1874 (42 U.S.C. §§ 1395u, 1395y(b), and 1395kk). As CMS' contractor, we must use, disclose, and safeguard Medicare Claims-Related PII in accordance with the applicable CMS policy.

This Privacy Policy does not address Medicare Claims-Related PII.

This Privacy Policy applies only to Other PII.

Identifying information collected will be used only in connection with, the eServices portal or for such purposes as are described at the point of collection.

We use information you provide on the eServices portal for the purposes of (a) identifying valid users, (b) determining role-based access, (c) authenticating and approving access for conducting transactions related to processing of claims for the Medicare Fee-for-Service program and (d) responding to your inquiries.
Except for our vendors who must comply with this Privacy Policy, we do not share that information with entities unless they are government agencies or entities performing functions on behalf of government agencies.

In response to inquiries, we may disclose that information to the Department of Health and Human Services, the Department of Justice, or Congressional Offices.  We also may disclose that information to federal and state agencies for matters relating to fraud, program abuse, utilization review, quality assurance, peer review, program integrity, third-party liability, coordination of benefits, and civil and criminal litigation.

You do not have the option to consent to or opt out of these uses or disclosures, and by providing such information to us, you authorize us to use and to make disclosures of the information in accordance with this Privacy Policy. If you decline to provide such information to us (thereby authorizing us to use and to make disclosures of the information in accordance with this Privacy Policy), you will be unable to use the eServices portal.

Access and Changes to PII Collected 

To obtain a copy of PII you provided us, including how to make corrections or updates, please call one of our Contact Centers based on the contract or business area appropriate for your request.  They also can provide or help you obtain support with registering, logging in, administration or viewing information on our site and for technical assistance.  The Palmetto GBA eServices User Manual (PDF) also is available to address technical questions/topics.  Please do not transmit or email sensitive information to us for the purpose of corrections or updates.  You may print a copy of information displayed on these websites.


Federal Privacy Act of 1974
"The Freedom of Information Act (FOIA) was enacted in 1967 as an amendment to the ‘Public Information’ section of the Administrative Procedures Act. The purpose of the Freedom of Information Act was to reach a workable balance between the right of the public to know and the need of the Government to keep information in confidence, to the extent necessary, without permitting indiscriminate secrecy." Groups of records that contain information about an individual and are designed to be retrieved by the individual's name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

Methods we use to protect data collected through our websites

  • To utilize some services on our websites, you are required to create an account involving a username and password. You are responsible for keeping your password secure.
  • We regularly review our security controls (administrative, physical, technical) to minimize the likelihood of unauthorized access to our websites.
  • We permit only employees or contractors who need to access collected data in order to efficiently operate our websites and conduct transactions with you. These employees and contractors are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Children & Privacy on and eServices portal

We believe it’s important to protect the privacy of children online.  The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 13.  Our sites ( and eServices portal) are not intended to solicit information of any kind from children under age 13.  Also, we do not knowingly collect or use information from children under the age of 18 without the consent of a parent or guardian.  To best protect your child's privacy, you should please supervise your child's access to the Internet, and our sites’ content, carefully.  For more information on how to protect your child's privacy, you can visit the Federal Trade Commission's Kids' privacy page, accessible via

Retention and Destruction

Data we collect through our websites are kept long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) Sections GRS 3.1, GRS 3.2 and GRS 4.1 and will be retained and destroyed according to the requirements of the schedules set out therein. (Visit

Privacy Policy Changes
If we decide to change our privacy promise for our websites, and the eServices portal, we will post those changes here so that you will always know what information we gather, how we might use that information and whether we will disclose it to anyone.

Links to other sites
As you navigate our websites, and the eServices portal, you will be able to link to other affiliated sites. Please note that Palmetto GBA provides these links for your convenience, but inclusion of the link does not imply endorsement by Palmetto GBA. Furthermore, the linked sites are not under our control, and we are not responsible for the contents of any linked site or any link contained as a linked site. For this reason, we encourage you to look at the privacy policies of those specific sites.

Privacy Contacts & Resources


Privacy Officer
Palmetto GBA's Privacy Officer may be reached at:

Email Address:  

Mailing Address:
Privacy Officer
Post Office Box 100134
Mail Code: AG-A02
Columbia, SC  29202-3134

eServices (portal):  
“Terms and Conditions”
“Palmetto GBA eServices User Manual” (PDF)


Privacy Questions and Concerns
Please note that the “MEDICARE” section of the website and the website eServices portal are specific to medical professionals, such as Physicians, Home Health and Hospice organizations, Hospitals, DME Suppliers, etc.  If you are a Medicare beneficiary and have a privacy question or concern, please contact Medicare via one of the methods listed below:

Toll Free Telephone: 1-800-Medicare (1-800-633-4227)
TTY: (877) 486-2048 

Mailing Address:
Medicare Beneficiary Contact Center
P.O. Box 1270
Lawrence, KS 66044

If you are a Medicare provider or other entity and have a privacy question or concern, please contact the Palmetto GBA Privacy Officer using the contact information on this web page.

Please visit for more information about the Medicare Program, including Medicare privacy policies and additional contact information.

Privacy Policy for the Centers for Medicare and Medicaid Services (CMS)
Information regarding the CMS Privacy Policy is available on the CMS website.

Was this article helpful?