CDS Connect Privacy Statement

Thank you for visiting the AHRQ Clinical Decision Support (CDS) website and for reviewing our Privacy Policy.

This website is maintained as a public service to provide information on healthcare research and quality from the Agency for Healthcare and Research Quality (AHRQ), a component of the U.S. Department of Health and Human Services (HHS).

  • We collect no personal information about you when you visit our Web site unless you choose to provide that information to us.
  • Any personal information you chose to provide is protected by security practices.
  • Non-personal information related to your visit to our website may be automatically collected and temporarily stored.
  • HHS does not disclose, give, sell, or transfer any personal information about our visitors unless required for law enforcement or by Federal law.

Health Information Privacy

For more information on your health information privacy and security rights, or on the HIPAA Privacy and Security Rules, visit the HHS Office for Civil Rights.

Privacy Act Information

You may also want to read information about the Privacy Act at HHS. If you have privacy questions or issues, contact an HHS Privacy Official. Also see the Privacy Act of 1974 (Department of Justice).

Personal Information Voluntarily Submitted to HHS

If you choose to provide HHS with personal information -- for example by completing a “Contact Us” form, establishing an account, subscribing to updates, sending an email, or completing a survey -- we may use that information to respond to your message and/or help us get you the information or services you requested. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website; however, it is required to enable certain features like subscription updates.

We retain information to respond to your outreach. If you subscribe to notifications (e.g., occasional updates about CDS Connect, updates on specific artifacts), we will retain your name, email and subscription preferences to accommodate and manage your request. This information will be deleted if you request that the subscription be cancelled.

If you create an account to use the CDS Authoring Tool or contribute a CDS artifact, we will retain your name, username, email address, role (e.g., “author”, “editor”), and any CDS you developed in the Authoring Tool or published on the Repository. If you request that your account be deleted, we will delete your name, username, email address and role. If requested, we will also remove your artifacts published on the Repository.

Be aware that all information entered in Repository metadata fields will be publicly displayed once the artifact is published. Do not enter any personally identifiable information in the fields unless you explicitly intend to publicly share the information (e.g., providing an email address for viewers to contact you with questions). CDS Connect administrators will not publish metadata that include a social security number or phone number, nor will they publish your account information.

Information submitted electronically is maintained and destroyed as required by the Federal Records Act and records schedules of the National Archives and Records Administration. It may be subject to disclosure in certain cases (for example, if required by a Freedom of Information Act request, court order, or Congressional access request, or if authorized by a Privacy Act System of Records Notice). It is subject to the Privacy Act if maintained in a Privacy Act system.

For more information, see:

Information Automatically Collected and Stored

When you browse through our website, we use Google’s Universal Analytics (UA) software to gather and temporarily store a variety of information about your visit. However, this information cannot be used to identify you as an individual. The basic information we collect during your visit includes:

  • The name of the domain you use to access the Internet (for example, Verizon.com, if you are using a Verizon online account, or stanford.edu, if you are connecting from Stanford University's domain);
  • The date and time of your visit to our website;
  • The pages and documents you viewed on our website;
  • The URL of the website you visited prior to ours;
  • The type and version of your Web browser and operating system; and
  • Your location at the time of your visit, down to the city-level

We do not associate any of the data we collect with you as an individual. Instead, we aggregate this data from all visits in order to improve our website and provide a better user experience to our visitors. The aggregate data is available only to Web managers and other designated staff who require this information to perform their duties. It is retained only for as long as needed for proper analysis.  The Google Analytics Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/

Web Measurement and Customization

We use Web measurement and customization technologies, such as cookies, to help our website function better for visitors and to understand better how the public is using our site.

Google Analytics: HHS may employ tools provided by Google Analytics to support Display Advertising, including Remarketing, Google Display Network Impression Reporting, data collection via advertising cookies and anonymous identifiers, the DoubleClick Campaign Manager integration and/or Google Analytics Demographics and Interest Reporting. In general, this means that third-party vendors, including Google, may show HHS ads on sites across the Internet based upon visits to HHS websites. To implement these tools, HHS and third-party vendors, including Google, use first-party cookies and third- party cookies together to inform, optimize, and serve ads based on past visits to HHS websites. The Google Analytics Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/


Websites can automatically place small text files, known as “cookies,” on the computers of their visitors. So long as they do not expire or get deleted, cookies identify the unique browser used by the visitor.  On each subsequent visit to the website, the visitor’s browser will retrieve the cookie, allowing us to aggregate the number of return visitors. HHS uses “cookies” to test and optimize our website design and content. We use two types of cookies on our websites:

  • We use session cookies to gather data for technical purposes, such as improving navigation through our website and generating statistics about how the website is used. Session cookies are temporary text files that expire when you leave our website. When cookies expire, they are automatically deleted from your computer. We do not use session cookies to collect personal information, and we do not share data collected from session cookies.
  • Multi-session cookies, a.k.a. persistent cookies, are cookies that are stored over more than a single session on your computer. We only use multi-session cookies for users with authenticated accounts on CDS Connect. Our multi-session cookies are set to expire after your last visit to our Web site. After that, they are automatically deleted from your computer. Our use of multi-session cookies is defined as "Tier 2" usage in accordance with the OMB Memorandum (M)-10-22 Guidance for Online Use of Web Measurement and Customization Technologies.

Personally Provided Information

You do not have to give us personal information to visit our website.

If you choose to provide us with additional information about yourself through an E-mail message, form, survey, etc., we use that information only to respond to your message or to fulfill the stated purpose of the communication. The information provided is handled on a confidential basis within the agency. You have the option of providing a contact email address within Repository metadata fields to facilitate dialogue about your contribution. Please note that publicly sharing a contact email address is optional and can be deleted from the publicly available metadata at any time.

Be aware that E-mail is not necessarily secure against interception. If your message is sensitive, you may prefer to send it by postal mail instead.

All communications to the website mailbox and customer feedback form are archived on a monthly basis and destroyed on an annual basis. Some forms also log form data in the database to manage accounts, which is not regularly deleted.


AHRQ does not disclose, give, sell, or transfer any personal information about our visitors, unless required by law enforcement or statute.

Intrusion Detection

For site security purposes and to ensure that this service remains available to all users, we employ software programs to monitor traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Such attempts are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

Website Security

This site is maintained by the U.S. Government. It is protected by federal laws. You can be arrested and prosecuted for violating these laws.

For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.

Links to Other Sites

Our Web site has links to other Federal agencies. We also have selected links to other Web resources. The privacy policy described here does not necessarily apply to those other sites. Once you link to another site, you are subject to the privacy policy of that site.

PDF Help: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, download the latest version of the Reader®.