Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CMS Memorandum of Understanding (MOU)

An agreement between CMS and partner entities that wish to share data between systems to achieve a common goal

Contact: CISO Team | CISO@cms.hhs.gov
slack logoCMS Slack Channel
  • #ispg-sec_privacy-policy

What is a Memorandum of Understanding (MOU)?

A Memorandum of Understanding (MOU) is an important part of any formal arrangement for cooperation between two or more federal agencies. It serves as a statement of intent between the participating organizations to work together to achieve a shared goal. It details the terms of and conditions for the agreement, and broadly outlines the operations needed to achieve the goals.

MOUs are handled by the Office of Acquisitions and Grants Managements (OAGM) at CMS. While federal law dictates the scope of these agreements, details will vary. It depends on factors like:

  • Whether the contract is for goods or services
  • Whether the external party is performing work on behalf of CMS
  • Whether the activity concerns the delivery of healthcare treatment, payment, or operations

 MOUs generally do not include specific information regarding the scope of work, but instead serve as a blueprint for partners to move forward collectively. MOUs are not legal documents, but they can't be altered without the approval of CMS legal counsel. 

MOUs at CMS

Many CMS systems share data with other systems within CMS and across different agencies. To safeguard the data they share, it often makes sense for connected systems to enter into security agreements. An MOU is signed between two or more systems approved under the same Authorization Official (AO) at CMS. The MOU template provides a fillable standard for ease of use. 

Once all parties sign the MOU, the CRA for the system presents the documents to the Authorization Official (AO) for approval. Once approved, the agreement is uploaded to CFACTS and stored for future reference.

If your partner is located outside CMS and their system is approved by a different Authorization Official (AO), you will need an Interconnection Security Agreement (ISA) instead of a MOU.

Memorandum of Agreement (MOA)

This is the same thing as an MOU. At CMS, Memorandum of Agreement (MOA) is now replaced by Memorandum of Understanding (MOU). Some legacy MOAs still remain in use. 

Inter / Intra-Agency Agreement (IAA)

This is a written contract in which a Federal agency agrees to provide to, purchase from, or exchange with another Federal agency:

  • Services (including data)
  • Supplies
  • Equipment

Inter-agency agreements are between at least one component within DHHS and another Federal agency or component thereof. Intra-agency agreements are between two or more agencies within DHHS. Many federal agencies use IAAs as the mechanism for paying data fees.

Administration of MOUs, MOAs, and IAAs

MOUs, MOAs, and IAAs are administered by the Office of Acquisitions and Grants Management (OAGM) within CMS. While federal law dictates the scope of these agreements, many of the particulars vary and may depend on whether the contract is for goods or services; whether the external party is performing work on behalf of CMS; or whether the activity concerns the delivery of healthcare treatment, payment, or operations. 

To learn more about the agreements available from OAGM, contact InteragencyAgreements@cms.hhs.gov.

Related documents and resources