Announcing CMS’s New AI Best Practices

This blog is to announce the release of CMS's Artificial Intelligence Best Practices

Published on: 11/20/2025

Announcing CMS’s New AI Best Practices: Supporting Safe, Smart, and Responsible Use

Artificial intelligence is becoming a bigger part of how we work at the Centers for Medicare & Medicaid Services (CMS). From helping us analyze information more efficiently to supporting customer service, AI tools—especially Generative AI Tools (GATs)—are showing up in more of our daily workflows. With that growth comes a shared responsibility to use these tools safely, ethically, and in ways that protect the people we serve.

We're releasing the new AI Best Practices to guide employees, contractors, and partners in the responsible use of AI across the agency. Be on the lookout in early 2026 as we are working diligently to release the new policy regarding the use of Artificial Intelligence throughout CMS.

These best practices focus on one central goal: supporting innovation while safeguarding sensitive information, including Personally Identifiable Information (PII) and Protected Health Information (PHI).

You can find the Best Practices memorandum at:

See all blog posts

About the publisher

The Information Security and Privacy Policy Team (also known as CMS CISO Team) manages the policies, standards, and guidance that keep information and systems safe at CMS. Our goal is to help you understand requirements and apply them effectively in your project environments – so you can focus on delivering value to CMS beneficiaries and customers.

View all posts by Policy