Contents
Web Products
Clearances
Accessibility (508)
Linking
Web Development and Redesign
Technical Assistance for Web Tools
Source Code
Usability
Browsers
Domain Names
Privacy Considerations
Electronic Freedom of Information Act
Security
The Office of Communications (OC) maintains the Ƶwebsite and oversees a number of additional Ƶsites, some of which are managed by contractors. All websites must be fully accessible to users, comply with applicable laws and regulations, adhere to web standards and best practices, and display AHRQ’s brand.
This section highlights issues contractors must address when developing websites and products that will be publicly available. For guidance on application and systems development, refer to Appendix 2-A.
- Direct all questions and requests for guidance about developing or redesigning websites or tools to Tonya McCarther.
- Contact your managing editor for guidance on any web products, such as PDFs and webinars, you will be posting. If you are uncertain as to the managing editor for your project, contact Bruce Seeman.
The Grantee Guidelines section contains legal and policy requirements for grant products.
Web Products
All AHRQ-funded websites must identify Ƶas the primary sponsor, through the:
- Website URL. The URL must contain Ƶunless the contractor obtains a domain name waiver from the HHS Secretary. A web resource should either be a folder on the main Ƶwebsite (for example, www.ahrq.gov/x/) or a third-level domain of the website (for example, https://x.ahrq.gov).
- HHS and Ƶlogos. The HHS and Ƶlogos will be featured prominently on the website and in materials used to market the site. Contact Tonya McCarther for the standard web banner and footer.
- Home page format. The website home page has common design and navigation elements so all Ƶwebsites look as though they belong to HHS and AHRQ. Ƶsites must include the standard banner and footer. The header and footer contain mandatory elements and links, and contractors cannot modify their content. The Ƶweb team will provide technical specifications and templates for developers designing web resources that will appear on the Ƶmain site.
Contractors must submit all new or updated content for Ƶwebsites to a managing editor for review before it is posted on an Ƶwebsite.
Nothing marked "draft" or “under construction” will appear on the Ƶsite, nor will placeholders be used for content that does not exist.
Clearances
Ƶand HHS must approve new and redesigned websites prior to launch. ƵOffices and Centers should contact Tonya McCarther, who will coordinate HHS review and approval.
Contractors who maintain Ƶthird-level domains must review web postings twice a year for appropriateness and currency. If you have questions about whether material is appropriate, contact your OC managing editor.
Accessibility (508)
All websites and material posted on Ƶwebsites must be fully accessible to people with disabilities and comply with requirements under Section 508 of the Rehabilitation Act.
Contractors must provide equivalent alternatives for audio and visual information, such as providing alternative descriptive text for images for visually impaired people and captioned video files for hearing impaired people. Contractors must provide online transcripts for all audio. For standards and guidance, visit the . For more information about accessibility, go to Appendix 2-B, Accessibility and the Revised 508 Standards.
The HHS 508 Team reviews all new and redesigned sites for 508 compliance and approval before launch. Tonya McCarther coordinates this process. Both OC and HHS can review sites during the development stage. For details, contact the managing editor.
Linking
Links to websites outside the .gov domain constitute an implied endorsement and create a business advantage for the linked sites. The Office of Management and Budget (OMB) requires agencies to conduct a risk assessment of external links, and potential links need to be assessed against HHS and Ƶlinking policies and criteria. Contractors must assess links according to the Ƶlinking policy in Appendix 2-C and must comply with the .
Web Development and Redesign
Ƶcan provide technical assistance to ensure deliverables meet the requirements outlined in this section. Please work with the project officer, managing editor, and web team to begin development. For guidance on websites, visit the . Also refer to .
Technical Assistance for Web Tools
If a tool posted to the website requires users to seek technical assistance, provide the following information:
- Instructions on how to use the tool
- Name, telephone number, and email address for the individual to contact for technical assistance
- Mechanism for future updates and revisions, if applicable
Source Code
Software and products resulting from Ƶprojects must be easily available to other users and developers. The best way to ensure adoption and implementation is to have a web-based final product that is platform independent. Contractors must coordinate with Ƶon infrastructure requirements for housing any robust back-end applications before development.
Contractors must deliver source code for any technical application to the ƵContracting Officer’s Representative or Task Order Officer with the product. Doing so provides Ƶwith the knowledge of how the application was created and enables the Agency to make corrections, updates, or conversions to keep pace with technological changes once the product is released.
Usability
Contractors must include usability testing, evaluation, and modification as an integral and recurring part of the development effort. HHS provides a set of research-based .
Websites and applications, including mobile sites and apps, must be available for evaluation using usability heuristics before release. Contractors must document feedback and coordinate issue resolution with OC.
Browsers
The latest list of supported browsers and platforms follows:
- Chrome 62.x (Windows 7, Windows 10, Samsung Galaxy S7 with Android 7.x)
- Firefox 56.x (Windows 10)
- Safari 11.x (iPhone 6 with iOS 11, Mac OSX10.11)
- Microsoft Edge 16 (Windows 10).
Domain Names
The OMB issued a freeze on new .gov domain names (X.gov) in 2011. Third-level .gov domain names (X.ahrq.gov) can be requested through Tonya McCarther.
Domain names for any web resource paid for in whole or in part by Ƶmust be registered as .gov domains by Ƶthrough HHS with the General Services Administration (GSA) unless Ƶobtains a waiver from the HHS Secretary. The .gov domain name will be indexed by USA.gov, the GSA portal for Government-funded resources.
Contractors and nongovernment employees cannot register domain names for an Ƶsite. Contractors must coordinate domain name requests with Tonya McCarther, who can advise on current policy.
Domain names other than .gov can be used only if the HHS Secretary grants a waiver to existing policy. If an Ƶsite uses other domains, such as .org, .net, .edu, and .com, the .gov domain must be registered and be the primary domain.
Privacy Considerations
Privacy policy. Each Ƶsite will display the standard Ƶfooter, which includes a link to AHRQ’s privacy policy. OC staff members periodically audit Ƶsites to ensure they observe the privacy policy.
Privacy impact assessment. Ƶconducts a privacy impact assessment to determine what kind of personal information is contained within Ƶsystems and how that information is used and protected. Contractors may need to prepare and publish a Privacy Act system notice when users must register on a site if the registrations represent a group of records under the control of the Agency or the contractor that can be retrieved by a personal identifier. This system notice goes through several levels of review, including the HHS Office of General Counsel, and is published in the Federal Register. Contractors must work in coordination with Ƶstaff for submission of the Privacy Act system notice, to adopt or modify the general privacy policy of the Ƶmain website, and to respond to questions on the privacy impact assessment worksheet. Contact Tim Erny in AHRQ’s Office of Management Services’ Division of Information Technology for more information on the privacy impact assessment.
Use of cookies. Ƶsites can use persistent cookies and other measurement and customization techniques if certain issues, such as privacy, are addressed (refer to ).
Website mailbox and records management. Each Ƶwebsite must include a "Contact Us" link for customers to submit comments or questions. Website email is subject to the same privacy and records management considerations that affect the overall website, as well as HHS standards for handling inquiries and customer feedback. Each Ƶwebsite must also provide relevant frequently asked questions.
Contractors who manage Ƶsites must maintain the site’s website mailbox, update the site’s frequently asked questions, and maintain an electronic archive of responses. Per HHS recordkeeping standards, all emails must be archived for 2 years. After 2 years, the contractor will review the archive to determine if the contents should be retained. Contractors must submit the number of inquiries handled during each fiscal year to Tonya McCarther for inclusion in web metrics for Agency reporting under the Government Performance Reporting Act.
For guidance on records management requirements, go to .
Electronic Freedom of Information Act
AHRQ’s standard footer provides a link to the ƵFreedom of Information Act (FOIA) page. This link is mandatory and provides access to AHRQ’s electronic FOIA library and materials that can be requested under FOIA in electronic form.
Security
Contractors must protect Ƶwebsites against intrusion, corruption, and compromise of content. GSA periodically audits and evaluates web resources for security. Contractors must document and report any attack on Ƶweb resources to their project officer, who will report them to the HHS Inspector General via ƵInformation Security & Privacy Team.
Contractors must establish and maintain security for Ƶwebsites according to Ƶand HHS policies and procedures. Tonya McCarther can assist in defining and implementing applicable security requirements.
