Skip to main content

Military Health System

Clear Your Browser Cache

This website has recently undergone changes. Users finding unexpected concerns may care to clear their browser's cache to ensure a seamless experience.

Need larger text?

Submitting a FOIA/Privacy Act Request to DHA

Notice: As a result of increases in the Health Protection Condition (HPCON) level, our offices are limited to mission-essential personnel only and maximizing the use of telework for other personnel. This means that we are unable to handle requests sent via traditional methods such as postal mail. During this time, we  can only respond to electronic inquiries while under elevated HPCON levels and request that  when sending information to the DHA Privacy and Civil Liberties Office or the DHA Freedom of Information Act Service Center,  please use the following addresses DHA.PrivacyOfficeMail@mail.mil or DHA.FOIA@mail.mil.

Please refrain from sending personally identifiable information or health related information as these mailboxes do not allow for your encrypted submission. However, in an abundance of caution, you may use the DoD SAFE (Secure Access File Exchange) via https://safe.apps.mil/ to upload and send your personal information. Please reference the above mailbox addresses for your submission. When using SAFE, we request that any personal information being transmitted must be encrypted prior to uploading and the decryption key must then be provided to the recipient(s) by a means other than SAFE. 

Thank you for your understanding during this time. We will update our webpage when we return to normal operations.

Under the Freedom of Information Act, Federal agencies and components are required to make records available to the public unless one of nine (9) specific exemptions authorizes their withholding. 

Before filing a FOIA request with DHA, please visit the DHA Electronic FOIA Library to ensure we have not already proactively released the records you are requesting.

How to Submit a FOIA Request:

DHA’s preferred method of receiving FOIA requests is through the National FOIA portal at www.foia.govFOIA.gov, which provides customized forms for each agency. The site will also provide insight into the FOIA process including what to do before submitting a FOIA request, how to submit a request, and what happens after submitting a request.

All proper FOIA requests must: 1) Be submitted in writing, 2) Include a full name and contact method (i.e. Email address, phone number, and/or mailing address), 3) Reasonably describe the records sought, and 4) State a willingness to pay fees.

Methods for Submitting FOIA Requests to DHA:

How to Submit a Request for Medical Records:

First-Party Requests (Beneficiaries requesting their own records)

  • The request must be submitted in writing and proof of identify is required
    (i.e. Copy of an official Government-issued photo I.D.)
  • Requests for medical file records and amendments to medical files should be submitted directly to the Military Treatment Facilities, as DHA is not in possession of those records
  • First-party requests for TRICARE medical records, from 1985 to present, should be submitted in writing to the above address and must include:
    • Copy of official Government-issued photo identification
    • Beneficiary full name and date of birth (if requester is not the Military Sponsor)
    • Sponsor’s full name, social security number and date of birth
    • Date range of records sought
    • Contact information (Mailing address, Telephone Number and Email Address)
  • Requests for TRICARE records prior to 1985 and other archived medical records should be sent to the National ArchivesNational Archives

Third-Party Requests (Another person/entity requesting records on behalf of the beneficiary)

  • All third-party requests for medical records (both TRICARE records and medical files) must be submitted in writing to:

Defense Health Agency
Attn: General Law Division (FOIA)
16401 East Centretech Parkway
Aurora, CO 80011-9066

  • If you are an attorney or legal services firm, the request must also include a Health Insurance Portability and Accountability Act compliant authorization form (known as DD2870), completed and signed by the beneficiary.
  • Additionally, the beneficiary must stipulate whether or not Sensitive Diagnosis Codes should be released. The request must include a separate form or statement completed by the beneficiary authorizing which individual category of SDC information can be released. If requesting all categories, each SDC must be individually stated. In general, SDC categories include: mental health; drug and/or alcohol abuse; HIV/AIDS; and sexually transmitted diseases.
  • All third-party requests for medical records will be processed solely under the FOIA
Last Updated: July 11, 2023
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on Twitter Follow us on YouTube Sign up on GovDelivery