Skip main navigation

Military Health System

Hurricane Milton & Hurricane Helene

Emergency procedures are in place in multiple states due to Hurricane Milton & Hurricane Helene. >>Learn More

Skip subpage navigation

Privacy Board

The Privacy and Civil Liberties Office (PCLO) established a Health Insurance Portability and Accountability Act (HIPAA) Privacy Board, otherwise known as the DHA Privacy Board, to provide HIPAA Privacy Rule reviews and documentation for researchers that seek to use and/or disclose protected health information (PHI) managed by DHA. The DHA Privacy Board is critical for DHA’s compliance with the HIPAA Privacy Rule (45 CFR 160 & 164) and Department of Defense (DOD) Health Information Privacy Regulation (DOD 6025.18-R).

More information on the establishment of the DHA Privacy Board can be found here: Memorandum for the Establishment of a TMA Privacy Board and Revision of Section C7.9.1 of Department of Defense (DOD) Health Information Privacy Regulation (DOD 6025.18-R).

Privacy Board Annual Report

The DHA Privacy Board releases an Annual Report each calendar year, highlighting the achievements of the Board, providing information about the direction of the Board in the upcoming year, and acknowledging the Board members who volunteer both expertise and time to the effort of the DHA Privacy Board. The most recent annual report is accessible below:

Board Members

As required by the HIPAA Privacy Rule and DOD Health Information Privacy Regulation (DOD 6025.18-R), the DHA Privacy Board:

  • Has members of varying and appropriate professional competency as necessary to review the effect of the research protocol on the individual’s privacy rights and related interests
  • Includes at least one member who is not affiliated with the HIPAA covered entity (DHA within the Military Health System), not affiliated with any entity conducting or sponsoring the research, and not related to any person who is affiliated with any of such entities
  • Does not have any member participating in a review of any project in which the member has a conflict of interest

You also may be interested in...

Fact Sheet
May 7, 2014

DHA Privacy Board Review Process for Research Related Data Requests

.PDF | 97.21 KB

This flowchart outlines the process the DHA Privacy Board uses to review research related data requests for protected health information (PHI) about individual research participants for Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule compliance.

Fact Sheet
May 7, 2014

Prerequisites to DHA Privacy Board Review

.PDF | 89.81 KB

This flowchart outlines the requirements that must be initiated before the DHA Privacy Board reviews a research project for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Department of Defense (DoD) Health Information Privacy Regulation (DoD 6025.18-R).

Report
May 7, 2014

DHA Privacy Board Annual Report Fiscal Year 2013

.PDF | 2.34 MB

This report highlights the major accomplishments of the TMA Privacy Board during FY13. There were three new significant developments that required the Board to adjust some of its processes: 1) A careful study of the streamlining possibilities in viewing the MHS as a HIPAA single covered entity; 2) Clarifying advice received regarding information ...

Presentation
Aug 29, 2012

TRICARE Management Activity’s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board

.PDF | 386.67 KB

This Presentation provides an overview on the Defense Health Agency Privacy and Civil Liberties Office (Privacy Office) functions, including the Human Research Project Program, the Data Sharing Agreement Program, and the DHA Privacy Board’s Health Insurance Portability and Accountability Act Privacy Rule reviews. This presentation took place at the ...

Form/Template
Aug 1, 2012

Principal Investigator Certification

.PDF | 1.73 MB

Use this form if a Research Authorization Review template and an Authorization are approved by the DHA Privacy Board, a Principal Investigator (PI) will be required to sign a Principal Investigator Certification. Among other requirements, the certification ensures that the PI will maintain, electronically and/or in hard copy, the signed Authorization ...

Form/Template
Aug 1, 2012

Research Authorization Review

.PDF | 1.60 MB

Use this form if the researcher intends to obtain HIPAA Authorizations, also known as “Authorizations,” from research participants to comply with the HIPAA Privacy Rule, the PI must submit to the DHA Privacy Board a copy of the blank Authorization(s) to be used in the project and the completed Research Authorization Review. The DHA Privacy Board will ...

Form/Template
Aug 1, 2012

DHA Privacy Board Application for a Waiver of Authorization or an Altered Authorization

.PDF | 1.57 MB

Use this form if the researcher has not received documentation from an Institutional Review Board (IRB) or HIPAA Privacy Board approving a waiver or alteration of Authorizations and reasons exist that make it impractical or impossible for the researcher to obtain Authorizations from each research participant, the PI may submit an Application for a ...

Form/Template
Aug 1, 2012

Required Representations for Research on Decedents Information

.PDF | 507.64 KB

Use this form if the researcher intends to conduct research that is solely on the protected health information (PHI) of decedents, the PI may submit this template to document the required representations, as outlined above, that are necessary for compliance with the HIPAA Privacy Rule and Department of Defense (DOD) Health Information Privacy ...

Form/Template
Aug 1, 2012

Required Representations for Review Preparatory to Research

.PDF | 1.63 MB

Use this form if the researcher intends to conduct a review of PHI to prepare for a research protocol or for similar purposes preparatory to research (e.g., for recruitment or screening purposes) and agrees not to remove the PHI from DHA, the PI may submit this template to document the required representations, as outlined above, that are necessary ...

Policy
Apr 13, 2009

Memorandum: Establishment of a TMA Privacy Board and Revision of Section C7.9.1 of Department of Defense Health Information Privacy Regulation

.PDF | 103.62 KB

This Memorandum approves the request for an exception to the policy permitting the establishment and use of a TRICARE Management Activity (TMA) Privacy Board for the limited purpose of reviewing research requests in which the research involves MHS protected health information (PHI) owned and/or managed by TMA.

  • Identification #: N/A
  • Type: Memorandum
Last Updated: July 10, 2024
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on X Follow us on YouTube Sign up on GovDelivery