Back to Top Skip to main content Skip to sub-navigation

Breach Prevention and Response

What is a Breach?

According to the Department of Defense (DOD), a breach of personal information occurs when the information is lost, disclosed to, accessed by, or potentially exposed to unauthorized individuals, or compromised in a way where the subjects of the information are negatively affected.

Breach Reporting

The Defense Health Agency (DHA) Privacy and Civil Liberties Office (PCLO) coordinates breach reporting within the Military Health System (MHS). Email us if you have questions about breaches or breach reporting within the MHS.

Guidance tools for breach reporting:

You also may be interested in...

HITECH Act

Policy

The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009.

DODI 5200.48: Controlled Unclassified Information

Policy

This issuance establishes policy, assigns responsibilities, and prescribes procedures for CUI throughout the DOD in accordance with Executive Order (E.O.) 13556; Part 2002 of Title 32, Code of Federal Regulations (CFR); and Defense Federal Acquisition Regulation Supplement (DFARS) Sections 252.204-7008 and 252.204-7012. It also establishes the official DOD CUI Registry.

DOD Instruction 6025.18: Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Compliance in DOD Health Care Programs

Policy

This issuance, in accordance with the authority in DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD compliance with federal law governing health information privacy and breach of privacy; integrating health information privacy and breach compliance with general information privacy and security requirements in accordance with federal law and DOD issuances; health information technology, system interoperability, and exchange of electronic health information, in relation to federal law governing health information privacy and breach; and DOD contracting and procurement activities in relation to federal law governing health information privacy and breach.

DD Form 2959: Breach of Personally Identifiable Information (2019)

Form/Template
1/1/2019

This DD2959 form should be filled out when a breach concerning personally identifiable information occurs.

Recommended Content:

Breach Prevention and Response

Guidelines for Reporting Breaches

Form/Template
11/27/2018

This document outlines the DOD reporting and notification requirements for breaches.

Recommended Content:

Breach Prevention and Response

DoD Instruction 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).

Plan of Action and Milestone Template

Form/Template
6/6/2014

This template is used to track plans of action and milestones regarding potential breaches.

Recommended Content:

Breach Prevention and Response

Phishing Overview

Fact Sheet
5/5/2014

An Information Paper that tells what phishing is, how to respond to phishing attacks, and steps to take to avoid becoming a victim of phishing scams.

Recommended Content:

Breach Prevention and Response

Social Networking Overview

Fact Sheet
5/5/2014

An Information Paper that defines social networking, details the Department of Defense's position on this topic, and discusses the responsible use of social networking and Internet-based capabilities.

Recommended Content:

Breach Prevention and Response

Malicious Code Overview

Fact Sheet
5/5/2014

An Information Paper that explains what malicious code is, including the various types, the proper response to a malicious code attack, and steps to take to avoid receiving malicious code on a computer system.

Recommended Content:

Breach Prevention and Response

Examples of PII

Fact Sheet
5/1/2014

Personally identifiable information (PII) is information that identifies, links, relates, or is unique to, or describes you. This also includes information which can be used to distinguish or trace your identity and any other personal information which is linked or linkable to you.

Recommended Content:

Privacy Act at DHA | Privacy Impact Assessments | HIPAA Compliance within the MHS | How HIPAA Protects You | Breach Prevention and Response | Freedom of Information Act | Privacy Contract Language | Research Protections | HIPAA and Privacy Act Training

TMA Guidelines on Protection of Sensitive Information in Electronic Mail

Policy

This Memorandum updates guidelines in Military Health System Chief Information Officer memorandum “Updated Guidelines on Protection of Sensitive Information in Electronic Mail” of September 19, 2008.

Reporting a Breach as Defined by the Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009

Policy

This Memorandum outlines the procedures for the Services for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.

Reporting a Breach as Defined by the Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009

Policy

This Memorandum outlines the procedures for Contractors for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.

Safeguarding Against and Responding to the Breach of PII

Policy

In accordance with the policies outlined in this Memorandum, a risk assessment must be conducted for every breach to determine whether notification to affected individuals is necessary.

<< < 1 2 > >> 
Showing results 1 - 15 Page 1 of 2
Last Updated: September 01, 2022

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.