Back to Top Skip to main content

HIPAA Compliance within the MHS

The Health Insurance Portability and Accountability Act (HIPAA) applies to your protected health information (PHI). Your PHI is any information that:

  • Identifies you;
  • Is about your health or demographics;
  • Is maintained by a covered entity or business associate; and
  • Is related to your treatment, your medical condition, and the related payment for that condition as maintained by a covered entity or business associate.

The Defense Health Agency (DHA) Privacy and Civil Liberties Office (Privacy Office) helps the Military Health System (MHS) comply with the following HIPAA Rules:

  • The HIPAA Privacy Rule defines how your PHI should be safeguarded, limits when it can be used and disclosed without your authorization, and ultimately gives you some control over your own PHI.
  • The HIPAA Security Rule defines how your PHI should be protected and transferred when maintained electronically. 
  • The HIPAA Breach Notification Rule defines when your PHI has been inappropriately used or disclosed (see Breaches of PII and PHI page) and describes the breach response obligations of a covered entity.

The Chief of the DHA Privacy Office is the appointed HIPAA Privacy Officer and HIPAA Security Officer, and has authority over the HIPAA Privacy and Security programs at DHA.

For more information DHA’s HIPAA compliance program, please read the DHA’s HIPAA Privacy and HIPAA Security Core Tenets Policy Statement.

You also may be interested in...

DoD Instruction 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).

Health Information Privacy HIPAA Complaint Form

Form/Template
11/3/2014

The Health Information Privacy HIPAA Complaint Form is used by DHA to proceed with a complaint. DHA uses the information provided to determine if DHA has jurisdiction and, if so, how to process your complaint.

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS

DoD Directive 5400.11: Department of Defense Privacy Program

Policy

This Regulation is reissued under the authority of DoD Directive 5400.11, “DoD Privacy Program,” May 8, 2007. It provides guidance on section 552a of title 5 United States Code (U.S.C.), the Privacy Act of 1974, as amended, and prescribes uniform procedures for implementation of the DoD Privacy Program.

Designation of a DHA HIPAA Privacy Officer and HIPAA Security Officer

Policy

This Policy Statement establishes policy and details the core tenets of the HIPAA Privacy and Security Rules at DHA for the use, disclosure, and protection of protected health information (PHI).

General Mapping of HIPAA Security Rule to Existing DoD Policies and IA Controls

Fact Sheet
5/14/2014

This document represents an updated mapping of the HIPAA Security Rule to select DoD policies and IA controls. It does not constitute the rendering of legal advice or an exhaustive list of all possible mappings of the Security Rule to DoD policies or IA controls. The document is intended to provide general information and to allow different ...

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS

Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules (45 C.F.R. Parts 160 and 164)

Policy

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. Refer to 45 C.F.R. Parts 160 and 164 for additional information.

Examples of PII

Fact Sheet
5/1/2014

Personally identifiable information (PII) is information that identifies, links, relates, or is unique to, or describes you. This also includes information which can be used to distinguish or trace your identity and any other personal information which is linked or linkable to you.

Recommended Content:

Privacy Act at DHA | Privacy Impact Assessments | HIPAA Compliance within the MHS | How HIPAA Protects You | Submit a Data Sharing Application | Breaches of PII and PHI | Freedom of Information Act | DHA Privacy Contract Language | Human Research Protections | Privacy Act and HIPAA Privacy Training

DoD/Veterans Affairs (VA) Sharing Memorandum of Understanding (MOU)

Policy

This MOU establishes a framework governing inter-Departmental transfer of PIII/PHI of beneficiaries who receive health care and/or other benefits from either Department. This MOU revises the MOU on "Defining Data-Sharing Between the Departments," executed in May and June of 2005.

HIPAA Compliant Business Associate Agreement

Policy

The HIPAA Compliant Business Associate Agreement complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules).

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - Portuguese - European

Brochure
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Portuguese - European, measuring 8.5” x 11” (vertical).

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version (portrait)

Brochure
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure, measuring 8.5” x 11” (vertical).

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print Ready Version - Arabic

Brochure
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Arabic, measuring 8.5” x 11” (vertical).

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version (tri-fold)

Brochure
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, tri-fold version of the brochure, measuring 8.5” x 14” (landscape/2-sided).

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - Chinese - Simplified

Brochure
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Chinese - Simplified, measuring 8.5” x 11” (vertical).

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - Chinese - Traditional

Brochure
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Chinese - Traditional, measuring 8.5” x 11” (vertical).

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS | Notice of Privacy Practices
<< < 1 2 3 > >> 
Showing results 1 - 15 Page 1 of 3

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing: Download a PDF Reader or learn more about PDFs.