Skip to main content

Military Health System

HIPAA Compliance within the MHS

The Health Insurance Portability and Accountability Act (HIPAA) applies to your protected health information (PHI). Your PHI is any information that:

  • Identifies you;
  • Is about your health or demographics;
  • Is maintained by a covered entity or business associate; and
  • Is related to your treatment, your medical condition, and the related payment for that condition as maintained by a covered entity or business associate.

The DHA Privacy and Civil Liberties Office (PCLO) helps the Military Health System (MHS) comply with the following HIPAA Rules:

  • The HIPAA Privacy Rule defines how your PHI should be safeguarded, limits when it can be used and disclosed without your authorization, and ultimately gives you some control over your own PHI.
  • The HIPAA Security Rule defines how your PHI should be protected and transferred when maintained electronically. 
  • The HIPAA Breach Notification Rule defines when your PHI has been inappropriately used or disclosed (see Breaches of PII and PHI page) and describes the breach response obligations of a covered entity.

The Chief of the DHA Privacy Office is the appointed HIPAA Privacy Officer and HIPAA Security Officer, and has authority over the HIPAA Privacy and Security programs at DHA.

For more information DHA’s HIPAA compliance program, please read the DHA’s HIPAA Privacy and HIPAA Security Core Tenets Policy Statement.

You also may be interested in...

HIPAA Compliant Business Associate Agreement

Policy

The HIPAA Compliant Business Associate Agreement complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules).

DOD Instruction 6025.18: Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Compliance in DOD Health Care Programs

Policy

This issuance, in accordance with the authority in DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD compliance with federal law governing health information privacy and breach of privacy; integrating health information privacy and breach compliance with general information privacy and security requirements in accordance with federal law and DOD issuances; health information technology, system interoperability, and exchange of electronic health information, in relation to federal law governing health information privacy and breach; and DOD contracting and procurement activities in relation to federal law governing health information privacy and breach.

Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules (45 C.F.R. Parts 160 and 164)

Policy

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. Refer to 45 C.F.R. Parts 160 and 164 for additional information.

DoD/Veterans Affairs (VA) Sharing Memorandum of Understanding (MOU)

Policy

This MOU establishes a framework governing inter-Departmental transfer of PIII/PHI of beneficiaries who receive health care and/or other benefits from either Department. This MOU revises the MOU on "Defining Data-Sharing Between the Departments," executed in May and June of 2005.

DoD Instruction 6025.18: Privacy of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This Instruction reissues DoD Directive (DoDD) 6025.18 as a DoD Instruction in accordance with the authority in DoD Directive 5124.02. It also establishes policy and assigns responsibilities for implementation of the standards for privacy of individually identifiable health information in accordance with parts 160 and 164 of title 45, Code of Federal Regulations.

Health Affairs (HA) Policy 05-018, Expediting Veterans Benefits to Members with Serious Injuries and Illness

Policy

This Memorandum outlines the roles of the Department of Veterans Affairs (VA) and the Department of Defense (DoD) in identifying an initiative to expedite data exchange between the DoD and the VA for "seriously injured" members, and those members entering the Physical Evaluation Board Process. The goal is to assist the VA in its efforts to better ensure members are aware of their benefits and that these benefits start as soon as possible when the member is eligible.

HIPAA Security Officer Letter - TRICARE Regional Office

Policy

This letter outlines the roles of the HIPAA Security Official at the TRICARE Regional Offices. This person oversees all ongoing activities related to the development, implementation, and maintenance of the organization’s policies and procedures covering the security of electronic patient information.

HIPAA Security Officer Letter - Service Headquarters

Policy

This letter outlines HIPAA Security responsibilities for Service specific policy and procedure development and implementation. A Service Headquarters level HIPAA Security Official in each Service is needed.

HIPAA Security Officer Letter - MTF/DTF

Policy

This letter outlines the requirements for Medical Treatment Facility and Dental Treatment Facility (MTF/DTF) personnel to be assigned the responsibility of managing and supervising the execution and use of security measures to protect data as well as the responsibility of managing and supervising the conduct of personnel in relation to those measures.

Federal Register Notice: DoD Health Information Privacy Program, April 14, 2003

Policy

Federal Register Notice for the April 14, 2003 DoD Health Information Privacy Program, published April 9, 2003

Health Insurance Reform: Security Standards - 45 CFR Parts 160, 162, and 164

Policy

This final rule adopts standards for the security of electronic protected health information (PHI) to be implemented by health plans, healthcare clearinghouses, and certain healthcare providers.

Military Treatment Facilities (MTF) Defense Health Agency (DHA) Health Insurance Portability and Accountability Act (HIPAA) Privacy Officers Appointment Request Letter and Roles & Responsibilities

Policy

This document outlines the roles and responsibilities for the HIPAA Privacy Officer.

Public Law 104-191

Policy

The purpose of this document is to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

Showing results 1 - 13 Page 1 of 1
Last Updated: October 21, 2022
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on Twitter Follow us on YouTube Sign up on GovDelivery