Back to Top Skip to main content

DHA Privacy Contract Language

The Military Health System (MHS) must comply with Federal law protecting the privacy and security of personally identifiable information and protected health information (PII/PHI), as well as with other Federal information laws. Therefore, standard language to require compliance must be included whenever a solicitation is issued or a contract awarded (or other agreement is entered into) if performance involves PII/PHI.

For contracts awarded by or for the Defense Health Agency (DHA), see:

  • DHA Standard Contract Language
  • Procurement Directorate guidance at PGI 224.1-90

That guidance explains how to incorporate by reference all or part of the DHA Standard Contract Language in contract documents.  

For contracts or other agreements used by MHS components other than DHA, see:

Please note that the linked documents are subject to change.

Contractor Personnel Access to Health Affairs (HA)/DHA Network/DoD Systems

Please find all pertinent information at:

Administration and Management Directorate (A&MD)
Mission Assurance Division
Personnel Security Branch
7700 Arlington Blvd
Falls Church, VA 22042

Phone: 1-703-681-6777
Secure Fax: 1-703-681-0810

You also may be interested in...

PGI 224.1-90: Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements

Policy

This PGI provides standard language that shall be included in all purchased and non-purchased care solicitations and contracts where the contractor’s performance involves access to PII/PHI (unless those solicitations and contracts incorporate the TRICARE Manuals in their entirety, in which case this PGI does not apply).

DHA Standard Contract Language

Policy

This Section addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DoD issuances.

DHA Privacy Office Standard Contract Language

Form/Template
7/6/2017

This Section addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DoD issuances.

Recommended Content:

Privacy and Civil Liberties | DHA Privacy Contract Language

Decision Tree Matrix for Contracts with PII/PHI

Fact Sheet
9/6/2016

Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements

Recommended Content:

Privacy and Civil Liberties | DHA Privacy Contract Language

Examples of PII

Fact Sheet
5/1/2014

Personally identifiable information (PII) is information that identifies, links, relates, or is unique to, or describes you. This also includes information which can be used to distinguish or trace your identity and any other personal information which is linked or linkable to you.

Recommended Content:

Privacy Act at DHA | Privacy Impact Assessments | HIPAA Compliance within the MHS | How HIPAA Protects You | Submit a Data Sharing Application | Breaches of PII and PHI | Freedom of Information Act | DHA Privacy Contract Language | Human Research Protections | Privacy Act and HIPAA Privacy Training

HIPAA Compliant Business Associate Agreement

Policy

The HIPAA Compliant Business Associate Agreement complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules).

<< < 1 > >> 
Showing results 1 - 6 Page 1 of 1

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.