Back to Top Skip to main content Skip to sub-navigation

Risk Assessment

The DHA Privacy and Civil Liberties Office (PCLO) oversees the protection of personally identifiable information (PII)/protected health information (PHI) within the Military Health System (MHS). To maintain a strong compliance with Health Insurance Portability and Accountability Act (HIPAA) requirements, PCLO has developed the Compliance Risk Assessment (CRA) based on Federal privacy and security laws and DOD regulations and guidance. The primary objective of the CRA is to assist military hospitals and clinics (also known as military treatment facilities, or MTFs) to conduct periodic assessments to evaluate their overall compliance with HIPAA privacy and HIPAA security requirements. Compliance reviews are completed by using the Compliance Risk Assessment (CRA) Tool, which is designed to gauge the healthcare organization’s privacy compliance posture and to identify potential security threats and vulnerabilities.

The privacy assessment is to be completed by the MTF HIPAA Privacy Officer, and the security assessment is to be completed by the MTF HIPAA Security Officer. New for 2022 is the compliance assessment for Privacy Liaisons, who are strategically placed at designated Markets and are tasked to help manage the hospitals and clinics in their region. These liaisons play a critical role in providing administrative oversight and guidance to our MTF HIPAA Privacy Officers and HIPAA Security Officers.

The CRA Tool can be accessed on the PCLO page on Inside DHA (CAC-enabled).

Last Updated: August 29, 2022

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.