Back to Top Skip to main content Skip to sub-navigation

Privacy and Civil Liberties

The Defense Health Agency Privacy and Civil Liberties Office is responsible for safeguarding Military Health System (MHS) individuals and information by administering compliance programs. We oversee the protection of personally identifiable information (PII)/protected health information (PHI) within the MHS, one of the largest integrated health care delivery systems in the United States, serving more than 9.6 million eligible beneficiaries.

Our Mission

Ensure vigilance in the protection of privacy information and promote compliance across the organization.

What We Do

We support MHS compliance with Federal privacy and security laws, and Department of Defense (DOD) regulations and guidance. This includes managing and evaluating potential risks and threats to the privacy and security of MHS health data by performing critical reviews through:

  • Evaluation of privacy and security safeguards, including conducting annual Health Insurance Portability and Accountability Act (HIPAA) of 1996 Security Risk Assessments
  • Performance of Internal Privacy Office Compliance Assessments
  • Establishment of organizational performance metrics to identify and measure potential compliance risks
  • Consultation for leadership and the workforce on areas of DHA-level oversight

In addition, the DHA Privacy Office has specific responsibility for various DHA-level areas. We support HIPAA development to comply with Federal laws, DOD regulations, and guidelines governing the privacy and security of PII/PHI, as well as the development and revision of DHA privacy-related plans, policies, and procedures. Key elements include:

  • HIPAA Privacy and Security
  • Privacy Act of 1974
  • Freedom of Information Act (FOIA)
  • Data Sharing Compliance
  • Human Research Protection
  • Training for the Workforce
  • Upholding Civil Liberties

The DHA Privacy Office also engages DHA stakeholders, including employees and contractors, by developing and delivering education and awareness materials and ongoing workforce privacy and HIPAA security training.

You also may be interested in...

Research Repository Template

Publication
1/29/2021

This template is designed to assist the Department of Defense Institutional Review Board with determining if DHA data disclosed to a research study will, in any form (de-identified or otherwise), be placed in a research repository and, if so, the type of data and whether any Health Insurance Portability and Accountability Act (HIPAA) compliance requirements are applicable.

Recommended Content:

Privacy and Civil Liberties | DHA Research Compliance with HIPAA Privacy Rule

IRB Findings Document

Publication
1/29/2021

The IRB HIPAA Compliance Review Findings on Data Requests.

Recommended Content:

Privacy and Civil Liberties | DHA Research Compliance with HIPAA Privacy Rule

Research Repository Template

Form/Template
1/20/2021

The RRT asks researchers whether they intend to put data into a repository, and if yes, what data and under what governance terms.

Recommended Content:

Privacy and Civil Liberties

List of Systems Containing DHA Data

Publication
1/20/2021

Recommended Content:

Privacy and Civil Liberties

5 Tips for Better Data Privacy

Article
1/4/2021
The number 5 against a black background, with the text "5 Tips for Better Data Privacy"

Your privacy matters! Don’t be a target of data theft. Protect what’s yours by following these easy steps.

Recommended Content:

Privacy and Civil Liberties

DHA Privacy Office Standard Contract Language

Form/Template
10/27/2020

This Section addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DoD issuances.

Recommended Content:

Privacy and Civil Liberties | DHA Privacy Contract Language

PGI 224.1-90: Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements

Policy

This PGI provides standard language that shall be included in all purchased and non-purchased care solicitations and contracts where the contractor’s performance involves access to PII/PHI (unless those solicitations and contracts incorporate the TRICARE Manuals in their entirety, in which case this PGI does not apply).

Privacy Program Plan

Publication
11/29/2019

The DHA Privacy Office has developed this PPP to present its strategic concept of operations, including descriptions of how DHA complies with federal privacy requirements and related information management subject areas. This DHA PPP formally documents the DHA’s Privacy Program, including a description of the structure of the Privacy Program, the subject programs and activities that comprise the program, the roles and responsibilities of privacy officials and staff, the strategic goals and objectives of the Privacy Program, and the controls in place or planned – such as policies and procedures and specific programs and activities for meeting applicable privacy requirements and managing privacy risks. Privacy Program Plan

Recommended Content:

Privacy and Civil Liberties

DOD Instruction 6025.18: Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Compliance in DOD Health Care Programs

Policy

This issuance, in accordance with the authority in DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD compliance with federal law governing health information privacy and breach of privacy; integrating health information privacy and breach compliance with general information privacy and security requirements in accordance with federal law and DOD issuances; health information technology, system interoperability, and exchange of electronic health information, in relation to federal law governing health information privacy and breach; and DOD contracting and procurement activities in relation to federal law governing health information privacy and breach.

Decision Tree Matrix for Contracts with PII/PHI

Fact Sheet
9/6/2016

Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements

Recommended Content:

Privacy and Civil Liberties | DHA Privacy Contract Language

DoD Instruction 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).

Showing results 1 - 11 Page 1 of 1
Last Updated: August 11, 2022

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.