Skip subpage navigation
The Defense Health Agency Privacy and Civil Liberties Office is responsible for providing guidance to the enterprise on managing and safeguarding personally identifiable information as well as protected health information
Our Mission
Ensure vigilance in the protection of privacy information and promote compliance across the organization.
What We Do
We enforce compliance with Federal statute and Department of Defense privacy & civil liberties related regulation and policy throughout the Military Health Service. This includes managing and evaluating potential risks and threats to the privacy and security of MHS health data by performing critical reviews and conducting:
- Evaluation of privacy and security safeguards, including conducting annual Health Insurance Portability and Accountability Act (HIPAA) of 1996 Security Risk Assessments
- Performance of Internal Privacy Office Compliance Assessments
- Establishment of organizational performance metrics to identify and measure potential compliance risks
- Consultation for leadership and the workforce on areas of DHA-level oversight
In addition, the DHA Privacy Office has specific responsibility for various DHA-level areas. We support HIPAA development to comply with Federal laws, DOD regulations, and guidelines governing the privacy and security of PII/PHI, as well as the development and revision of DHA privacy-related plans, policies, and procedures. Key elements include:
- Breach Prevention and Response
- Civil Liberties Compliance
- Data Sharing Agreements
- HIPAA and Privacy Act Training
- HIPAA Compliance within the MHS
- Privacy Act at DHA
- Privacy Board
- Privacy Compliance
- Research Compliance with HIPAA Privacy Rule
- Risk Assessment
The DHA PCLO also engages DHA stakeholders, including employees and contractors, by developing and delivering education and awareness materials and ongoing workforce privacy and HIPAA security training.
You also may be interested in...
FAQ
Jul 31, 2024
Questions and answers about privacy and civil liberties at the Defense Health Agency Data Sharing Agreement (DSA) program.
Publication
Jan 29, 2021
.PDF |
287.66 KB
This template is designed to assist the Department of Defense Institutional Review Board with determining if DHA data disclosed to a research study will, in any form (de-identified or otherwise), be placed in a research repository and, if so, the type of data and whether any Health Insurance Portability and Accountability Act (HIPAA) compliance ...
Publication
Jan 29, 2021
.PDF |
486.84 KB
The IRB HIPAA Compliance Review Findings on Data Requests.
Form/Template
Jan 20, 2021
.PDF |
287.66 KB
The RRT asks researchers whether they intend to put data into a repository, and if yes, what data and under what governance terms.
Publication
Jan 20, 2021
.XLSX |
13.29 KB
List of Systems Containing DHA Data
Article
Jan 4, 2021
Your privacy matters! Don’t be a target of data theft. Protect what’s yours by following these easy steps.
Policy
Oct 27, 2020
.PDF |
389.61 KB
This PGI provides standard language that shall be included in all purchased and non-purchased care solicitations and contracts where the contractor’s performance involves access to PII/PHI (unless those solicitations and contracts incorporate the TRICARE Manuals in their entirety, in which case this PGI does not apply).
- Identification #: PGI 224.1-90
- Type: Guideline
Form/Template
Oct 27, 2020
.PDF |
267.81 KB
This Section addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DOD issuances.
Policy
Mar 13, 2019
This issuance, in accordance with the authority in DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD compliance with federal law governing health information privacy and breach of privacy; integrating health information privacy and breach compliance with general information privacy and security requirements in accordance ...
- Identification #: DODI 6025.18
- Type: Instruction
Fact Sheet
Sep 6, 2016
.PDF |
183.61 KB
Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements
Policy
Aug 12, 2015
This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).
- Identification #: DODI 8580.02
- Type: Instruction
You are leaving Health.mil
The appearance of hyperlinks does not constitute endorsement by the Department of Defense of non-U.S. Government sites or the information, products, or services contained therein. Although the Defense Health Agency may or may not use these sites as additional distribution channels for Department of Defense information, it does not exercise editorial control over all of the information that you may find at these locations. Such links are provided consistent with the stated purpose of this website.
You are leaving Health.mil
View the external links disclaimer.
Last Updated: July 10, 2024