Skip main navigation

Military Health System

Hurricane Milton & Hurricane Helene

Emergency procedures are in place in multiple states due to Hurricane Milton & Hurricane Helene. >>Learn More

Skip subpage navigation

HIPAA Compliance within the MHS

The Health Insurance Portability and Accountability Act applies to your protected health information. Your PHI is any information that:

  • Identifies you;
  • Is about your health or demographics;
  • Is maintained by a covered entity or business associate; and
  • Is related to your treatment, your medical condition, and the related payment for that condition as maintained by a covered entity or business associate.

The DHA Privacy and Civil Liberties Office helps the Military Health System comply with the following HIPAA Rules:

  • The HIPAA Privacy Rule defines how your PHI should be safeguarded, limits when it can be used and disclosed without your authorization, and ultimately gives you some control over your own PHI.
  • The HIPAA Security Rule defines how your PHI should be protected and transferred when maintained electronically. 
  • The HIPAA Breach Notification Rule defines when your PHI has been inappropriately used or disclosed (see Breaches of PII and PHI page) and describes the breach response obligations of a covered entity.

The Chief of the DHA Privacy Office is the appointed HIPAA Privacy Officer and HIPAA Security Officer, and has authority over the HIPAA Privacy and Security programs at DHA.

For more information DHA’s HIPAA compliance program, please read the DHA’s HIPAA Privacy and HIPAA Security Core Tenets Policy Statement.

You also may be interested in...

Publication
Oct 1, 2013

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - French - Canadian

.PDF | 308.08 KB

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in French - Canadian, measuring 8.5” x 11” (vertical).

Policy
Jul 26, 2012

Memorandum: Reliance on an Electronic Signature on Form SSA-827 when Disclosing Protected Health Information to the Social Security Administration

.PDF | 3.32 MB

This Memorandum outlines how DOD health care entities may consider a properly completed and electronically signed Form SSA-827 a valid authorization which permits the release of that individual's PHI to the Social Security Administration (SSA).

  • Identification #: N/A
  • Type: Memorandum
Policy
Dec 2, 2009

Instruction: #DODI 6025.18, Privacy of Individually Identifiable Health Information in DOD Health Care Programs

Establishes policy and assigns responsibilities for implementation of the standards for privacy of individually identifiable health information in accordance with parts 160 and 164 of title 45, Code of Federal Regulations.

  • Identification #: DODI 6025.18
  • Type: Instruction
Policy
Sep 9, 2004

Memorandum: HIPAA Security Officer Letter - MTF/DTF

.PDF | 1.72 MB

This letter outlines the requirements for Medical Treatment Facility and Dental Treatment Facility (MTF/DTF) personnel to be assigned the responsibility of managing and supervising the execution and use of security measures to protect data as well as the responsibility of managing and supervising the conduct of personnel in relation to those measures.

  • Identification #: N/A
  • Type: Memorandum
Policy
Apr 9, 2003

Federal Regulation: #68 Fed. Reg. 17357-58, 68 Fed. Reg. 17357-58

Under 45 CFR part 164, "Standards for Privacy of Individually Identifiable Health Information" and DOD 6025.18–R, "DOD Health Information Privacy Regulation" provisions are made to allow appropriate uses and disclosures of protected health information concerning members of the armed forces to assure the proper execution of the military mission, ...

  • Identification #: 68 Fed. Reg. 17357-58
  • Type: Federal Regulation
Policy
Aug 21, 1996

Federal Regulation: #110 STAT. 1936, Public Law 104-191

The purpose of this document is to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services ...

  • Identification #: 110 STAT. 1936
  • Type: Federal Regulation
Last Updated: July 10, 2024
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on X Follow us on YouTube Sign up on GovDelivery