Skip to main content

Military Health System

Test of Sitewide Banner

This is a test of the sitewide banner capability. In the case of an emergency, site visitors would be able to visit the news page for addition information.

ROBINS AIR FORCE BASE, Georgia – Chandra McDuffie, 78th Occupational Medical Services secretary, prepares to retrieve a visiting patient’s records at Robins Air Force Base, Georgia, Jan. 31, 2023. McDuffie has created training documents for the Paper Record Tracking process, which supports the record transfers between military hospitals and clinics. (U.S. Air Force photos by Kisha Foster Johnson)

Privacy & Civil Liberties

The Defense Health Agency Privacy and Civil Liberties Office is responsible for providing guidance to the enterprise on managing and safeguarding personally identifiable information as well as protected health information

Our Mission

Ensure vigilance in the protection of privacy information and promote compliance across the organization.

What We Do

We enforce compliance with Federal statute and Department of Defense privacy & civil liberties related regulation and policy throughout the Military Health Service. This includes managing and evaluating potential risks and threats to the privacy and security of MHS health data by performing critical reviews and conducting:

  • Evaluation of privacy and security safeguards, including conducting annual Health Insurance Portability and Accountability Act (HIPAA) of 1996 Security Risk Assessments
  • Performance of Internal Privacy Office Compliance Assessments
  • Establishment of organizational performance metrics to identify and measure potential compliance risks
  • Consultation for leadership and the workforce on areas of DHA-level oversight

In addition, the DHA Privacy Office has specific responsibility for various DHA-level areas. We support HIPAA development to comply with Federal laws, DOD regulations, and guidelines governing the privacy and security of PII/PHI, as well as the development and revision of DHA privacy-related plans, policies, and procedures. Key elements include:

  • Breach Prevention and Response
  • Civil Liberties Compliance
  • Data Sharing Agreements
  • HIPAA and Privacy Act Training
  • HIPAA Compliance within the MHS
  • Privacy Act at DHA
  • Privacy Board
  • Privacy Impact Assessments
  • Research Compliance with HIPAA Privacy Rule
  • Risk Assessment

The DHA PCLO also engages DHA stakeholders, including employees and contractors, by developing and delivering education and awareness materials and ongoing workforce privacy and HIPAA security training.

You also may be interested in...

Jan 29, 2021

Research Repository Template

.PDF | 287.66 KB

This template is designed to assist the Department of Defense Institutional Review Board with determining if DHA data disclosed to a research study will, in any form (de-identified or otherwise), be placed in a research repository and, if so, the type of data and whether any Health Insurance Portability and Accountability Act (HIPAA) compliance ...

Oct 27, 2020

PGI 224190 PII PHI and Federal Information Requirements

.PDF | 389.61 KB

This PGI provides standard language that shall be included in all purchased and non-purchased care solicitations and contracts where the contractor’s performance involves access to PII/PHI (unless those solicitations and contracts incorporate the TRICARE Manuals in their entirety, in which case this PGI does not apply).

  • Identification #: N/A
  • Type: Guidelines
Nov 29, 2019

Privacy Program Plan

.PDF | 1.51 MB

The DHA Privacy Office has developed this PPP to present its strategic concept of operations, including descriptions of how DHA complies with federal privacy requirements and related information management subject areas. This DHA PPP formally documents the DHA’s Privacy Program, including a description of the structure of the Privacy Program, the ...

Mar 13, 2019

Health Insurance Portability and Accountability Act Privacy Rule in DOD Health Care Programs

This issuance, in accordance with the authority in DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD compliance with federal law governing health information privacy and breach of privacy; integrating health information privacy and breach compliance with general information privacy and security requirements in accordance ...

  • Identification #: 6025.18
  • Type: Instructions
Aug 12, 2015

Security of Individually Identifiable Health Information in DoD Health Care Programs

This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).

  • Identification #: DoD Instruction 8580.02
  • Type: Instructions
Last Updated: July 12, 2023
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on Twitter Follow us on YouTube Sign up on GovDelivery