Skip to main content

Military Health System

Clear Your Browser Cache

This website has recently undergone changes. Users finding unexpected concerns may care to clear their browser's cache to ensure a seamless experience.

Skip subpage navigation

Breach Prevention and Response

What is a Breach?

According to the Department of Defense, a breach of personal information occurs when the information is lost, disclosed to, accessed by, or potentially exposed to unauthorized individuals, or compromised in a way where the subjects of the information are negatively affected.

Breach Reporting

The Defense Health Agency Privacy and Civil Liberties Office coordinates breach reporting within the Military Health System. Email us if you have questions about breaches or breach reporting within the MHS.

Guidance tools for breach reporting:

You also may be interested in...

Policy
Aug 2, 2022

Guideline: HITECH Act

The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009.

  • Identification #: N/A
  • Type: Guideline
Policy
Mar 6, 2020

Instruction: #DODI 5200.48, DODI 5200.48: Controlled Unclassified Information

This issuance establishes policy, assigns responsibilities, and prescribes procedures for CUI throughout the DOD in accordance with Executive Order (E.O.) 13556; Part 2002 of Title 32, Code of Federal Regulations (CFR); and Defense Federal Acquisition Regulation Supplement (DFARS) Sections 252.204-7008 and 252.204-7012. It also establishes the ...

  • Identification #: DODI 5200.48
  • Type: Instruction
Policy
Mar 13, 2019

Instruction: #6025.18, DOD Instruction 6025.18: Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Compliance in DOD Health Care Programs

This issuance, in accordance with the authority in DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD compliance with federal law governing health information privacy and breach of privacy; integrating health information privacy and breach compliance with general information privacy and security requirements in accordance ...

  • Identification #: 6025.18
  • Type: Instruction
Policy
Aug 12, 2015

Instruction: #DoD Instruction 8580.02, DoD Instruction 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs

This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).

  • Identification #: DoD Instruction 8580.02
  • Type: Instruction
Fact Sheet
May 5, 2014

Phishing Overview

.PDF | 153.97 KB

An Information Paper that tells what phishing is, how to respond to phishing attacks, and steps to take to avoid becoming a victim of phishing scams.

Fact Sheet
May 5, 2014

Social Networking Overview

.PDF | 154.18 KB

An Information Paper that defines social networking, details the Department of Defense's position on this topic, and discusses the responsible use of social networking and Internet-based capabilities.

Fact Sheet
May 5, 2014

Malicious Code Overview

.PDF | 162.19 KB

An Information Paper that explains what malicious code is, including the various types, the proper response to a malicious code attack, and steps to take to avoid receiving malicious code on a computer system.

Policy
Apr 28, 2010

Memorandum: Reporting a Breach as Defined by the Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009

.PDF | 253.66 KB

This Memorandum outlines the procedures for the Services for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.

  • Identification #: N/A
  • Type: Memorandum
Policy
Apr 13, 2010

Memorandum: Reporting a Breach as Defined by the Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009

.PDF | 118.49 KB

This Memorandum outlines the procedures for Contractors for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.

  • Identification #: N/A
  • Type: Memorandum
Last Updated: July 21, 2023
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on X Follow us on YouTube Sign up on GovDelivery