Back to Top Skip to main content

Breaches of PII and PHI

What is a Breach?

According to the Department of Defense (DoD), a breach of personal information occurs when the information is lost, disclosed to, accessed by, or potentially exposed to unauthorized individuals, or compromised in a way where the subjects of the information are negatively affected.

Breach Reporting

The Defense Health Agency (DHA) Privacy and Civil Liberties Office (Privacy Office) coordinates breach reporting within the Military Health System (MHS). Email us if you have questions about breaches or breach reporting within the MHS.

Guidance tools for breach reporting:

You also may be interested in...

DoD Instruction 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).

DoD Instruction 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).

DoD Directive 5400.11: Department of Defense Privacy Program

Policy

This Regulation is reissued under the authority of DoD Directive 5400.11, “DoD Privacy Program,” May 8, 2007. It provides guidance on section 552a of title 5 United States Code (U.S.C.), the Privacy Act of 1974, as amended, and prescribes uniform procedures for implementation of the DoD Privacy Program.

DoD Breach Reporting Best Judgment Memo

Policy

This Memorandum is to help guide Components toward optimal decision-making regarding PII breach risk and notification determinations.

TMA Guidelines on Protection of Sensitive Information in Electronic Mail

Policy

This Memorandum updates guidelines in Military Health System Chief Information Officer memorandum “Updated Guidelines on Protection of Sensitive Information in Electronic Mail” of September 19, 2008.

Reporting a Breach as Defined by the Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009

Policy

This Memorandum outlines the procedures for the Services for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.

Reporting a Breach as Defined by the Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009

Policy

This Memorandum outlines the procedures for Contractors for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.

Safeguarding Against and Responding to the Breach of PII

Policy

In accordance with the policies outlined in this Memorandum, a risk assessment must be conducted for every breach to determine whether notification to affected individuals is necessary.

Sanction Policy for Privacy and Security Violations

Policy

This Memorandum establishes policy and assigns responsibility for how sanctions should be determined and applied against workforce members of TRICARE Management Activity (TMA) who fail to follow appropriate standards for safeguarding personally identifiable information (PII) and/or protected health information (PHI).

TMA Facsimile Transmission Policy for Documents Containing Personally Identifiable Information and/or Protected Health Information

Policy

This Memorandum establishes policy for documents transmitted and/or received by facsimile that contain Personally Identifiable Information and/or Protected Health Information (PII/PHI).

Update to Using Digital Signature when Sending Electronic Mail

Policy

This Memorandum implements the recent Department of Defense (DoD) requirement on the use of digital signature for e-mail, and is in addition to my memorandum of June 13, 2007, “Use of Digital Signature on TRICARE Management Activity (TMA) Official Electronic Mail (e-mail).”

Breach Notification Reporting for the MHS

Policy

This Memorandum outlines procedures for breach notification reporting for the Military Health System (MHS).

Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media

Policy

This Memorandum provides recommendations on means to protect sensitive unclassified information on portable computing devices used within DoD and advises that the suggestions are expected to become policy in the near future.

Use of Digital Signature on Official TRICARE Management Activity Electronic Mail (e-mail)

Policy

This document outlines the use of digital signatures on official TRICARE Management Activity electronic mail.

Safeguarding Against and Responding to the Breach of Personally Identifiable Information

Policy

This Memorandum outlines the framework within which Federal agencies must develop a breach notification policy while ensuring proper safeguards are in place to protect the information.

<< < 1 2 > >> 
Showing results 1 - 15 Page 1 of 2

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing: Download a PDF Reader or learn more about PDFs.