Skip subpage navigation
What is a Breach?
According to the Department of Defense, a breach of personal information occurs when the information is lost, disclosed to, accessed by, or potentially exposed to unauthorized individuals, or compromised in a way where the subjects of the information are negatively affected.
Breach Reporting
The Defense Health Agency Privacy and Civil Liberties Office coordinates breach reporting within the Military Health System. Email us if you have questions about breaches or breach reporting within the MHS.
Guidance tools for breach reporting:
You also may be interested in...
Policy
Aug 2, 2022
The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009.
- Identification #: N/A
- Type: Guideline
Policy
Mar 6, 2020
This issuance establishes policy, assigns responsibilities, and prescribes procedures for CUI throughout the DOD in accordance with Executive Order (E.O.) 13556; Part 2002 of Title 32, Code of Federal Regulations (CFR); and Defense Federal Acquisition Regulation Supplement (DFARS) Sections 252.204-7008 and 252.204-7012. It also establishes the ...
- Identification #: DODI 5200.48
- Type: Instruction
Policy
Mar 13, 2019
This issuance, in accordance with the authority in DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD compliance with federal law governing health information privacy and breach of privacy; integrating health information privacy and breach compliance with general information privacy and security requirements in accordance ...
- Identification #: DODI 6025.18
- Type: Instruction
Policy
Aug 12, 2015
This instruction establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).
- Identification #: DODI 8580.02
- Type: Instruction
Policy
Nov 17, 2010
.PDF |
436.31 KB
This Memorandum updates guidelines in Military Health System Chief Information Officer memorandum “Updated Guidelines on Protection of Sensitive Information in Electronic Mail” of
September 19, 2008.
- Identification #: N/A
- Type: Memorandum
Policy
Apr 28, 2010
.PDF |
253.66 KB
This Memorandum outlines the procedures for the Services for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.
- Identification #: N/A
- Type: Memorandum
Policy
Apr 13, 2010
.PDF |
118.49 KB
This Memorandum outlines the procedures for Contractors for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.
- Identification #: N/A
- Type: Memorandum
Policy
Jun 5, 2009
.PDF |
2.29 MB
In accordance with the policies outlined in this Memorandum, a risk assessment must be conducted for every breach to determine whether notification to affected individuals is necessary.
- Identification #: N/A
- Type: Memorandum
Policy
Apr 9, 2008
.PDF |
147.25 KB
This Memorandum establishes policy for documents transmitted and/or received by facsimile that contain Personally Identifiable Information and/or Protected Health Information (PII/PHI).
- Identification #: N/A
- Type: Guideline
Policy
Mar 6, 2008
.PDF |
98.94 KB
This Memorandum implements the recent Department of Defense requirement on the use of digital signature for e-mail, and is in addition to my memorandum of June 13, 2007, “Use of Digital Signature on TRICARE Management Activity Official Electronic Mail.”
- Identification #: N/A
- Type: Memorandum
Policy
Jul 3, 2007
.PDF |
215.07 KB
This Memorandum provides recommendations on means to protect sensitive unclassified information on portable computing devices used within DOD and advises that the suggestions are expected to become policy in the near future.
- Identification #: N/A
- Type: Memorandum
Policy
May 22, 2007
This Memorandum outlines the framework within which Federal agencies must develop a breach notification policy while ensuring proper safeguards are in place to protect the information.
- Identification #: OMB Memorandum 07-16
- Type: Memorandum
Policy
Sep 19, 2006
This Memorandum provides recommendations for planning and responding to data breaches which could result in identity theft.
- Identification #: N/A
- Type: Memorandum
Policy
Jun 23, 2006
This Memorandum addresses the efforts to properly safeguard information assets while using information technology by incorporating a checklist from the National Institute of Standards and Technology (NIST) for protection of remote information.
- Identification #: OMB Memorandum 06-16
- Type: Memorandum
Policy
May 22, 2006
This Memorandum reemphasizes responsibilities under law and policy to appropriately safeguard sensitive personally identifiable information (PII) and train employees on responsibilities in this area.
- Identification #: OMB Memorandum 06-15
- Type: Memorandum
You are leaving Health.mil
The appearance of hyperlinks does not constitute endorsement by the Department of Defense of non-U.S. Government sites or the information, products, or services contained therein. Although the Defense Health Agency may or may not use these sites as additional distribution channels for Department of Defense information, it does not exercise editorial control over all of the information that you may find at these locations. Such links are provided consistent with the stated purpose of this website.
You are leaving Health.mil
View the external links disclaimer.
Last Updated: July 10, 2024