Back to Top Skip to main content

How HIPAA Protects You

The Health Insurance Portability and Accountability Act (HIPAA) is designed to balance privacy, efficiency, and quality. A covered entity generally does not need your permission to share your protected health information (PHI) with another covered entity for treatment, payment, or healthcare operations, commonly referred to as TPO. For example, a doctor will generally not ask your permission before:

  • Sending your records to a second doctor for a second opinion (treatment);
  • Consulting with another health care provider regarding your medical status (treatment);
  • Asking TRICARE for reimbursement for the services you received (payment);
  • Sharing medical services provided for coverage and justification of charges (payment);
  • Reviewing your records to conduct MHS provider training programs, including certification and licensing (health care operations); and
  • Reviewing your records to see if your doctor followed protocol (health care operations).

However, HIPAA does give you the right to:

  • Learn how the Military Health System (MHS) will use and disclose your PHI;
  • Request to limit who can access your PHI;
  • Find out when a covered entity discloses your PHI to others;
  • Request to view and receive a copy of your PHI; and
  • Request to amend your PHI if incorrect or incomplete.

HIPAA also requires the MHS to:

  • Make sure your PHI is stored securely if maintained electronically;
  • Make sure your PHI is available when you need healthcare; and
  • Notify you if your PHI is lost or stolen.

You also may be interested in...

DoD Manual 6025.18-Implementation of the HIPAA Privacy Rule in DoD Health Care Programs

Policy

This issuance, in accordance with the authority in DoD Directive 5124.02, establishes policy and assigns responsibilities for; DoD compliance with federal law governing health information privacy and breach of privacy; Integrating health information privacy and breach compliance with general information privacy and security requirements in accordance with federal law and DoD issuances; Health information technology, system interoperability, and exchange of electronic health information, in relation to federal law governing health information privacy and breach; and DoD contracting and procurement activities in relation to federal law governing health information privacy and breach.

Implementation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in DoD Health Care Programs

Policy

This 6025.18 DoD Manual was issued in accordance with the authority in DoD Directive 5124.02. It also implements the policy in DoD Instruction (DoDI) 6025.18, and assigns responsibilities and procedural standards for protecting personally identifiable health information in accordance with parts 160 and 164 of title 45, Code of Federal Regulations (CFR).

Designation of a DHA HIPAA Privacy Officer and HIPAA Security Officer

Policy

This Policy Statement establishes policy and details the core tenets of the HIPAA Privacy and Security Rules at DHA for the use, disclosure, and protection of protected health information (PHI).

DoD Directive 5400.11: Department of Defense Privacy Program

Policy

This Regulation is reissued under the authority of DoD Directive 5400.11, “DoD Privacy Program,” May 8, 2007. It provides guidance on section 552a of title 5 United States Code (U.S.C.), the Privacy Act of 1974, as amended, and prescribes uniform procedures for implementation of the DoD Privacy Program.

DoD/Veterans Affairs (VA) Sharing Memorandum of Understanding (MOU)

Policy

This MOU establishes a framework governing inter-Departmental transfer of PIII/PHI of beneficiaries who receive health care and/or other benefits from either Department. This MOU revises the MOU on "Defining Data-Sharing Between the Departments," executed in May and June of 2005.

HIPAA Compliant Business Associate Agreement

Policy

The HIPAA Compliant Business Associate Agreement complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules).

Designation of a TRICARE Management Health Insurance Portability and Accountability Act Privacy Officer and Health Insurance Portability and Accountability Act Security Officer

Policy

This Memorandum announces the HIPAA Privacy (6025.18-R) and Security (8580.02-R) for DHA who is responsible for the development and implementation of policies and procedures required under each set of regulations.

DoD Instruction 6025.18: Privacy of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This Instruction reissues DoD Directive (DoDD) 6025.18 as a DoD Instruction in accordance with the authority in DoD Directive 5124.02. It also establishes policy and assigns responsibilities for implementation of the standards for privacy of individually identifiable health information in accordance with parts 160 and 164 of title 45, Code of Federal Regulations.

DoD Directive 5400.11: DoD Privacy Program

Policy

This Directive reissues DoD Directive 5400.11, “DoD Privacy Program,” November 16, 2004 (hereby canceled) to update the policies and responsibilities of the DoD Privacy Program under Section 552a of title 5, United States Code and Office of Management and Budget Circular No. A-130, “Management of Federal Information Resources,” February 8, 1996; authorizes the Defense Privacy Board, the Defense Privacy Board Legal Committee, and the Defense Data Integrity Board; continues to authorize the publication of DoD 5400.11-R, “Department of Defense Privacy Program,” May 14, 2007; and continues to delegate authorities and responsibilities for the effective administration of the DoD Privacy Program.

Health Affairs (HA) Policy 05-018, Expediting Veterans Benefits to Members with Serious Injuries and Illness

Policy

This Memorandum outlines the roles of the Department of Veterans Affairs (VA) and the Department of Defense (DoD) in identifying an initiative to expedite data exchange between the DoD and the VA for "seriously injured" members, and those members entering the Physical Evaluation Board Process. The goal is to assist the VA in its efforts to better ensure members are aware of their benefits and that these benefits start as soon as possible when the member is eligible.

Military Treatment Facilities (MTF) Defense Health Agency (DHA) Health Insurance Portability and Accountability Act (HIPAA) Privacy Officers Appointment Request Letter and Roles & Responsibilities

Policy

This document outlines the roles and responsibilities for the HIPAA Privacy Officer.

Public Law 104-191

Policy

The purpose of this document is to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

Showing results 1 - 12 Page 1 of 1

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.