Back to Top Skip to main content

HIPAA Compliance within the MHS

The Health Insurance Portability and Accountability Act (HIPAA) applies to your protected health information (PHI). Your PHI is any information that:

  • Identifies you;
  • Is about your health or demographics;
  • Is maintained by a covered entity or business associate; and
  • Is related to your treatment, your medical condition, and the related payment for that condition as maintained by a covered entity or business associate.

The Defense Health Agency (DHA) Privacy and Civil Liberties Office (Privacy Office) helps the Military Health System (MHS) comply with the following HIPAA Rules:

  • The HIPAA Privacy Rule defines how your PHI should be safeguarded, limits when it can be used and disclosed without your authorization, and ultimately gives you some control over your own PHI.
  • The HIPAA Security Rule defines how your PHI should be protected and transferred when maintained electronically. 
  • The HIPAA Breach Notification Rule defines when your PHI has been inappropriately used or disclosed (see Breaches of PII and PHI page) and describes the breach response obligations of a covered entity.

The Chief of the DHA Privacy Office is the appointed HIPAA Privacy Officer and HIPAA Security Officer, and has authority over the HIPAA Privacy and Security programs at DHA.

For more information DHA’s HIPAA compliance program, please read the DHA’s HIPAA Privacy and HIPAA Security Core Tenets Policy Statement.

You also may be interested in...

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version (portrait)

Publication
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure, measuring 8.5” x 11” (vertical).

Recommended Content:

HIPAA Compliance within the MHS | How HIPAA Protects You | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print Ready Version - Arabic

Publication
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Arabic, measuring 8.5” x 11” (vertical).

Recommended Content:

HIPAA Compliance within the MHS | How HIPAA Protects You | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - Spanish - European

Publication
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Spanish - European, measuring 8.5” x 11” (vertical).

Recommended Content:

HIPAA Compliance within the MHS | How HIPAA Protects You | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - Russian

Publication
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Russian, measuring 8.5” x 11” (vertical).

Recommended Content:

HIPAA Compliance within the MHS | How HIPAA Protects You | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Poster - Print-Ready Version (portrait)

Publication
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready poster version of the brochure, measuring 24” x 36” (vertical).

Recommended Content:

HIPAA Compliance within the MHS | How HIPAA Protects You | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - Thai

Publication
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Thai, measuring 8.5” x 11” (vertical).

Recommended Content:

HIPAA Compliance within the MHS | How HIPAA Protects You | Notice of Privacy Practices

MHS Notice of Privacy Practices (NoPP) - Brochure - Print-Ready Version - Tagalog

Publication
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This is a print-ready, portrait version of the brochure in Tagalog, measuring 8.5” x 11” (vertical).

Recommended Content:

HIPAA Compliance within the MHS | How HIPAA Protects You | Notice of Privacy Practices

MHS NoPP Acknowledgement Form

Form/Template
10/1/2013

The MHS Notice of Privacy Practices (NoPP) describes how medical information about you may be used and disclosed and how you can get access to this information. This form serves as an acknowledgement to patients and beneficiaries that they have received the MHS NoPP. The template is sized to scale and can be reproduced locally on Avery Label #5163, 5263, 2163, 5923, 5963 (size: 2 inches x 4 inches).

Recommended Content:

How HIPAA Protects You | HIPAA Compliance within the MHS | Notice of Privacy Practices

DoD Instruction 6025.18: Privacy of Individually Identifiable Health Information in DoD Health Care Programs

Policy

This Instruction reissues DoD Directive (DoDD) 6025.18 as a DoD Instruction in accordance with the authority in DoD Directive 5124.02. It also establishes policy and assigns responsibilities for implementation of the standards for privacy of individually identifiable health information in accordance with parts 160 and 164 of title 45, Code of Federal Regulations.

DoD Directive 5400.11: DoD Privacy Program

Policy

This Directive reissues DoD Directive 5400.11, “DoD Privacy Program,” November 16, 2004 (hereby canceled) to update the policies and responsibilities of the DoD Privacy Program under Section 552a of title 5, United States Code and Office of Management and Budget Circular No. A-130, “Management of Federal Information Resources,” February 8, 1996; authorizes the Defense Privacy Board, the Defense Privacy Board Legal Committee, and the Defense Data Integrity Board; continues to authorize the publication of DoD 5400.11-R, “Department of Defense Privacy Program,” May 14, 2007; and continues to delegate authorities and responsibilities for the effective administration of the DoD Privacy Program.

Health Affairs (HA) Policy 05-018, Expediting Veterans Benefits to Members with Serious Injuries and Illness

Policy

This Memorandum outlines the roles of the Department of Veterans Affairs (VA) and the Department of Defense (DoD) in identifying an initiative to expedite data exchange between the DoD and the VA for "seriously injured" members, and those members entering the Physical Evaluation Board Process. The goal is to assist the VA in its efforts to better ensure members are aware of their benefits and that these benefits start as soon as possible when the member is eligible.

HIPAA Security Officer Letter - Service Headquarters

Policy

This letter outlines HIPAA Security responsibilities for Service specific policy and procedure development and implementation. A Service Headquarters level HIPAA Security Official in each Service is needed.

HIPAA Security Officer Letter - MTF/DTF

Policy

This letter outlines the requirements for Medical Treatment Facility and Dental Treatment Facility (MTF/DTF) personnel to be assigned the responsibility of managing and supervising the execution and use of security measures to protect data as well as the responsibility of managing and supervising the conduct of personnel in relation to those measures.

HIPAA Security Officer Letter - TRICARE Regional Office

Policy

This letter outlines the roles of the HIPAA Security Official at the TRICARE Regional Offices. This person oversees all ongoing activities related to the development, implementation, and maintenance of the organization’s policies and procedures covering the security of electronic patient information.

Federal Register Notice: DoD Health Information Privacy Program, April 14, 2003

Policy

Federal Register Notice for the April 14, 2003 DoD Health Information Privacy Program, published April 9, 2003

<< < 1 2 3 4 > >> 
Showing results 31 - 45 Page 3 of 4

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.