Skip to main content

Military Health System

Privacy Contract Language

The Military Health System (MHS) must comply with Federal law protecting the privacy and security of personally identifiable information and protected health information (PII/PHI), as well as with other Federal information laws. Therefore, standard language to require compliance must be included whenever a solicitation is issued or a contract awarded (or other agreement is entered into) if performance involves PII/PHI.

For contracts awarded by or for the Defense Health Agency (DHA), see:

  • DHA Standard Contract Language
  • Procurement Directorate guidance at PGI 224.1-90

That guidance explains how to incorporate by reference all or part of the DHA Standard Contract Language in contract documents.  

For contracts or other agreements used by MHS components other than DHA, see:

Please note that the linked documents are subject to change.

Contractor Personnel Access to Health Affairs (HA)/DHA Network/DOD Systems

Please find all pertinent information at:

Administration and Management Directorate (A&MD)
Mission Assurance Division
Personnel Security Branch
7700 Arlington Blvd
Falls Church, VA 22042

Phone: 1-703-681-6777
Secure Fax: 1-703-681-0810

You also may be interested in...

HIPAA Compliant Business Associate Agreement

Policy

The HIPAA Compliant Business Associate Agreement complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules).

DHA Privacy Office Standard Contract Language

Form/Template
10/27/2020

This Section addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DOD issuances.

Recommended Content:

Privacy & Civil Liberties | Privacy Contract Language

PGI 224.1-90: Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements

Policy

This PGI provides standard language that shall be included in all purchased and non-purchased care solicitations and contracts where the contractor’s performance involves access to PII/PHI (unless those solicitations and contracts incorporate the TRICARE Manuals in their entirety, in which case this PGI does not apply).

Decision Tree Matrix for Contracts with PII/PHI

Fact Sheet
9/6/2016

Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements

Recommended Content:

Privacy & Civil Liberties | Privacy Contract Language

Examples of PII

Fact Sheet
5/1/2014

Personally identifiable information (PII) is information that identifies, links, relates, or is unique to, or describes you. This also includes information which can be used to distinguish or trace your identity and any other personal information which is linked or linkable to you.

Recommended Content:

Privacy Act at DHA | Privacy Impact Assessments | HIPAA Compliance within the MHS | How HIPAA Protects You | Breach Prevention and Response | Freedom of Information Act | Privacy Contract Language | Research Protections | HIPAA and Privacy Act Training
Showing results 1 - 5 Page 1 of 1
Last Updated: October 13, 2022
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on Twitter Follow us on YouTube Sign up on GovDelivery