The Military Health System (MHS) must comply with Federal law protecting the privacy and security of personally identifiable information and protected health information (PII/PHI), as well as with other Federal information laws. Therefore, standard language to require compliance must be included whenever a solicitation is issued or a contract awarded (or other agreement is entered into) if performance involves PII/PHI.
For contracts awarded by or for the Defense Health Agency (DHA), see:
- DHA Standard Contract Language
- Procurement Directorate guidance at PGI 224.1-90
That guidance explains how to incorporate by reference all or part of the DHA Standard Contract Language in contract documents.
For contracts or other agreements used by MHS components other than DHA, see:
Please note that the linked documents are subject to change.
Contractor Personnel Access to Health Affairs (HA)/DHA Network/DOD Systems
Please find all pertinent information at:
Administration and Management Directorate (A&MD)
Mission Assurance Division
Personnel Security Branch
7700 Arlington Blvd
Falls Church, VA 22042
Phone: 1-703-681-6777
Secure Fax: 1-703-681-0810
You also may be interested in...
Policy
Jan 6, 2022
.PDF |
243.26 KB
The HIPAA Compliant Business Associate Agreement complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules).
- Identification #: N/A
- Type: Guidelines
Form/Template
Oct 27, 2020
.PDF |
267.81 KB
This Section addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DOD issuances.
Policy
Oct 27, 2020
.PDF |
389.61 KB
This PGI provides standard language that shall be included in all purchased and non-purchased care solicitations and contracts where the contractor’s performance involves access to PII/PHI (unless those solicitations and contracts incorporate the TRICARE Manuals in their entirety, in which case this PGI does not apply).
- Identification #: N/A
- Type: Guidelines
Fact Sheet
Sep 6, 2016
.PDF |
183.61 KB
Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Information Requirements
You are leaving Health.mil
The appearance of hyperlinks does not constitute endorsement by the Department of Defense of non-U.S. Government sites or the information, products, or services contained therein. Although the Defense Health Agency may or may not use these sites as additional distribution channels for Department of Defense information, it does not exercise editorial control over all of the information that you may find at these locations. Such links are provided consistent with the stated purpose of this website.
You are leaving Health.mil
View the external links disclaimer.
Last Updated: July 11, 2023