The Defense Health Agency (DHA) Privacy and Civil Liberties Office (Privacy Office) manages a comprehensive privacy and security program that ensures compliance with the HIPAA Privacy and Security Rules codified at 45 C.F.R. Parts 160 and 164.
As set forth by DoDI 6025.18, the Privacy Office supports the protection of beneficiary health information and HIPAA Privacy Rule compliance by all MHS business processes, procedures, and systems that solicit, collect, maintain access, use, disclose, and dispose of protected health information (PHI).
Concurrently, through its HIPAA security program, as set forth by DoDI 8580.02-R, the Privacy Office supports the protection of the confidentiality, integrity and availability of electronic PHI against any reasonably anticipated threats or hazards, including implementation of reasonable administrative, physical, and technical safeguards by MHS covered entities under HIPAA.
On October 1st, 2013, DHA’s Deputy Director issued the updated DHA HIPAA Notice of Privacy Practice (NoPP). This NoPP establishes and details the core tenets of the HIPAA Privacy and Security Rules at DHA for the use, disclosure, and protection of PHI, and confirms the responsibility and authority of the Director, DHA Privacy Office, as the DHA HIPAA Privacy and HIPAA Security Officer.