The DHA Privacy and Civil Liberties Office (PCLO) oversees the protection of personally identifiable information (PII)/protected health information (PHI) within the Military Health System (MHS). To maintain a strong compliance with Health Insurance Portability and Accountability Act (HIPAA) requirements, PCLO has developed the Compliance Risk Assessment (CRA) based on Federal privacy and security laws and DOD regulations and guidance. The primary objective of the CRA is to assist military hospitals and clinics (also known as military treatment facilities, or MTFs) to conduct periodic assessments to evaluate their overall compliance with HIPAA privacy and HIPAA security requirements. Compliance reviews are completed by using the Compliance Risk Assessment (CRA) Tool, which is designed to gauge the healthcare organization’s privacy compliance posture and to identify potential security threats and vulnerabilities.

The privacy assessment is to be completed by the MTF HIPAA Privacy Officer, and the security assessment is to be completed by the MTF HIPAA Security Officer. New for 2022 is the compliance assessment for Privacy Liaisons, who are strategically placed at designated Markets and are tasked to help manage the hospitals and clinics in their region. These liaisons play a critical role in providing administrative oversight and guidance to our MTF HIPAA Privacy Officers and HIPAA Security Officers.

The CRA Tool can be accessed on the PCLO page on Inside DHA (CAC-enabled).