Back to Top Skip to main content Skip to sub-navigation

Privacy and Civil Liberties

The Defense Health Agency Privacy and Civil Liberties Office is responsible for safeguarding Military Health System (MHS) individuals and information by administering compliance programs. We oversee the protection of personally identifiable information (PII)/protected health information (PHI) within the MHS, one of the largest integrated health care delivery systems in the United States, serving more than 9.6 million eligible beneficiaries.

Our Mission

Ensure vigilance in the protection of privacy information and promote compliance across the organization.

What We Do

We support MHS compliance with Federal privacy and security laws, and Department of Defense (DOD) regulations and guidance. This includes managing and evaluating potential risks and threats to the privacy and security of MHS health data by performing critical reviews through:

  • Evaluation of privacy and security safeguards, including conducting annual Health Insurance Portability and Accountability Act (HIPAA) of 1996 Security Risk Assessments
  • Performance of Internal Privacy Office Compliance Assessments
  • Establishment of organizational performance metrics to identify and measure potential compliance risks
  • Consultation for leadership and the workforce on areas of DHA-level oversight

In addition, the DHA Privacy Office has specific responsibility for various DHA-level areas. We support HIPAA development to comply with Federal laws, DOD regulations, and guidelines governing the privacy and security of PII/PHI, as well as the development and revision of DHA privacy-related plans, policies, and procedures. Key elements include:

  • HIPAA Privacy and Security
  • Privacy Act of 1974
  • Freedom of Information Act (FOIA)
  • Data Sharing Compliance
  • Human Research Protection
  • Training for the Workforce
  • Upholding Civil Liberties

The DHA Privacy Office also engages DHA stakeholders, including employees and contractors, by developing and delivering education and awareness materials and ongoing workforce privacy and HIPAA security training.

You also may be interested in...

Research Repository Template

Form/Template
1/20/2021

The RRT asks researchers whether they intend to put data into a repository, and if yes, what data and under what governance terms.

Recommended Content:

Privacy and Civil Liberties

DHA Privacy Office Standard Contract Language

Form/Template
10/27/2020

This Section addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DoD issuances.

Recommended Content:

Privacy and Civil Liberties | DHA Privacy Contract Language

Surgical Scheduling System

Form/Template
9/16/2016

PIA summary for Surgical Scheduling System.

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Zeiss FORUM

Form/Template
8/12/2016

Zeiss FORUM PIA summary

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Department of Defense Consolidated Cancer Registry (CCR)

Form/Template
7/21/2016

Department of Defense Consolidated Cancer Registry (CCR) System PIA summary

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Military Health System Data Repository

Form/Template
6/23/2016

Military Health System (MHS) Data Repository (MDR) PIA

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Defense and Veterans Eye Injury and Vision Registry

Form/Template
6/22/2016

PIA for the Defense and Veterans Eye Injury and Vision Registry (DVEIVR)

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Surgery Scheduling System (S3)

Form/Template
6/20/2016

PIA for the Surgery Scheduling System S3

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

DHA Form 61, Privacy Threshold Analysis (PTA)

Form/Template
3/31/2016

The purpose of the PTA is to identify if a system contains personally identifiable information (PII); and determine whether a Privacy Impact Assessment (PIA) is required, whether a System of Records Notice (SORN) is required, and if any other privacy requirements apply to the information system.

Recommended Content:

Privacy Impact Assessments | Privacy and Civil Liberties
Showing results 1 - 9 Page 1 of 1

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.