DHA Home About DHA Human Resources Contact Us FOIA Site Map
Skip Navigation LinksDHA Home > Clinical Operations and Patient Care > TMA Privacy Office > HIPAA > Regulatory Requirements & Additional Resources
Infinite Menus, Copyright 2006, OpenCube Inc. All Rights Reserved.

Regulatory Requirements & Additional Resources

Federal Law

Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. 104-191)

HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164)

HIPAA Security Rule (45 C.F.R. Parts 160 and 164)

Department of Defense (DoD)

DoD 6025.18-R, DoD Health Information Privacy Regulation, January 24, 2003

DoD 8580.02-R, DoD Health Information Security Regulation, July 12, 2007

DoDI 6025.18, Privacy of Individually Identifiable Health Information in DoD Health Care Programs, December 2, 2009

DoDD 5400.11, DoD Privacy Program, May 8, 2007

DoD 5400.11-R, DoD Privacy Program, May 14, 2007

DoD 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), November 28, 2007

DoDD 8500.1, Information Assurance (IA), October 24, 2002

DoDD 8500.2, Information Assurance Implementation, February 6, 2003

Assistant Secretary of Defense/Health Affairs (ASD/HA)

Reliance on an Electronic Signature on Form SSA-827 when Disclosing Protected Health Information to the Social Security Administration, July 26, 2012

TRICARE Management Activity (TMA)

Memorandum for TRICARE Management Activity Directors, TRICARE Management Activity Health Insurance Portability and Accountability Act Privacy and Security Policy Statement, TRICARE Management Activity designated Linda Thomas as the HIPAA Privacy Officer and the HIPAA Security Officer, August 30, 2012.

Administrative Instruction 50 Policy and Procedures for Accounting of Disclosures of Personally Identifiable Information and Protected Health Information, June 25, 2012

Policy for TRICARE Management Activity Workforce Members who Access Personally Identifiable Information or Protected Health Information, March 15, 2011

TMA Privacy and Civil Liberties Office Best Practices for Safeguarding Laptops,
February 2011

Telework Program Guide for Safeguarding Personally Identifiable and Protected Health Information, July 2010

General Mapping of HIPAA Security Rule to Existing DoD Policies and IA Controls
This document represents an updated mapping of the HIPAA Security Rule to select DoD policies and IA controls. It does not constitute the rendering of legal advice or an exhaustive list of all possible mappings of the Security Rule to DoD policies or IA controls. The document is intended to provide general information and to allow different departments and components to customize the mapping according to their security policies.

Policy Memoranda

Health Affairs (HA) Policy 05-018, Expediting Veterans Benefits to Members with Serious Injuries and Illness, September 27, 2005

DoD/Veterans Affairs (VA) Sharing Memorandum of Understanding (MOU),
March 14, 2014

Additional Resources

National Institute of Standards and Technology (NIST) Computer Security Division Resource Computer Security Center

“On October 1, 2013, the Department of Defense established the Defense Health Agency (DHA) to manage the activities of the Military Health System. These activities include those previously managed by TRICARE Management Activity (TMA), which was disestablished on the same date. During the next several months, all TMA websites will change to reflect the new DHA. We appreciate your patience during this transition."
DoD Seal
7700 Arlington Boulevard, Suite 5101, Falls Church, VA 22042-5101
The appearance of hyperlinks to external Web sites does not constitute endorsement by the TRICARE Management Activity of these Web sites or the information, products or services contained therein. For other than authorized government activities, TRICARE Management Activity does not exercise any editorial control over the information you may find at other locations. Such links are provided consistent with the stated purpose of this DoD Web site. Accessibility/Section 508