HIPAA and Privacy

Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to:

  • Combat waste, fraud and abuse
  • Improve portability of health insurance coverage
  • Simplify health care administration

Who must comply with HIPAA?

All military and civilian health care plans, health care clearinghouses and health care providers who electronically conduct financial and administrative transactions must comply with HIPAA. TRICARE, military hospitals and clinics, providers, regional contractors, subcontractors and other business associate relationships fall within these categories. HIPAA's Privacy Rule and Security Rule relate specifically to the privacy and security of your protected health information (PHI).

How the Privacy Rule Protects You

The HIPAA Privacy Rule lets medical staff use and disclose your PHI for treatment, payment and health care operations without written authorization. Your permission is required for most other uses and disclosures.

Under the Privacy Rule, you have the right to:

  • Receive a copy of the Military Health System Notice of Privacy Practices
  • Request access to PHI
  • Request amendment of PHI
  • Request an accounting of PHI disclosures
  • Request restriction on PHI use and disclosure
  • File a complaint regarding privacy infractions.

Privacy Officers

Each military hospitals and clinic has a privacy officer who ensures health care information remains private, but available to you and your provider. The privacy officer can answer any questions you may have about HIPAA rules. The Defense Health Agency (DHA) also has a privacy office you can contact for information or assistance. In addition, your regional contractor has valuable information about privacy on its website.

What if my privacy is violated?

If you think your privacy rights have been violated, you may submit a written complaint to your military hospital or clinic or DHA privacy officer. You may call the general information number at your local military hospitals or clinic, visit their Web site.

Notice of Privacy Practices

When you receive treatment at a military hospitals or clinic, you will be given a copy of the Notice of Privacy Practices. This document details how your medical information may be used and with whom it may be shared. If you see civilian TRICARE-authorized providers, they may have their own privacy practices guidelines that they will share with you at the time of your appointment. It's important that you carefully read any information about privacy practices.

This section gives you information about how to access your medical records and how HIPAA regulations relate to you.

Last Updated 5/15/2017