The TRICARE Management Activity (TMA) Privacy and Civil Liberties Office (Privacy Office) manages a comprehensive privacy and security program that ensures compliance with the HIPAA Privacy and Security Rules codified at 45 C.F.R. Parts 160 and 164.
The HIPAA Privacy and Security Rules are implemented within the Military Health System (MHS) by DoD 6025.18-R, "Department of Defense Health Information Privacy Regulation," January 24, 2003 and DoD 8580.02-R, "Department of Defense Health Information Security Regulation," July 12, 2007.
As set forth by DoD 6025.18-R, the Privacy Office supports the protection of beneficiary health information and HIPAA Privacy Rule compliance by all MHS business processes, procedures, and systems that solicit, collect, maintain, access, use, disclose, and dispose of protected health information (PHI).
Concurrently, through its HIPAA security program, as set forth by DoD 8580.02-R, the Privacy Office supports the protection of the confidentiality, integrity and availability of electronic PHI against any reasonably anticipated threats or hazards, including implementation of reasonable administrative, physical, and technical safeguards by MHS covered entities under HIPAA.
On August 30, 2012, TMA’s Deputy Director issued the updated TMA HIPAA Privacy and Security Core Tenets Policy Statement. This Policy Statement establishes and details the core tenets of the HIPAA Privacy and Security Rules at TMA for the use, disclosure, and protection of PHI, and confirms the responsibility and authority of the Director, TMA Privacy Office, as the TMA HIPAA Privacy and HIPAA Security Officer.
Please note that the Privacy Office does not provide information on the Transactions, Code Sets and Identifiers requirements of HIPAA’s Administrative Simplification provisions. For these types of inquiries, please contact the TMA HIPAA Electronic Transactions, Code Sets and Identifiers Team at HIPAATSCIMail@tma.osd.mil or refer to their website at http://www.tricare.mil/tma/hipaa.