The TRICARE Management Activity (TMA) Privacy and Civil Liberties Office (Privacy Office) manages a comprehensive privacy and security program that ensures compliance with the HIPAA Privacy and Security Rules codified at 45 C.F.R. Parts 160 and 164.
The HIPAA Privacy and Security Rules are implemented within the Military Health System (MHS) by DoDM 6025.18, "Implementation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in DoD Health Care Programs," March 13, 2019 and DoDI 8580.02, "Security of Individually Identifiable Health Information in DoD Health Care Programs," August 12, 2015.
As set forth by DoDM 6025.18, the Privacy Office supports the protection of beneficiary health information and HIPAA Privacy Rule compliance by all MHS business processes, procedures, and systems that solicit, collect, maintain, access, use, disclose, and dispose of protected health information (PHI).
Concurrently, through its HIPAA security program, as set forth by DoDI 8085.02, the Privacy Office supports the protection of the confidentiality, integrity and availability of electronic PHI against any reasonably anticipated threats or hazards, including implementation of reasonable administrative, physical, and technical safeguards by MHS covered entities under HIPAA.
Please note that the Privacy Office does not provide information on the Transactions, Code Sets and Identifiers requirements of HIPAA’s Administrative Simplification provisions. For more information, go to https://www.tricare.mil/Privacy/HIPAA.