HIPAA

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The TRICARE Management Activity (TMA) Privacy and Civil Liberties Office (Privacy Office) manages a comprehensive privacy and security program that ensures compliance with the HIPAA Privacy and Security Rules codified at 45 C.F.R. Parts 160 and 164.

The HIPAA Privacy and Security Rules are implemented within the Military Health System (MHS) by DoD 6025.18-R, "Department of Defense Health Information Privacy Regulation," March 13, 2019 and DoD 8580.02-R, "Department of Defense Health Information Security Regulation," July 12, 2007.

As set forth by DoD 6025.18-R, the Privacy Office supports the protection of beneficiary health information and HIPAA Privacy Rule compliance by all MHS business processes, procedures, and systems that solicit, collect, maintain, access, use, disclose, and dispose of protected health information (PHI).

On August 30, 2012, TMA’s Deputy Director issued the updated TMA HIPAA Privacy and Security Core Tenets Policy Statement. This Policy Statement establishes and details the core tenets of the HIPAA Privacy and Security Rules at TMA for the use, disclosure, and protection of PHI, and confirms the responsibility and authority of the Director, TMA Privacy Office, as the TMA HIPAA Privacy and HIPAA Security Officer. TMA’s HIPAA Privacy and Security Core Tenets Policy Statement is available.

Please note that the Privacy Office does not provide information on the Transactions, Code Sets and Identifiers requirements of HIPAA’s Administrative Simplification provisions. For these types of inquiries, please contact the TMA HIPAA Electronic Transactions, Code Sets and Identifiers Team or refer to their website at http://www.tricare.mil.