Skip Navigation

Defense Health Agency

"On October 1, 2013, the Department of Defense established the Defense Health Agency (DHA) to manage the activities of the Military Health System. These activities include those previously managed by TRICARE Management Activity (TMA), which was disestablished on the same date. During the next several months, all TMA websites will change to reflect the new DHA. We appreciate your patience during this transition."


The Military Health System (MHS) must comply with the requirements of HIPAA, both as a provider of health care - through Military Treatment Facilities - and as the TRICARE health plan - through contracted network health care services.

Defense Health Agency (DHA) Business Information Management (IM) Division (under the Office of the Chief Financial Officer) manages the requirements of HIPAA through the formation of cross-functional Integrated Project Team (IPT) Workgroups. Membership on HIPAA IPTs include representatives from the Services, functional proponents or business process owners, Program Offices, system technical representatives, and DHA Aurora in order to address the provisions of each rule from the perspective of a provider and of a health plan. HIPAA IPTs assess the impacts on both Direct Care information systems, and Purchased Care operations and work to ensure implementation of requirements by mandated compliance dates.

DHA IM representatives also work with Designated Standards Maintenance Organizations (DSMOs) such as X12, Health Level 7 (HL-7) and other industry advisory groups such as the Workgroup for Electronic Data Interchange (WEDI) to ensure that the needs of the MHS are not overlooked when new rules or changes to existing standards are being proposed.

HIPAA Final Rules that have already been implemented include:

HIPAA Final Rule

Compliance Date

Standards for Privacy of Individually Identifiable Health Information (2000) (and subsequent 2002 modifications)

April 14, 2003

Standards for Electronic Transactions; Announcement of Designated Standard Maintenance Organizations Rule (2000) (and subsequent 2003 modifications)

October 16, 2003

Standard Unique Employer Identifier (2002)

July 30, 2004

Security Standards (2003)

April 21, 2005

Standard Unique Health Identifier for Health Care Providers (2004)

May 23, 2007

Modifications to the HIPAA Electronic Transaction Standards

January 1, 2012

Operating Rules for Eligibility for a Health Plan and Health Care Claim Status Transactions

January 1, 2013

National Provider Identifier User Requirements

May 6, 2013

Standards for Health Care Electronic Funds Transfers (EFTs) and Remittance Advice (RA) Transactions

January 1, 2014

Operating Rules for Health Care EFT and RA Transactions

January 1, 2014

HIPAA Final Rules that are in the process of being implemented:

HIPAA Final Rule

Compliance Date

Modifications to Medical Data Code Set Standards to Adopt International Classification of Diseases, 10th Revision, Clinical Modification (ICD–10–CM) and Procedure Coding System (ICD–10–PCS)

October 1, 2015

Standards for Unique Health Plan Identifier (HPID) for Health Plans

Health Plans to be enumerated by November 5, 2014

Health Plans to use HPID in HIPAA Transactions by November 7, 2016

Other Pages
Code Sets
Certificate of Creditable Coverage

* For TRICARE HIPAA Privacy and Security pages, please click here.