The Military Health System (MHS) must comply with the requirements of HIPAA, both as a provider of health care - through Military Treatment Facilities - and as the TRICARE health plan - through contracted network health care services.
Defense Health Agency (DHA) Business Information Management (IM) Division (under the Office of the Chief Financial Officer) manages the requirements of HIPAA through the formation of cross-functional Integrated Project Team (IPT) Workgroups. Membership on HIPAA IPTs include representatives from the Services, functional proponents or business process owners, Program Offices, system technical representatives, and DHA Aurora in order to address the provisions of each rule from the perspective of a provider and of a health plan. HIPAA IPTs assess the impacts on both Direct Care information systems, and Purchased Care operations and work to ensure implementation of requirements by mandated compliance dates.
DHA IM representatives also work with Designated Standards Maintenance Organizations (DSMOs) such as X12, Health Level 7 (HL-7) and other industry advisory groups such as the Workgroup for Electronic Data Interchange (WEDI) to ensure that the needs of the MHS are not overlooked when new rules or changes to existing standards are being proposed.
HIPAA Final Rules that have already been implemented include:
HIPAA Final Rule
Standards for Privacy of Individually Identifiable Health Information (2000) (and subsequent 2002 modifications)
April 14, 2003
Standards for Electronic Transactions; Announcement of Designated Standard Maintenance Organizations Rule (2000) (and subsequent 2003 modifications)
October 16, 2003
Standard Unique Employer Identifier (2002)
July 30, 2004
Security Standards (2003)
April 21, 2005
Standard Unique Health Identifier for Health Care Providers (2004)
May 23, 2007
Modifications to the HIPAA Electronic Transaction Standards
January 1, 2012
Operating Rules for Eligibility for a Health Plan and Health Care Claim Status Transactions
January 1, 2013
National Provider Identifier User Requirements
May 6, 2013
Standards for Health Care Electronic Funds Transfers (EFTs) and Remittance Advice (RA) Transactions
January 1, 2014
Operating Rules for Health Care EFT and RA Transactions
HIPAA Final Rules that are in the process of being implemented:
Modifications to Medical Data Code Set Standards to Adopt International Classification of Diseases, 10th Revision, Clinical Modification (ICD–10–CM) and Procedure Coding System (ICD–10–PCS)
October 1, 2015
Standards for Unique Health Plan Identifier (HPID) for Health Plans
Health Plans to be enumerated by November 5, 2014
Health Plans to use HPID in HIPAA Transactions by November 7, 2016
Certificate of Creditable Coverage
* For TRICARE HIPAA Privacy and Security pages, please click here.
“On October 1, 2013, the Department of Defense established the Defense Health Agency (DHA) to manage the activities of the Military Health System. These activities include those previously managed by TRICARE Management Activity (TMA), which was disestablished on the same date. During the next several months, all TMA websites will change to reflect the new DHA. We appreciate your patience during this transition."
7700 Arlington Boulevard, Suite 5101, Falls Church, VA 22042-5101
The appearance of hyperlinks to external Web sites does not constitute
endorsement by the Defense Health Agency of these Web sites or the
information, products or services contained therein. For other than
authorized government activities. The Defense Health Agency does not
exercise any editorial control over the information you may find at other
locations. Such links are provided consistent with the stated purpose of
this DoD Web site. Accessibility/Section 508