UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

- Trained on our vast library of engineering resources.

DODD 8580.02

Security of Individually Identifiable Health Information in DoD Health Care Programs

active, Most Current
Organization: DODD
Publication Date: 12 August 2015
Status: active
Page Count: 27
scope:

PURPOSE. This instruction:

a. Reissues DoD 8580.02-R (Reference (a)) as a DoD instruction (DoDI) in accordance with the authority in DoD Directive (DoDD) 5124.02 (Reference (b)).

b. Establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as "electronic protected health information (ePHI)").

c. Implements policy regarding information security as established in sections 300gg and 1320d et seq. of Title 42 United States Code (U.S.C.) (Reference (c)); section 1181 et seq. of Title 29 U.S.C. (Reference (d)); and parts 160, 162, and 164 of Title 45, Code of Federal Regulations (Reference (e)). References (c), (d), and (e) are collectively known and referred to in this instruction as the "Health Insurance Portability and Accountability Act (HIPAA)."

APPLICABILITY

a. This instruction applies to:

(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the DoD, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD, which are covered entities as defined in DoD 6025.18-R (Reference (f)) (referred to collectively in this instruction as the "DoD Components").

(2) Business associates, where the contract or other written arrangement makes this instruction applicable.

b. This instruction does not apply to:

(1) DoD drug-testing programs carried out pursuant to DoDI 1010.01 (Reference (g)) or DoDI 1010.09 (Reference (h).

(2) The provision of health care to foreign national beneficiaries of the Military Health System (MHS) when such care is provided in a country other than the United States.

(3) The Armed Forces Repository of Specimen Samples for the Identification of Remains established and operated pursuant to DoDI 5154.30 (Reference (i)).

(4) The provision of health care to enemy prisoners of war, retained personnel, civilian internees, and other detainees pursuant to DoDD 2310.01E (Reference (j)).

(5) Education records maintained by domestic or overseas DoD-operated schools.

(6) Records maintained by DoD-operated day care centers.

(7) Military Entrance Processing Stations.

(8) Reserve Component medical personnel who are outside the authority of the military treatment facilities (MTFs) and who do not engage in standard electronic transactions covered by this instruction. See Glossary for a list of covered transactions.

(9) Health care providers that participate in Defense Health Agency (DHA)-managed care support contractor provider networks, unless otherwise required by the TRICARE program manuals or other agreements.

c. As required pursuant to the Inspector General Act of 1978, as amended, Title 5, U.S.C., Appendix (Reference (k)), nothing in this instruction will be construed to diminish the authority of any statutory Inspector General, including such authority as provided for in Reference (k).

d. This instruction is based on the requirements of HIPAA, and has common characteristics with sections 3541 through 3544 of Title 44, U.S.C., also known as and referred to in this instruction as the "Federal Information Security Management Act (FISMA) of 2002" (Reference (l)). However, this instruction does not lessen the need for DoD to comply with FISMA, nor does this instruction supersede FISMA.

 

Document History

DODD 8580.02
August 12, 2015
Security of Individually Identifiable Health Information in DoD Health Care Programs
PURPOSE. This instruction: a. Reissues DoD 8580.02-R (Reference (a)) as a DoD instruction (DoDI) in accordance with the authority in DoD Directive (DoDD) 5124.02 (Reference (b)). b. Establishes...
July 12, 2007
DoD HEALTH INFORMATION SECURITY REGULATION
APPLICABILITY AND SCOPE This Regulation applies to the Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of...

References

Advertisement