Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. The Department of Health & Human Services Office of Civil Rights (OCR) is responsible for enforcing HIPAA Privacy and HIPAA Security Rules.

The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates, and gives you (the patient) an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for your care and other important purposes. Learn more about HIPAA.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule also gives you the right to be informed of the privacy practices of your health plans and healthcare providers, as well as to be informed of your individual rights with respect to your protected health information (PHI). The Notice of Privacy Practices (NoPP) requirements as set forth by the HIPAA Privacy Rule are codified at 45 C.F.R. Part 164.520 and further implemented within the Military Health System (MHS) by DoD 6025.18-R. 

View and download the MHS NoPP (available in several languages). 

To file a HIPAA complaint or report a privacy violation, visit HIPAA.

For staff amendments to medical records (CAC or PIV required) fill out the following form (CAC or PIV required) and securely email it to dha.bethesda.j-11.mbx.wrnm-hipaa-mail@health.mil: