Privacy and Investment Review
The Military Health System (MHS) Defense Business Information Technology Certification (DBITC) program was established to ensure system funding was certified in accordance with the National Defense Authorization Act of 2005. The MHS DBITC program relies on the TRICARE Management Activity (TMA) Privacy and Civil Liberties Office (Privacy Office) to serve as a leader to ensure privacy considerations are taken into account for MHS systems that are funded through appropriations from the Defense Health Program (DHP).
The Privacy Office provides guidance on privacy matters to the MHS DBITC and MHS program offices. This guidance includes review of documents, including Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs), to ensure privacy requirements are integrated into the life cycle of MHS systems, which increases efficiency and compliance. Privacy Office personnel also participate in MHS Investment Review Committee (IRC) meetings to answer any privacy related questions from the program offices. In addition, the Privacy Office leverages an established privacy framework to ensure program offices are adhering to requirements prior to certification, and coordinates with Defense Health Program System Inventory Reporting Tool (DHP-SIRT) administrators to ensure privacy information is accurately reflected for MHS Investment Review activities.