Regulatory Requirements & Additional Resources
Federal Law
Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. 104-191)
HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164)
HIPAA Security Rule (45 C.F.R. Parts 160 and 164)
Department of Defense (DoD)
DoD 6025.18-R, DoD Health Information Privacy Regulation, January 24, 2003
DoD 8580.02-R, DoD Health Information Security Regulation, July 12, 2007
DoDI 6025.18, Privacy of Individually Identifiable Health Information in DoD Health Care Programs, December 2, 2009
DoDD 5400.11, DoD Privacy Program, May 8, 2007
DoD 5400.11-R, DoD Privacy Program, May 14, 2007
DoD 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), November 28, 2007
DoDD 8500.1, Information Assurance (IA), October 24, 2002
DoDD 8500.2, Information Assurance Implementation, February 6, 2003
Assistant Secretary of Defense/Health Affairs (ASD/HA)
Reliance on an Electronic Signature on Form SSA-827 when Disclosing Protected Health Information to the Social Security Administration, July 26, 2012
TRICARE Management Activity (TMA)
Policy for TRICARE Management Activity Workforce Members who Access Personally Identifiable Information or Protected Health Information, March 15, 2011
TMA Privacy and Civil Liberties Office Best Practices for Safeguarding Laptops,
February 2011
Telework Program Guide for Safeguarding Personally Identifiable and Protected Health Information, July 2010
General Mapping of HIPAA Security
Rule to Existing DoD Policies and IA Controls
This document represents an updated mapping of the HIPAA Security Rule to select DoD policies and IA controls.
It does not constitute the rendering of legal advice or an exhaustive list of all possible mappings of the Security Rule to DoD policies or IA controls.
The document is intended to provide general information and to allow different departments and components to customize the mapping according
to their security policies.
Policy Memoranda
Health Affairs (HA) Policy 05-018, Expediting Veterans Benefits to Members with Serious Injuries and Illness, September 27, 2005
DoD/Veterans Affairs (VA) Sharing Memorandum of Understanding (MOU),
June 27, 2005
Additional Resources
National Institute of Standards and Technology (NIST)
Computer Security Division Resource Computer Security Center