The TRICARE Management Activity (TMA) Privacy and Civil Liberties Office (Privacy Office) coordinates comprehensive breach response efforts, to include reporting, monitoring, and remediation efforts within the Military Health System (MHS). Additionally, the Privacy Office ensures compliance with overarching policies and assists in the development of guidance specific to breach response, to include the TMA Incident Response Team and Breach Notification Policy Memorandum and Administrative Instruction, November 5, 2009.
Department of Defense (DoD) 5400.11-R, "DoD Privacy Program," May 14, 2007, defines a breach as the “actual or possible loss of control, unauthorized disclosure, or unauthorized access of personal information where persons other than authorized users gain access or potential access to such information for an other than authorized purposes where one or more individuals will be adversely affected.”
The Privacy Office Breach Response team also conducts annual incident response exercises involving senior MHS leaders and representatives from other DoD components to practice individual roles and strengthen joint-organization response readiness.
Breach Reporting
Report the actual or possible breach of personally identifiable and/or protected health information (PII/PHI) belonging to the MHS to PrivacyOfficerMail@tma.osd.mil.
In accordance with Office of the Secretary of Defense (OSD) Memorandum, "Safeguarding Against and Responding to the Breach of PII," dated June 5, 2009, a risk assessment must be conducted for every breach to determine whether notification to affected individuals is necessary. If required, notification must occur within 10 days from discovery of the breach and the identities of the individuals ascertained.
These documents are for TMA use only and serve as preliminary guidance for breach reporting.
Guidelines for Reporting Breaches
United
States-Computer Emergency Readiness Team (US-CERT) Reporting Instructional
Guidance
Instructions to Complete the TMA Breach Report Form
Breach Report Form
Plan of Action and Milestone Template