TMA Home About TMA Human Resources Conferences TRICARE Contacts Feedback Site Map
 
Infinite Menus, Copyright 2006, OpenCube Inc. All Rights Reserved.

Breach Response

The TRICARE Management Activity (TMA) Privacy and Civil Liberties Office (Privacy Office) coordinates comprehensive breach response efforts, to include reporting, monitoring, and remediation efforts within the Military Health System (MHS). Additionally, the Privacy Office ensures compliance with overarching policies and assists in the development of guidance specific to breach response, to include the TMA Incident Response Team and Breach Notification Policy Memorandum and Administrative Instruction, November 5, 2009.

Department of Defense (DoD) 5400.11-R, "DoD Privacy Program," May 14, 2007, defines a breach as the “actual or possible loss of control, unauthorized disclosure, or unauthorized access of personal information where persons other than authorized users gain access or potential access to such information for an other than authorized purposes where one or more individuals will be adversely affected.”

The Privacy Office Breach Response team also conducts annual incident response exercises involving senior MHS leaders and representatives from other DoD components to practice individual roles and strengthen joint-organization response readiness.

Breach Reporting

Report the actual or possible breach of personally identifiable and/or protected health information (PII/PHI) belonging to the MHS to PrivacyOfficerMail@tma.osd.mil.

In accordance with Office of the Secretary of Defense (OSD) Memorandum, "Safeguarding Against and Responding to the Breach of PII," dated June 5, 2009, a risk assessment must be conducted for every breach to determine whether notification to affected individuals is necessary. If required, notification must occur within 10 days from discovery of the breach and the identities of the individuals ascertained.

These documents are for TMA use only and serve as preliminary guidance for breach reporting.

Guidelines for Reporting Breaches

United States-Computer Emergency Readiness Team (US-CERT) Reporting Instructional Guidance

Instructions to Complete the TMA Breach Report Form

Breach Report Form

Plan of Action and Milestone Template

www.tricare.mil is the official Web site of the TRICARE Management Activity, a component of the Military Health System 7700 Arlington Boulevard, Suite 5101, Falls Church, VA 22042-5101

The appearance of hyperlinks to external Web sites does not constitute endorsement by the TRICARE Management Activity of these Web sites or the information, products or services contained therein. For other than authorized government activities, TRICARE Management Activity does not exercise any editorial control over the information you may find at other locations. Such links are provided consistent with the stated purpose of this DoD Web site.