What is a Breach?
According to the Department of Defense (DoD), a breach of personal information occurs when the information is lost, disclosed to, accessed by, or potentially exposed to unauthorized individuals, or compromised in a way where the subjects of the information are negatively affected.
Breach Reporting
The Defense Health Agency (DHA) Privacy and Civil Liberties Office (Privacy Office) coordinates breach reporting within the Military Health System (MHS). Email us if you have questions about breaches or breach reporting within the MHS.
Guidance tools for breach reporting:
You also may be interested in...
Showing results 1 - 15
Page 1 of 2
Policy
This instruction reissues DoD 8580.02-R as a DoD instruction (DoDI), which establishes policy and assigns responsibilities for security of individually identifiable health information created, received, maintained, or transmitted in electronic form.
Form/Template
7/14/2015
This document outlines the DoD reporting and notification requirements for breaches.
Recommended Content:
Breaches of PII and PHI
Form/Template
6/18/2015
This document provides instructions for breach reporting to the United States-Computer Emergency Readiness Team (US-CERT).
Recommended Content:
Breaches of PII and PHI
Form/Template
6/6/2014
This template is used to track plans of action and milestones regarding potential breaches.
Recommended Content:
Breaches of PII and PHI
Fact Sheet
5/5/2014
An Information Paper that explains what malicious code is, including the various types, the proper response to a malicious code attack, and steps to take to avoid receiving malicious code on a computer system.
Recommended Content:
Breaches of PII and PHI
Fact Sheet
5/5/2014
An Information Paper that tells what phishing is, how to respond to phishing attacks, and steps to take to avoid becoming a victim of phishing scams.
Recommended Content:
Breaches of PII and PHI
Fact Sheet
5/5/2014
An Information Paper that defines social networking, details the Department of Defense's position on this topic, and discusses the responsible use of social networking and Internet-based capabilities.
Recommended Content:
Breaches of PII and PHI
Fact Sheet
5/1/2014
Personally identifiable information (PII) is information that identifies, links, relates, or is unique to, or describes you. This also includes information which can be used to distinguish or trace your identity and any other personal information which is linked or linkable to you.
Recommended Content:
Privacy Act at DHA, Privacy Impact Assessments, HIPAA Compliance within the MHS, How HIPAA Protects You, Submit a Data Sharing Application, Breaches of PII and PHI, Freedom of Information Act, DHA Privacy Contract Language, Protect Humans in Research, Privacy Act and HIPAA Privacy Training
Policy
This form is used to report and provide information on lost, stolen, or compromised personally identifiable information (PII).
Policy
This Memorandum is to help guide Components toward optimal decision-making regarding PII breach risk and notification determinations.
Policy
This Memorandum updates guidelines in Military Health System Chief Information Officer memorandum “Updated Guidelines on Protection of Sensitive Information in Electronic Mail” of
September 19, 2008.
Policy
This Memorandum outlines the procedures for the Services for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.
Policy
This Memorandum outlines the procedures for Contractors for reporting a breach as defined by the Health Information Technology for Economic and Clinical Health (HITECH) Act provisions of the American Recovery and Reinvestment Act of 2009.
Policy
In accordance with the policies outlined in this Memorandum, a risk assessment must be conducted for every breach to determine whether notification to affected individuals is necessary.
Policy
This Memorandum establishes policy and assigns responsibility for how sanctions should be determined and applied against workforce members of TRICARE Management Activity (TMA) who fail to follow appropriate standards for safeguarding personally identifiable information (PII) and/or protected health information (PHI).
Showing results 1 - 15
Page 1 of 2