What is a violation?
According to the Department of Defense, a personal data breach occurs when information is lost, disclosed, accessed or potentially exposed to unauthorized persons, or compromised in a way where the subjects of the information are negatively affected.
Reporting violations
The Defense Health Agency’s Office of Privacy and Civil Liberties coordinates reporting of violations within the military health system. Send us an email if you have questions about violations or reporting violations within MHS.
Guidance tools for reporting violations:
You might also be interested in…
Policy
August 2, 2022
Guidelines: HITECH Law
The Health Information Technology for Economic and Clinical Health Act, HITECH Act for short, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009.
- Identification number: N/A
- Type: Guidelines
Policy
March 6, 2020
Instructions: #DODI 5200.48, DODI 5200.48: Controlled Unclassified Information
This document establishes policy, assigns responsibilities, and prescribes procedures for CUI throughout DOD in accordance with Executive Order (EO) 13556; Part 2002 of Title 32, Code of Federal Regulations (CFR); and Sections 252.204-7008 and 252.204-7012 of the Defense Federal Acquisition Regulation Supplement (DFARS). It also establishes the…
- Identification number: DODI 5200.48
- Type: Instructions
Policy
March 13, 2019
Instructions: #6025.18, DOD Instruction 6025.18: Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Compliance in DOD Health Care Programs
This issuance, pursuant to the authority of DOD Directive 5124.02, establishes policy and assigns responsibilities for DOD’s compliance with federal law governing the confidentiality of health information and privacy violations; integrate health information privacy and breach compliance with general privacy and information security requirements in accordance…
- Identification number: 6025.18
- Type: Instructions
Form/Template
January 1, 2019
Form DD 2959 Personally Identifiable Information Breach (2019)
This Form DD2959 must be completed when a breach involving personally identifiable information occurs.
Form/Template
November 27, 2018
Guidelines for reporting violations
.PDF | 151.40 KB
This document describes DOD reporting and breach notification requirements.
DHA Publication
May 24, 2018
DHA-AI: #029, Disciplinary and undesirable measures
.PDF | 396.51 KB
Establishes DHA procedures for taking disciplinary and adverse action.
- Identification number: 029
- Type: DHA-AI
Policy
August 12, 2015
Instructions: Instruction #DoD 8580.02, DoD Instruction 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs
This instruction establishes policy and assigns responsibilities for the security of individually identifiable health information created, received, maintained, or transmitted in electronic form (referred to in this instruction as “electronic protected health information (ePHI)”).
- Identification Number: DoD Instruction 8580.02
- Type: Instructions
Form/Template
June 6, 2014
Action plan and steps template
.PDF | 163.93 KB
This template is used to track action plans and milestones regarding potential violations.
Fact sheet
May 5, 2014
Overview of phishing
.PDF | 153.97 KB
An informational document that explains what phishing is, how to respond to phishing attacks, and steps to take to avoid falling victim to phishing scams.
Fact sheet
May 5, 2014
Overview of malicious code
.PDF | 162.19 KB
An informational document that explains what malicious code is, including the different types, the appropriate response to a malicious code attack, and steps to take to avoid receiving malicious code on a computer system.
Fact sheet
May 5, 2014
Social media overview
.PDF | 154.18 KB
A briefing document that defines social media, details the Department of Defense’s position on this topic, and discusses the responsible use of social media and Internet-based capabilities.
Policy
November 17, 2010
Memoranda: TMA Guidelines on Protecting Sensitive Information in Email
.PDF | 436.31 KB
This memorandum updates the guidance from the Military Health System Chief Information Officer’s Memorandum “Updated Guidelines on Protecting Sensitive Information in Email” dated September 19, 2008.
- Identification number: N/A
- Type: Memoranda
Policy
April 28, 2010
Memoranda: Reporting a violation as defined by the provisions of the Health Information Technology for Economic and Clinical Health Act of the American Recovery and Reinvestment Act of 2009
.PDF | 253.66 KB
This memorandum describes the procedures for Services to report a breach, as defined by the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act of the American Recovery and Reinvestment Act of 2009.
- Identification number: N/A
- Type: Memoranda
Policy
April 13, 2010
Memoranda: Reporting a violation as defined by the provisions of the Health Information Technology for Economic and Clinical Health Act of the American Recovery and Reinvestment Act of 2009
.PDF | 118.49 KB
This memorandum describes the procedures for contractors to report a violation, as defined by the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act of the American Recovery and Reinvestment Act of 2009.
- Identification number: N/A
- Type: Memoranda
Policy
June 5, 2009
Memoranda: Protecting and Responding to Personal Information Breaches
.PDF | 2.29 MB
In accordance with the policies described in this memorandum, a risk assessment must be performed for each breach to determine whether notification to affected individuals is necessary.
- Identification number: N/A
- Type: Memoranda
You are leaving Health.mil
The appearance of hyperlinks does not constitute endorsement by the Department of Defense of non-U.S. Government sites or the information, products, or services contained therein. Although the Defense Health Agency may or may not use these sites as additional distribution channels for Department of Defense information, it does not have editorial control over all information you may find on these sites. These links are provided in accordance with the stated purpose of this website.
You are leaving Health.mil
See external links disclaimer.
Last updated: July 21, 2023