This notice is effective in its entirety as of October 1, 2013.
THIS NOTICE DESCRIBES HOW MEDICAL
INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions about this notice, please contact your local Military
Treatment Facility (MTF) Privacy Officer or, if necessary, the TRICARE Management
Activity (TMA) Privacy Officer at
This Notice of Privacy Practices is required by the Health Insurance Portability
and Accountability Act (HIPAA) Privacy Rule. It describes how medical information
about you may be used and disclosed and how you can get access to this information.
If you have any questions about this notice, please contact the HIPAA Privacy Officer
at your military treatment facility (MTF) or, if necessary, the Defense Health Agency
(DHA) Privacy and Civil Liberties Office (DHA Privacy Office). See “Contact Information”
at the bottom of this notice.
MHS Practices Regarding Protected
Health Information (PHI)
This notice describes MHS practices regarding your PHI. The terms “we” and “our”
in this notice refer to the MHS. The MHS includes the following:
- MTFs including Coast Guard treatment facilities
- All MHS/TRICARE health plans
- TRICARE Regional Offices
- TRICARE managed care support contractors and certain other organizations with access
to your PHI under agreements with the MHS. However, private sector providers in
contractor networks must issue their own Notices of Privacy Practices.
- MHS and Coast Guard headquarters functions, such as activities of DHA and the Military
Departments’ Surgeons General
Our Duties to You Regarding Your
The HIPAA Privacy Rule requires the MHS to:
Ensure that your PHI is properly safeguarded
Notify you if we determine that your PHI was inappropriately used or disclosed
Provide you this notice of our legal duties and privacy practices for the use and
disclosure of your PHI
Follow the terms of the notice currently in effect
Our Right to Revise This Notice. We may change this notice and
our privacy practices at any time. Any revised notice will apply to the PHI we already
have about you at the time of the change and any PHI we create or receive after
the change takes effect. We will advise you of important changes and post the revision
on our website.
How to Obtain a Copy of This Notice. This notice is available in
paper copy at your MTF and is also available on our website. You can ask for a paper
copy at your next appointment, or call and request that we mail a copy to you, even
if you have previously agreed to receive this notice electronically.
How We May Use or Disclose Your
PHI Without Your Authorization
Treatment. To provide, coordinate, or manage your health care.
For example, we may disclose your PHI to another MTF, physician, or health care
provider, such as a specialist, pharmacist, or laboratory, who, at the request of
your provider, becomes involved with your health care.
Payment. To obtain payment for your health care services. This
may include certain activities needed to approve or pay for your health care services,
such as using or disclosing your PHI to obtain approval for a hospital stay.
Health Care Organizations. To support the daily activities related
to health care. These activities include, but are not limited to, quality assessment
activities, patient safety, investigations, oversight of staff performance, practitioner
training, licensing, communications about a product or service, and conducting or
arranging for other health care related activities. We do not use or disclose any
genetic information for underwriting purposes.
Business Associates. To certain companies (“business associates”)
that provide various services to the MHS (for example, billing, transcription, software
maintenance, legal services, and managed care support). The law requires that business
associates protect your PHI and comply with the same HIPAA Privacy standards that
Armed Forces PHI for Military Activity and National Security. To
certain officials and for special government functions including:
Military command authorities, where needed, to ensure the proper execution of the
military mission, including evaluation of fitness for duty
The Department of Veterans Affairs (VA) for determinations of your eligibility for
Foreign military authorities with respect to their armed services members
Authorized Federal officials for national security or intelligence activities, or
protective services for the President and others
Public Health. To public health authorities and parties regulated
by them, as permitted by law. Examples of why they may need your PHI include prevention
or control of disease, injury, or disability.
Reporting Victims of Abuse, Neglect, or Domestic Violence. To government
authorities that have authority to receive such information, including a social
service or protective service agency.
Communicable Diseases. To a person who might be at risk of contracting
or spreading a communicable disease or condition.
Health Oversight. To a health oversight agency legally authorized
for audits, investigations, and inspections. Such activities may include the health
care system, government benefit programs, civil rights laws, and other government
Worker's Compensation. To workers’ compensation programs.
Required by Law. To government and other entities as required by
federal or state law (including DoD and Military Department regulations). For example,
we may be required to disclose your PHI to the Department of Health and Human Services
(HHS) investigating HIPAA violations or to a DoD Inspector General conducting other
Legal Proceedings. To parties and entities in proceedings of courts
and administrative agencies, including in response to a court order or subpoena.
Inmates. To a correctional facility with respect to inmates.
Coroners, Funeral Directors, and Organ Donations. To coroners,
medical examiners, or funeral directors, and to determine the cause of death or
for the performance of other duties. PHI also may be used and disclosed for cadaver
organs, eyes, or tissue donations.
Law Enforcement. To law enforcement authorities. For example, to
investigate a crime involving the MHS or its patients.
Research. To researchers. The MHS reviews research proposals and
protocols to ensure the privacy of your PHI requested for such research activities.
Avert Threats. To prevent or lessen a serious and imminent threat
to the health or safety of a person or the public.
Disclosures by the Health Plan. To parties that need your PHI for
health plan purposes such as enrollment, eligibility verification, coordination
of coverage, or other benefit programs.
Minors and Other Represented Beneficiaries. To parents, guardians,
and other personal representatives, generally consistent with the law of the state
where treatment is provided.
How We May Use or Disclose Your
PHI Unless You Object
The following are examples of permitted uses and disclosures of your protected health
information. These examples are not exhaustive.
MTF Directories. To individuals who ask for you by name at an MTF
(disclosures are limited to your name, where you are receiving care, and your general
condition). We may also tell members of the clergy your religious affiliation.
Individuals Involved in Your Health Care. To the following persons or entities:
A member of your family, or any other person you identify who is involved, before
or after your death, in your health care or payment for care, unless we are aware
of a deceased individual’s contrary preference•
A person who is responsible for your care who needs to know about your location,
general condition, or death
An authorized entity to assist in disaster relief efforts
Uses and Disclosures Requiring Your
Any use or disclosure of your PHI not described in this notice requires your written
authorization. Some uses and disclosures, even if included in this notice, would
not be permitted without your written authorization. These include the following
three activities in which the MHS does not engage:
Sharing your psychotherapy notes with a third party who is not a part of your care
Sending information to encourage you to buy a product if we are paid to send that
information or make that communication
Selling your PHI
If you authorize us to share your PHI, you can revoke your authorization at any
time by contacting your MTF HIPAA Privacy Officer, but your revocation will only
apply to information not already disclosed.
Your Rights Regarding Your Health
You may exercise the following rights through a written request to your MTF HIPAA
Privacy Officer. If your request does not relate to an MTF, please go to the “Contact
Us” page of the TRICARE website, which will provide additional information on submitting
your written request. Depending on your request, you may also have rights under
the Privacy Act of 1974.
Right to Inspect and Copy. As allowed by law, you may inspect and
request a copy of your medical or billing records (including an electronic copy,
if we maintain the records electronically). You have the right to have the information
sent directly to a party you designate, such as your physician. In limited situations,
we may deny your request or part of it, but if we do, we will tell you why in writing
and explain your right to review, if any.
Right to Request Restrictions. You may ask us not to share any
part of your PHI for treatment, payment, or health care operations. You may also
request that we limit the information we share about you to someone who is involved
in your care or the payment of your care. In your request, you must tell us what
information you want restricted, and to whom you want the restriction to apply.
Neither the MTF nor DHA is required to agree to your request. We will not deny a
request to restrict disclosure of your PHI to a health plan (including a TRICARE
health plan), where the PHI relates to the care which you paid for in full out of
pocket. We will not use or disclose your PHI in violation of a restriction to which
we agreed, unless your PHI is needed for emergency treatment. We permit you, the
MTF, or DHA to end a previously agreed-upon restriction at any time by providing
Right to Request Confidential Communications. You may request that
we communicate with you in a certain way or at a certain location (e.g., only at
home or only by mail). We will accommodate reasonable requests.
Right to Request Amendment. You may request an amendment to your
PHI if you believe there is an error. You must tell us what you would like corrected
or added to your information and why. If we approve your request, we will make the
correction or addition to your PHI. If we deny your request, we will tell you why
and explain your right to file a written statement of disagreement.
Right to an Accounting of Disclosures. You may request that we
provide you with an accounting of when your PHI was disclosed outside the MHS, but
an accounting will not include certain disclosures (e.g. for treatment purposes).
You are entitled to one disclosure accounting in a 12-month period at no charge.
We may charge a fee for additional requested accountings. Your request must state
the time period for which you want to receive the accounting, which may be up to
six years before the date of your request.
If you believe that an MTF or other MHS component has violated the HIPAA Privacy
Rule, you may file a written complaint with your MTF HIPAA Privacy Officer, the
DHA Privacy and Civil Liberties Office, or HHS. We will not take any action against
you for filing a complaint.
You may contact Moncrief Army Community Hospital's HIPAA Privacy Officer at
803-751-7484 or the TMA Privacy Officer for further information about the complaint
process, or for further explanation of this document. The TMA Privacy Officer may
be contacted at TRICARE Management Activity, Information Management, Technology
and Reengineering Directorate, HIPAA Office, Five Skyline Place, Suite 810, 5111
Leesburg Pike, Falls Church, VA 22041-3206, by phone at 1-888-DOD-HIPA (1-888-363-4472
– Toll Free from the continental United States)/TTY 877-535-6778. You may
also email questions to firstname.lastname@example.org.
For additional information regarding your privacy rights visit the TRICARE Web site
This notice is effective in its entirety as of October 1, 2013.