HIPAA > Home
Health Insurance Portability and Accountability Act (HIPAA)


HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. The Department of Health & Human Services-Office of Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and the HIPAA Security Rules. To learn more information about the OCR and HIPAA please visit (http://www.hhs.gov/ocr/privacy/index.html).

The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. To learn more information about the Privacy Rule and DoD please visit  (http://www.tricare.mil/tma/privacy/hipaa-privacyrule.aspx).

The purpose of HIPAA is:
  1. To protect and enhance the rights of patients by providing them access to their health information and controlling the use and disclosure of their health information;
  2. To improve the quality of health care by restoring trust in the health care industry amongst patients, health care providers and all others involved in the delivery of health care; and
  3. To improve the efficiency and effectiveness of health care delivery by protecting patient information.
 Notice of Privacy Practices (NoPP):
   The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule gives individuals a right to be informed of the privacy practices of their health plans and of most of their health care providers, as well as to be informed of their individual rights with respect to their protected health information (PHI).
   Health plans and covered health care providers are required to develop and distribute a notice that provides a clear explanation of these rights and practices. The notice is intended to make individuals aware of privacy issues and concerns, and to prompt them to have discussions with their health plans and health care providers and exercise their rights.
   The NoPP requirements as set forth by the HIPAA Privacy Rule are specifically codified at 45 C.F.R. Part 164.520 and further implemented within the Military Health System (MHS) by DoD 6025.18-R.
   The Defense Health Agency (DHA) Privacy and Civil Liberties Office has revised and updated the MHS’ NoPP, which was issued 10 years ago. These revisions not only bring the NoPP up-to-date and enhance clarity and readability, but most importantly, reflect the HIPAA Omnibus Final Rule modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (“HIPAA Rules”) (published at 78 Fed. Reg. 5566-5702 (Jan. 25, 2013)).
   The new MHS NoPP is effective October 1, 2013, concurrent with the stand-up of the DHA on October 1, 2013. Please note that, when the new NoPP goes into effect, the old NoPP (dated April 14, 2003) is no longer authorized for use within the MHS. Links to or use of the old NoPP must be discontinued and the new NoPP must be made available to all new patients at MHS treatment facilities. Upon request, existing patients and beneficiaries can also obtain the new NoPP.
NoPP Format for Print
Below are print-ready versions of the NoPP for your convenience. After printing out the print-ready version of NoPP, fold the document along the lines to create the tri-fold design. A portrait format of the NoPP is also available.
Print-Ready Version Brochure (Tri-fold format: 8.5 inches x 14 inches, landscape/2-sided)
Print-Ready Version (Portrait format: 8.5 inches x 11 inches, vertical)


Walter Reed Military Medical Center
8955 Wood Road
Building 1, South Wing, 1st Floor Room 1619
Bethesda, MD 20889-5628

Main (301) 319-4775
Privacy Hot Line: (301) 319-8802
FOIA Hotline : (301) 295-8903

Hours of Operation
Monday thru Friday
0800 - 1600