DoD Health Information Security Regulation (DoD 8580.02-R)

This Regulation is issued under the authority of DoD Directive 5136.1 (Reference (a)). It assigns the Assistant Secretary of Defense for Health Affairs (ASD(HA)) the authority, direction, and control to establish policies, procedures, and standards that shall govern DoD medical programs. Although this Regulation is based on the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191 (1996) (Reference (b)), and title 45 Code of Federal Regulations parts 160, 162, and 164 (Reference (c)), it covers much of the same ground as the Federal Information Security Management Act (FISMA) (Reference (d)). This Regulation in no way impacts the need for the Department of Defense to comply with the FISMA. This law has not been superseded and has been taken into consideration in developing this Regulation. This Regulation applies to the Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the Department of Defense.