Paubox blog: HIPAA compliant email made easy

Does MEDCoE need to be HIPAA compliant?

Written by Kirsten Peremore | August 13, 2024

Due to the nature of the activities they perform, the U.S. Army Medical Center of Excellence (MEDCoE) needs to ensure that they are HIPAA compliant. 

 

What is MEDCoE?

The U.S. Army Medical Command (MEDCOM) used to be the main organization handling the health services of the Army. However, as the needs of military medicine grew more complex, there was a push to focus more on education and training for medical personnel. This led to the transformation of MEDCOM into what is now known as the MEDCoE. The US Military provides the function of MEDCoE as, “The MEDCoE supports the Army to lead the design, integration, education, and training of new and innovative approaches to health and the Army Health System.”

MEDCoE's roots trace back to the early 20th century, evolving through various forms and names to meet the changing demands of military medicine. Initially focused on basic medical training, it has expanded to become the cornerstone of advanced medical education and doctrine in the Army.

The primary function of MEDCoE is to develop and deliver top-tier medical training and education to Army personnel. It ensures that Army medical staff are proficient in the latest healthcare practices and prepared to support both peacetime and wartime operations. MEDCoE assists in advancing medical doctrine and integrating innovative healthcare solutions to enhance Army readiness.

 

What is HIPAA compliance?

HIPAA compliance means following the rules set by HIPAA to protect the privacy of personal health information. Businesses that handle health records, like hospitals, clinics, and insurance companies, must make sure they keep this information safe and private. They must also use secure methods to share these records only when necessary and with permission. Following HIPAA rules help prevent private health details from being shared without consent, ensuring that everyone’s medical information stays confidential and secure.

 

Why does MEDCoE need to remain HIPAA compliant? 

The MEDCoE is classified as a covered entity under HIPAA. As a covered entity, MEDCoE has a legal obligation to secure protected health information (PHI) privacy and security. The responsibility includes anything from medical records to billing information that could identify an individual. MEDCoE falls under this classification due to its extensive involvement in medical training and healthcare provision to military personnel and their families.

 

The military command exception rule and MEDCoE

The military command exception rule under HIPAA allows certain exemptions for covered entities like MEDCoE when dealing with Protected Health Information (PHI) in specific military contexts. The Military Health System website explains that, “These activities include fitness for duty determinations, fitness to perform a particular assignment, or other activities necessary for the military mission. PHI disclosed to military command authorities, while no longer subject to HIPAA, remains protected under the Privacy Act of 1974.”

For MEDCoE, this rule means that they can share medical information without individual consent under circumstances necessary in military missions. For example, in deployment readiness, commanders might need access to PHI to make informed decisions about troop deployment. 

See also: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is the Privacy Act?

The Privacy Act is a U.S. law that protects personal information held by the federal government, ensuring that it is kept confidential and used only for intended purposes.

 

How is PHI handled when military personnel make use of civilian medical services?

When military personnel use civilian medical services, their Protected Health Information (PHI) is handled according to HIPAA rules, which require that their medical information be protected and only shared with proper consent.

 

What is the relation between the VA and VHA in MEDCoE?

In the context of MEDCoE, the relationship between the Veterans Affairs (VA) and the Veterans Health Administration (VHA) involves collaboration on training programs and sharing of best practices to enhance the care provided to military personnel and veterans.