NRPM: Standards for Privacy of Individually Identifiable Health Information. i. Members of the Armed Forces


The primary purpose of the health care system of the military services differs in its basic character from that of the health care system of society in general. The special nature of military service is acknowledged by the Constitutional provision for separate lawmaking for them (U.S. Constitution, article I, section 8, clause 14) and in their separate criminal justice system under the Uniform Code of Military Justice (10 U.S.C. 801, et seq.).

The military health care system, like other federal and civilian health care systems, provides medical care and treatment to its beneficiary population. However, it also serves a critical national defense purpose, ensuring that the Armed Forces are in a state of medical readiness to permit the discharge of those responsibilities as directed by the National Command Authority.

The health and well-being of military members is key and essential. This is true whether such personnel are serving in the continental United States or overseas or whether such service is combat-related or not. In all environments, operational or otherwise, the Armed Forces must be assured that its personnel are medically qualified to perform their responsibilities. This is critical as each and every person performs a vital service upon which others must rely in executing a specified defense requirement. Unqualified personnel not only jeopardize the possible success of an assignment or operation, but they pose an undue risk and danger to others.

To assure that such persons are medically fit, health information is provided to proper command authorities regarding military members performing certain critical functions for medical screening and other purposes so that determinations can be made regarding the ability of such personnel to perform assigned duties. For example, health information is provided regarding:

  • A pilot receiving medication that may affect alertness;
  • An Armed Forces member with an intolerance for a vaccine necessary for deployment to certain geographical areas;
  • Any significant medical or psychological changes in a military member who is a member of the Nuclear Weapons Personnel Reliability Program;
  • A military recruit or member with an illness or injury which disqualifies him or her from military service;
  • Compliance with controlled substances policies.

The military and the Coast Guard obtain such information from their own health care systems, as well as from other agencies that provide health care to service members, such as the Department of Transportation (DOT), which is responsible for the United States Coast Guard and other federal agencies which provide medical care to members of the Armed Forces (e.g., the Department of State (DOS) provides such care to military attaches and Marine security personnel assigned to embassies and consulates overseas, the Department of Veterans Affairs provides care in certain areas of the country or in cases involving specialized services). Other health care providers could also provide information, for example, when a private sector physician treats a member injured in an accident.

The special needs of the DOD and DOT for accessing information for purposes other than treatment, payment or health care operations were recognized in the Secretary’s Recommendations. We considered several options for accommodating the unique circumstances of a military health care environment. We considered providing special rule-making authority to the DOD and other federal agencies which provide care to members of the military, but HIPAA does not allow for such delegation by the Secretary of HHS. Therefore, we propose that health care providers and health plans of the DOD, the DOT, the DOS, the Department of Veterans Affairs as well as any other person or entity providing health care to Armed Forces personnel, could use or disclose protected health information without individual authorization for activities deemed necessary by appropriate military command authorities to assure the proper execution of the military mission.

The appropriate military command authorities, the circumstances in which use or disclosure without individual authorization would be required, and the activities for which such use or disclosure would occur in order to assure proper execution of the military mission, would be identified through Federal Register notices promulgated by the DOD or the DOT (for the Coast Guard). The verification requirements in § 164.518(c) would apply to disclosures permitted without authorization.

This proposal would not confer authority on the DOD or the DOT to enact rules which would permit use or disclosure of health information that is restricted or controlled by other statutory authority.