DHA 12 Third Party Collection System SORN

EDHA 12 > Defense Privacy and Civil Liberties Division > DOD-wide SORN Article Vi... Page 1 of 4

DEFENSE PRIVACY AND CIVIL LIBERTIES
DIVISION

Search DPCLD

U.S. DEPARTMENT OF DEFENSE
HOME

PRIVACY

PRIVACY
About the Office

CIVIL LIBERTIES
Authorities and Guidance

MEDIA
Resources

REPORTS
SORNs

DEPARTMENT OF DEFENSE

CONTACT

Privacy POCs

SYSTEM OF RECORD NOTICES (SORNS)

Defense Health Agency
EDHA 12
PRINT

2

SYSTEM NAME:
Third Party Collection System  (November 18, 2013,  78 FR 69076)
SYSTEM LOCATION:
Defense Health Services Systems, Suite 1599, 5203 Leesburg Pike, Falls Church, VA 22041-3891.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Members of the uniformed services (and their dependents) and retired military members (and their
dependents) who receive or have received health services approved by the Department of Defense,
contractors participating in military deployments or related operations who receive or have
received medical or dental care at a military treatment facility, Department of Defense civilian
employees (to include non-appropriated fund employees) who receive or have received medical or
dental care at a military treatment facility, and other individuals who receive or have received
medical or dental care at a military treatment facility.
CATEGORIES OF RECORDS IN THE SYSTEM:
Individual Data: This includes patient name, Social Security Number (SSN) (or foreign
identification), whether treatment was outpatient or inpatient, outpatient visit date and time,
date of birth, mailing address, home telephone number, family member prefix, and relationship to
policy holder; sponsor or insurance policy holder name, Social Security Number (SSN), and date of
birth; other covered family member name(s), Social Security Number (SSN), and date of birth; and,
if applicable, Medicare and Medicaid coverage data.
Insurance Policy Information Data: This includes policy number or identification, card holder
identification, group number, group name, enrollment plan/code, policy effective date, policy
category, policy end date, insurance company name, address and telephone number, insurance
type, policy holder, whether policy holder is insured through their employer, and drug coverage
data regarding authority to bill for pharmaceuticals.
Employer Information data: This includes employer name, address, and telephone number.
Billing Information Data: This includes bill type (military treatment facility, clinic, pharmacy,
laboratory/radiology, ambulance), name and location of military treatment facility, whether
treatment was outpatient or inpatient, outpatient visit date and time, inpatient admission and
discharge dates and time, patient identification number, patient name, provider code/description,
office visit code description, Medical Expense and Performance Reporting System code/description,
diagnosis code/description, billing amount, user who created the bill, date bill was created, and
status of bill and source of billing data.
Accounting Information Data: This includes control number, transaction code, debit amount, credit
amount, check number, Batch posting number, balance, patient identification, patient name,
encounter date, comments, entry date and follow-up date.

http://dpcld.defense.gov/Privacy/SORNsIndex/DODwideSORNArticleView/tabid/6797/Arti... 6/2/2016

EDHA 12 > Defense Privacy and Civil Liberties Division > DOD-wide SORN Article Vi... Page 2 of 4

Insurance Company Data: This contains tables for insurance company, policy, provider, fees, codes,
rates, and procedure maintenance.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
10 U.S.C. 1095, Health care services incurred on behalf of covered beneficiaries: collection from
third-party payers; 10 U.S.C. 1079b, Procedures for charging fees for care provided to civilians;
retention and use of fees collected; 42 U.S.C. Chapter 32, Third Party Liability For Hospital and
Medical Care; 28 CFR Part 43, Recovery of Costs of Hospital and Medical Care and Treatment
Furnished by the United States; 45 CFR Parts 160 and 164, Health and Human Services, General
Administrative Requirements and Security & Privacy; 32 CFR Part 220, Collection from Third Party
Payers of Reasonable Charges for Healthcare Services; DoD 6010.15-M, Chapter 3, Medical Services
Account; and E.O. 9397 (SSN), as amended.
PURPOSE(S):
To establish a standard patient accounting system for health care billing practices. It shall assist
military treatment facilities in the collection, tracking, and reporting of data required for the
Department of Defense Third Party Collection Program billing process by the adoption of standard
commercial medical coding and billing practices to military treatment facilities.
The Defense Finance Accounting Service (DFAS) uses this information to bill person(s) or
organization(s) liable for payment on behalf those receiving care at a military treatment facility.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, as
amended, these records may specifically be disclosed outside the Department of Defense as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
To interface with all commercial insurance carriers and parties against whom recovery has been
sought by the Department of Defense Military Health System, as well as all parties involved in
support of the collection activities for health care approved by the Department of Defense.
To the National Data Clearinghouse, an electronic healthcare clearinghouse, for purposes of
converting the data to an industry-wide format prior to forwarding the billing information to the
insurance companies for payment.
The DoD Blanket Routine Uses set forth at the beginning of Office of the Secretary of Defenses
compilation of systems of records notices apply to this system.
NOTE 1: This system of records contains individually identifiable health information. The
Department of Defense Health Information Privacy Regulation (DoD 6025.18-R) issued pursuant to
the Health Insurance Portability and Accountability Act of 1996, applies to most such health
information. DoD 6025.18-R may place additional procedural requirements on the uses and
disclosures of such information beyond what is found in the Privacy Act of 1974 or mentioned in
this system of records notice.
NOTE 2: Personal identity, diagnosis, prognosis or treatment information of any patient maintained
in connection with the performance of any program or activity relating to substance abuse
education, prevention, training, treatment, rehabilitation, or research, which is conducted,
regulated, or directly or indirectly assisted by any department or agency of the United States is,
except as per 42 U.S.C. 290dd-2, treated as confidential and disclosed only for the purposes and
under the circumstances expressly authorized under 42 U.S.C. 290dd-2.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF
RECORDS IN THE SYSTEM:

STORAGE:
Paper file folders and electronic storage media.
RETRIEVABILITY:

http://dpcld.defense.gov/Privacy/SORNsIndex/DODwideSORNArticleView/tabid/6797/Arti... 6/2/2016

EDHA 12 > Defense Privacy and Civil Liberties Division > DOD-wide SORN Article Vi... Page 3 of 4

Records are retrieved by the sponsor or patient name, Social Security Number, Department of
Defense Benefits Number, third party payer identification number assigned to individual, family
member prefix (a two-digit code identifying the person's relationship to the Military Sponsor),
and/or Patient Control Number.
SAFEGUARDS:
Physical access to system location restricted by cipher locks, visitor escort, access rosters, and
photo identification. Adequate locks on doors and server components secured in a locked computer
room with limited access. Each system end user device protected within a locked storage
container, room, or building outside of normal business hours. All visitors and other persons that
require access to facilities that house servers and other network devices supporting the system that
do not have authorization for access escorted by appropriately screened/cleared personnel at all
times.
Access to the system is role-based and a valid user account is required. The system provides twofactor authentication, using either a Common Access Card and Personal Identification Number or a
unique logon identification and password. Where a unique logon identification and password is
used, passwords must be renewed every sixty (60) days. Authorized personnel must have
appropriate Information Assurance training, Health Insurance Portability and Accountability Act
training, and Privacy Act of 1974 training.
RETENTION AND DISPOSAL:
Records are destroyed five years after the end of the year in which the record was closed.
SYSTEM MANAGER(S) AND ADDRESS:
Program Manager, Defense Health Services Systems, Suite 1500, 5203 Leesburg Pike, Falls Church,
VA 22041-3891.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system contains information about themselves should
address written inquires to the TRICARE Management Activity, Department of Defense, ATTN: TMA
Privacy Officer, Suite 810, 5111 Leesburg Pike, Falls Church, VA. 22041-3206.
Request should contain participants and/or sponsors full name, their Social Security Number (SSN),
and current address and telephone number and the names of the military treatment facility or
facilities in which they have received medical treatment.
If requesting health information of a minor (or legally incompetent person), the request must be
made by a custodial parent, legal guardian, or party acting in loco parentis of such individual(s).
Written proof of the capacity of the requestor may be required.
RECORD ACCESS PROCEDURES:
Individuals seeking access to records about themselves contained in this system should address
written inquiries to TRICARE Management Activity, Attention: Freedom of Information Act
Requester Service Center, 16401 East Centretech Parkway, Aurora, CO, 80011-9066.
Requests should contain participants and/or sponsors full name, their Social Security Number (SSN),
and current address and telephone number and the names of the military treatment facility or
facilities in which they have received medical treatment.
If requesting health information of a minor (or legally incompetent person), the request must be
made by a custodial parent, legal guardian, or party acting in loco parentis of such individual(s).
Written proof of the capacity of the requestor may be required.
CONTESTING RECORD PROCEDURES:
The Office of the Secretary of Defense rules for accessing records, for contesting contents and
appealing initial agency determinations are published in Office of the Secretary of Defense
Administrative Instruction 81 (32 CFR Part 311) or may be obtained from the system manager.
RECORD SOURCE CATEGORIES:
Information is obtained from an automated medical records system, the Composite Health Care
System (specifically, the Ambulatory Data Module), which is automatically sent to the Third Party

http://dpcld.defense.gov/Privacy/SORNsIndex/DODwideSORNArticleView/tabid/6797/Arti... 6/2/2016

EDHA 12 > Defense Privacy and Civil Liberties Division > DOD-wide SORN Article Vi... Page 4 of 4

Collection System. Other information may be obtained from the AHLTA System and the Theater
Data Medical Stores System.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
FEDERAL REGISTER HISTORY:
December 20, 2010, 75 FR 79345; November 18, 2013, 78 FR 69076
PRINT

About DoD

DoD Inspector General

Join the Military

Top Issues

Link Disclaimer

DoD Careers

News

Recovery Act

Privacy & Security

Photos & Videos

FOIA

Web Policy

Military/DoD Websites

USA.gov

Site Map

Contact

No FEAR Act

2

http://dpcld.defense.gov/Privacy/SORNsIndex/DODwideSORNArticleView/tabid/6797/Arti... 6/2/2016