The Health Insurance Portability and Accountability Act, or HIPAA, provides privacy procedures for personal health information.

Following these procedures, the Health Care Authority — including Medicaid, Public Employees Benefits Board (PEBB) Programs and the Uniform Medical Plan (UMP) — must protect health information collected about its members, applicants, and state employees and retirees, even after death. This includes written, spoken, and electronic information.

You can find more information on HIPAA at the U.S. Department of Health and Human Services' Office for Civil Rights website.

If you want the Health Care Authority (HCA) to release your information to someone (a relative, legislator, friend, etc.) you will need to sign an authorization form.

If you are a retiree receiving benefits from the Department of Retirement Systems (DRS), the PEBB Program may share your information with DRS to better serve you.

Notice of Privacy Practices

How do I file a complaint?

If you have a complaint about our health information practices or believe that we have violated your privacy rights, please make a complaint to the HCA privacy officer. Phone 844-284-2149 (toll-free) or 360-725-2108, or email PrivacyOfficer@hca.wa.gov, or mail to:
Privacy Officer
Health Care Authority
Post Office Box 42700
Olympia, WA 98504-2700

Web Data Privacy Notice

Personal/protected information will not be used or disclosed to any person or entity who has no need to know it. Learn more.

GovDelivery Email Updates

For subscriber's receiving email updates from a Health Care Authority program, please refer to GovDelivery's Privacy Policy