Data at HCA

Data is one of the Health Care Authority's (HCA) most valuable assets, helping strengthen our ability to make decisions based on reliable, timely, and accurate information.

Core principles

  • Integrity: Data should be as accurate, complete, consistent, valid, and reliable as possible.
  • Security and privacy: Data should be properly handled and protected from unauthorized access, disclosure, and destruction.
  • Standardization: Data should be handled in a way that allows for predictability and controlled variation.
  • User experience: Data should be usable and add value.

How does HCA use data?

Data strategy

Read our data strategy overview to learn more about how we manage our data for accuracy, reliability, security, and best user experience. The full data strategy details how we aim to accomplish our goals.

Data Governance

Data Governance serves to organize and implement structures that support HCA’s ability to create, protect, and share quality data. These structures include policies, procedures, standards, and roles that enable the effective use of HCA’s data assets.

It operates within an ecosystem consisting of several committees and workgroups designed to ensure that everyone plays their part and is heard. Each group serves a distinct purpose in supporting HCA’s comprehensive data strategy.

Data requests

Data requests with the intent of sharing data outside HCA are initiated by contacting the HCA Data Governance.

Category 1 data

Static reports containing only category 1 data may not require a data request. These reports must meet the following conditions:

  • Category 1 data, containing:
    • No protected health information (PHI)
    • No direct or indirect identifiers, such as dates of service or client zip code
    • Small numbers are suppressed
  • Nonrepeatable (one-time)
  • Will not require a contract or data sharing agreement

Static reports such as these can be found under Reports on our Data and reports page.

Public disclosure requests

Public disclosure requests and data required as part of an audit are handled by our Public Disclosure and Audit and Accountability offices. They may not require a Data Request Form. To learn more, visit our Public disclosure requests page.

Data request process

Various groups at HCA support this effort. The data type and sensitivity determine what level of review and vetting is required for the data to be released.

  • Data Governance Team: Will facilitate the review process and communicate with applicants on the process and feedback.
  • Privacy Office: Review request to ensure compliance with HIPAA, other federal and state laws, and data categorization.
  • Security Office: Review request to ensure contractor can comply with State practices for securely storing and accessing information.
  • Data Utilization Committee (DUC): Reviews requests for new contracts, research, and external publishing of data products.
  • Data Utilization Subcommittee (SubDUC): Reviews requests for contract modifications, renewals, and consults on potential data shares.
  • Contracts: Ensures data share agreement and contractual terms are up to date.