HCA statement on use of Apple Health (Medicaid) client data

The Health Care Authority (HCA) is required by federal law to submit certain data to the Centers for Medicare & Medicaid Services (CMS) for all individuals enrolled in Apple Health (Medicaid). HCA is required to do this in order to continue to receive federal Medicaid funding for our program. For some of our state-only funded health programs, HCA has been able to receive some federal funding to administer these programs. This includes the Apple Health Expansion program created in July of last year. HCA had been submitting required data to CMS in relation to these programs since August 2024. HCA was not consulted by CMS about the sharing of this information with other federal agencies, including those involved in immigration enforcement, and we were not given an opportunity to review or object.

The data that was turned over to the Department of Homeland Security includes protected health information of every Apple Health enrollee. For our state, that’s 1.7 million people. Washingtonians who receive a wide spectrum of services in every corner of our state. This is an unethical use of protected health information. There is a reason why we have clear federal and state laws protecting the transmission and use of health information. Anyone seeking health services are in a vulnerable state and their access deserves to be protected. We would never support the use of data submitted for health care purposes being repurposed by federal agencies seeking to unjustly target specific groups of individuals. Protecting the privacy of all of our Apple Health clients, regardless of their immigration status, is central to our mission, and we take these concerns extremely seriously.

HCA is reviewing whether we have any recourse related to this gross misuse of our data.