Due to COVID-19, HCA’s lobby is closed. Learn more about your customer service options.
Notice of privacy practices
The Health Insurance Portability and Accountability Act (HIPAA) provides privacy procedures for personal health information (PHI).
On this page
The Health Insurance Portability and Accountability Act (HIPAA), provides privacy protections for protected health information (PHI).
The Health Care Authority (HCA) follows HIPAA rules for Apple Health (Medicaid) and Public Employees Benefits Board (PEBB) programs and must provide privacy protections for personal and health information collected about members, applicants, state employees and retirees, even after death. This includes written, spoken, and electronic information.
Yes. If you want HCA to release your information to someone (a relative, friend, legislator, etc.), you must sign an authorization form. For information on when we might release information without your signed authorization, such as to a health care provider, see your notice of privacy practices.
Note: If you are a retiree receiving benefits from the Department of Retirement Systems (DRS), the PEBB Program may share your information with DRS to better serve you.
- For UMP subscribers: UMP notice of privacy practices
- For all other HCA clients: Notice of privacy practices
(available in 14 languages)
For more information about the privacy practices of HCA, you may call 1-844-284-2149 (toll-free) or email HCA's privacy officer.
If you have a complaint about our health information practices or believe that we have violated your privacy rights, please make a complaint to the HCA privacy officer.