Notice of privacy practices

The Health Insurance Portability and Accountability Act (HIPAA) provides privacy procedures for personal health information (PHI).

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA), provides privacy protections for protected health information (PHI).

The Health Care Authority (HCA) follows HIPAA rules for Apple Health (Medicaid) and Public Employees Benefits Board (PEBB) programs and must provide privacy protections for personal and health information collected about members, applicants, state employees and retirees, even after death. This includes written, spoken, and electronic information.

Is there a form I need to sign to release my information?

Yes. If you want HCA to release your information to someone (a relative, friend, legislator, etc.), you must sign an authorization form. For information on when we might release information without your signed authorization, such as to a health care provider, see your notice of privacy practices.

Note: If you are a retiree receiving benefits from the Department of Retirement Systems (DRS), the PEBB Program may share your information with DRS to better serve you.

Where can I find a copy of my notice of privacy practices?

Where can I find more information?

For more information about the privacy practices of HCA, you may call 1-844-284-2149 (toll-free) or email HCA's privacy officer.

How do I file a complaint?

If you have a complaint about our health information practices or believe that we have violated your privacy rights, please make a complaint to the HCA privacy officer.


HCA privacy officer
Phone: 844-284-2149 (toll-free) or 360-725-2108

Mailing address:
Privacy Officer
Health Care Authority
PO Box 42704
Olympia, WA 98504-2704