Notice of privacy practices
The Health Insurance Portability and Accountability Act (HIPAA) provides privacy procedures for personal health information (PHI).
On this page
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA), provides privacy protections for protected health information (PHI).
The Health Care Authority (HCA) follows HIPAA rules for Apple Health (Medicaid) and Public Employees Benefits Board (PEBB) programs and must provide privacy protections for personal and health information collected about members, applicants, state employees and retirees, even after death. This includes written, spoken, and electronic information.
Is there a form I need to sign to release my information?
Yes. If you want HCA to release your information to someone (a relative, friend, legislator, etc.), you must sign an authorization form. For information on when we might release information without your signed authorization, such as to a health care provider, see your notice of privacy practices.
Note: If you are a retiree receiving benefits from the Department of Retirement Systems (DRS), the PEBB Program may share your information with DRS to better serve you.
Where can I find a copy of my notice of privacy practices?
- For UMP subscribers: UMP notice of privacy practices
- For all other HCA clients: Notice of privacy practices
(available in 15 languages)
Where can I find more information?
For more information about the privacy practices of HCA, you may call 1-844-284-2149 (toll-free) or email HCA's privacy officer.
How do I file a complaint?
If you have a complaint about our health information practices or believe that we have violated your privacy rights, please make a complaint to the HCA privacy officer.