Resources that help consumers navigate, use, and interpret HCAI and other related healthcare data.

How is HCAI data used?

The California Department of Health Care Access and Information (HCAI) collects and manages data from dozens of health plans, thousands of health facilities and prescription drug manufacturers, and tens-of-thousands of healthcare workforce practitioners and produces a variety of tools to make the data useful and meaningful. HCAI also produces a variety of datasets, visualizations, and reports to make data useful and meaningful to improve quality of patient care in California.

What we want to achieve with our data and products

  • Know our clients and understand their needs.
  • Turn data into information and meaningful insight to inform patient care and quality improvement.
  • Support informed decisions that advance safe and quality healthcare environments.
  • Reduce challenges that occur in the collection and use of data.
  • Help organizations receive data more efficiently.
  • Provide data tools to enhance the work organizations are already trying to achieve.

How do I submit data?

Various healthcare entities submit data to HCAI for processing through secure, online data systems.

What data can be requested?

HCAI receives data requests from colleges and universities, state and federal government agencies, media, healthcare entities, private companies, and non-profit organizations. Customized data can be requested that may not be available on the HCAI website.

How is HCAI data protected? 

HCAI has collected, managed, and successfully protected sensitive and confidential health data for decades. HCAI ensures that the security, privacy, and confidentiality of consumers’ individually identifiable health information is protected in a manner consistent with state and federal privacy laws. All Californian’s are afforded a constitutional right to privacy and the state has long led the nation in developing robust privacy and security standards to protect personal information, particularly when it comes to information regarding individual health status. Consistent with this philosophy and history, a core principle is that protected sensitive and confidential health data managed by HCAI is used to learn and provide information about healthcare systems and populations at large, not individual patients. Only authorized individuals have access to these data.

The technology systems used to manage and store protected, sensitive, and confidential health data are administered with strict security and privacy procedures and controls, which include: regular mandatory role-based security and privacy training for all employees and contractors; encryption of data while in transit and at rest; strictly enforced least privileged access controls; rigorous back-up and recovery of data; and logging of all actions performed at the administrative, database, and application levels. These procedures and controls are overseen by HCAI’s Chief Information Security Officer and Chief Privacy Officer and comply with industry, state and federal standards. Security and privacy policies are reviewed annually and overseen by security governance that includes executive management and subject matter experts.

Release of protected, sensitive health data is tightly controlled by regulation and policy. Requestors seeking data from HCAI must first be approved and then follow strictly governed application processes, which include signing a Data Use Agreement (DUA). The HCAI DUA describes appropriate safeguards through “Required Practices for Safeguarding Access to Confidential Data.” Guidance is also included regarding security incident and data breach management and reporting; how to handle Business Associate Agreements; data record retention periods; and data destruction requirements. The HCAI DUA further explains appropriate Requestor data usage and aggregate reporting requirements for HCAI data, which comply with the CalHHS Data De-Identification Guidelines. The agreement also ensures that the Requestor and their Contractors are compliant with HCAI standards and requirements as outlined in the DUA. Failure of the Requestor to comply with all terms of the HCAI DUA can result in termination of the agreement and may subject the Requestor to legal action by the State. Separately, state entities are subject to a similar process memorialized in the California Health and Human Services Interagency Data Exchange Agreement.

Finding HCAI Data

You can navigate the HCAI website to find data in several ways:

  • Featured: Highlighted release of interactive reports and visualizations
  • Topics: Browse by topic
  • A-Z Content: Alphabetical list
  • All Datasets: A list of all the underlying HCAI data in open formats
  • Facility Finder: Interactive map to find a data profile of each healthcare facility
  • Disclosure Reports: Individual hospital and long-term care financial and utilization disclosure reports
  • Facility License Information: Advanced search for information HCAI maintains about licensed healthcare facilities

Visualizing Data

HCAI produces visualizations and other reports and products. These products provide context to make data more useful and accessible.

Map of California with color coding by county showing the percentage of physician supply by preventable hospitalizations for asthma. This is an example.

Data Analytics Public Reporting Plan

HCAI publishes a list of the analytics products plans to publish by measure, topic area, and the quarter which HCAI is project product release.