September
2025
The Compliance4U newsletter offers insight into the day-to-day functions of the Health Plan’s Compliance Program and serves as a resource to help staff stay informed about key regulatory updates, reporting obligations, audit activities, and policy changes. Its goal is to promote awareness, accountability, and a culture of compliance across all departments within HPSJ/MVHP (“Health Plan”).
Regulatory Affairs (RA)
The Compliance Regulatory Affairs department is responsible for analyzing and implementing regulatory changes, coordinating the timely filing of routine regulatory reports, overseeing regulatory audits, managing DMHC provider complaint resolution, and tracking member complaints submitted to state and federal regulators to ensure the Plan maintains ongoing compliance with all applicable requirements. Check out what has happened since we released our last newsletter.
Requirements for Key Personnel Filings to Regulators
As a Knox-Keene licensed Health Plan, Health Plan must notify Department of Health Care Services (DHCS) and California Department of Managed Health Care (DMHC) of changes to Key Personnel across our Plan 1 Key Personnel are individuals holding critical roles, such as Executive Team members, Medical Directors, and Commission members. Health Plan’s Compliance and Regulatory Affairs Team works closely with other internal stakeholders to complete these required filings.
1 28 CCR §1300.52.2 and Health & Safety Code §§1351(c) and 1352
How Requests Are Initiated:
The filing preparation is initiated when there is a change in one of Health Plan’s Key Personnel. A member of the Executive Team, Human Resources, or Procurement inform Regulatory Affairs of a new internal Key Personnel staff member or the departure of an existing Key Personnel staff member. Sue Nakata, Lizeth’s Executive Assistant and Clerk of the Health Commission, notifies Regulatory Affairs of any changes to the Commission members.
Compliance Review and Submission Process:
Once the request is received, Regulatory Affairs:
1. Collects and compiles all critical documents required for submission with the filings.
2. Performs a quality review of documents to verify completeness and accuracy before filing.
3. Submits Key Personnel change filings to the Regulators 2, as appropriate.
Why This Matters
This structured process:
Maintains compliance with state and federal requirements by ensuring health plan operations meet all applicable regulatory obligations
Filing Key Personnel changes with DHCS and DMHC is important to ensure regulators have full visibility into individuals who hold significant responsibility for the Plan’s compliance, clinical decision-making, and overall operations. This oversight allows the Departments to verify that qualified, accountable personnel are in place to safeguard members and uphold statutory and contractual obligations.
What’s
going on
at the State and Federal levels?
To support you in your role and ensure timely awareness of changes to regulatory and contractual requirements, Regulatory Affairs staff attends regulatory calls (e.g., DHCS Managed Care Plan Call - MCPC) and other regulatory meetings/calls where key regulatory information is shared.
Calls Held by Health Plan’s Regulators
Regulatory Affairs staff maintains materials from regulator calls. Check out previous meetings HERE.
2 Regulators = DHCS, DMHC, CMS
DMHC Released their Annual Report for 2024
Each year, DMHC releases a report indicating its impact to members (referred to as “enrollees”) for health plans across the State of California. As indicated by this report, 97% of members in California are with health plans regulated by DMHC and Health Plan is just 1 of the 98 Full Service health plans licensed by DMHC.
Additional information in the report includes:
• Member Complaint Statistics
• Provider Complaint Statistics
• Timely Access Standards
• Financial Oversight Statistics
• Enforcement Action Statistics
Important takeaways from this report:
• DMHC’s mission is to protect member rights and ensure a stable health care delivery system.
• Health Plan’s work to comply with DMHC APLs and other guidance/requirements helps us to support DMHC’s mission to protect our members, which, in turn, supports our mission: “Provide high quality healthcare for our members through community partnerships.”
All Plan Letters (APLs)
DHCS and DMHC issue All Plan Letters (APLs) to formally communicate updates to federal or state policy, regulatory requirements, or operational procedures. These directives are intended to guide Managed Care Plans (MCPs) on how to implement changes and ensure compliance with applicable laws and regulations.
RA reviews and analyzes each APL to interpret its impact, coordinate internal implementation, and ensure timely compliance and required filings.
Draft APLs often identified with placeholder codes such as “XXX” are released by the regulators to solicit feedback from MCPs before finalization.
During this comment period, MCPs can raise concerns or seek clarification, which may influence the final version of the policy.
Below is a list of recently released APLs for your awareness:
A. DHCS Regulatory Notices
APL 25-012 Targeted Provider Rate Increases
Issue Date: August 19, 2025
Summary: This APL provides guidance for how Health Plan must pay eligible Network Provider payment requirements applicable to Medi-Cal Targeted Rate Increases (TRI), for dates of service on or after January 1, 2024.
B. DMHC Regulatory Notices
APL 25-013 Amendments to Rules 1300.51, 1300.52, 1300.52.4, and 1300.67.2.2, and the Incorporated Annual Network Submission Instruction Manual and Annual Network Report Forms for Reporting Year 2026 and Continuing Thereafter
Issue Date: September 4, 2025
Summary: Provides plans with updates to the requirements, instructions and report forms needed for Health Plan’s Annual Network Report submission. This annual report is due by May 1st each year and is part of the DMHC Timely Access Report.
APL 25-014 Provider Appointment Availability Survey (PAAS) Manual and Report Form Amendments Beginning RY 2027/MY 2026 and Continuing Thereafter
Issue Date: September 4, 2025
Summary: Provides plans with updates to the requirements, instructions and report forms needed for Health Plan’s PAAS fielding and reporting. This annual report is due by May 1st each year and is part of the DMHC Timely Access Report.
Regulatory Reports
Under the terms of our contract with DHCS and in alignment with our KnoxKeene license requirements regulated by DMHC the Plan is required to routinely submit reports that demonstrate operational performance and regulatory compliance.
RA tracks and coordinates these submissions to ensure timeliness and accuracy across all departments.
Below is a list of upcoming regulatory reports submitted last month. The table includes:
• A hyperlink to each report,
• The accountable Director and Executive sponsor, and
• Departmental ownership for awareness and coordination.
Please review the list to determine which reports fall within your area. Click the report title for detailed information and submission guidance.
Report Title
NEMT/NMT Report 2025-05
Provider Directory File and Use 2025-08
Monthly Financial 2025-07
Consolidated Billing Report 2025-07
Dale Standfill Liz Le
Ana Aranda Liz Le
Somatra Sourng Michelle Tetreault
Clarence Rao Victoria Worthy
Provider Information Network (PIN) 2025-07 Ana Aranda Liz Le
Restricted Provider Site Verification 2025-08
Post-Payment Recovery 2025-07
CBAS Waiver Report 2025-07
LTC-SNF Quarterly Reporting Q2-2025
Toni White Betty Clark
Christopher Navarro Michelle Tetreault
Pamela Lee Lakshmi Dhanvanthari
Johnathan Yeh Lakshmi Dhanvanthari
DHCS Quarterly Financials 2025-Q4 Somatra Sourng Michelle Tetreault
Written Summary of Quality
Improvement and Health Equity Committee (QIHEC) 2025-Q2
ECM/CS Quarterly Implementation Monitoring Report 2025-Q2
Claims Settlement Report 2025-Q3 (April 1-June 30)
Ildiko Rabinowitz Lakshmi Dhanvanthari
Niyati Reddy Liz Le
Aimee Griffin Michelle Tetreault
DHCS Annual Forecasts FY Somatra Sourng Michelle Tetreault
Provider Complaints
Provider complaints come to the Health Plan in different forms (e.g., direct call to us or dispute submission to DMHC). While our Provider Services and Claims teams address those coming into us, Compliance is the point of contact for those coming through DMHC. In 2025, Health Plan received 51 requests (24 new Provider Complaints and 27 additional information requests), disputing 29 claims. In 2024, we received 67 requests (28 Provider Complaints and 39 additional information requests), disputing 56 claims. In addition, each complaint may contain multiple issues that require a response. In 2023, Health Plan received 20 requests (13 Provider Complaints and 7 additional information requests), disputing 28 claims.
Compliance coordinates a cross-functional group to review each complaint we receive. This group investigates the cases (from the original request to claim processing and dispute resolution) and prepares a comprehensive response to the DMHC about the provider’s concerns and the actions taken by us. These tables outline the status:
DMHC Consumer Complaints and Independent Medical Review (IMR):
Effective May 2025, RA manages the intake, tracking, and submission of all DMHC consumer complaints and Independent Medical Reviews (IMR) to ensure timely, compliance, and coordinated responses in collaboration with Grievance & Appeals.
DMHC Consumer Complaints
The following reflects the complaints received broken down by reason, urgency and outcome.
• Table A shows the reason for the consumer complaints for Standard Cases, Expedited Cases and Additional Information Requests.
• Table B shows the case outcomes for the consumer complaints for Standard Cases, Expedited Cases and Additional Information Requests.
1:
Consumer
by Case Reason (May 30, 2025-September 10, 2025)
2:
Consumer
by Case Outcome (May 30, 2025-September 10, 2025)
DMHC Independent Medical Review
Table 3: DMHC Independent Medical Review (IMR) (May 30, 2025-September 10, 2025)
The table below reflects the number of IMR Cases received from the Department since May 30, 2025. Health Plan received 2 Standard IMRs and 1 Expedited IMR during this time frame.
Regulatory Audits:
As part of our commitment to compliance and quality care, our health plan is regularly audited by the DHCS and the DMHC. These audits help ensure that we’re meeting all state and federal requirements, fulfilling our contractual obligations, and provide the highest level of service to our members.
Each audit varies and can range from several regulatory areas of focus. Such as, but not limited to, access to care, timely claims processing, grievance and appeals handling, and provider network adequacy. These reviews not only hold us accountable but also give us opportunities to strengthen our processes and improve outcomes. Your role in supporting these efforts whether through documentation, timely responses, or following procedures plays a critical part in our overall success.
Key takeaways from our latest audits.
DHCS Network Adequacy Validation (NAV) – 2 years in a row!
In 2024, the DHCS introduced the annual NAV 3 audit for all Medi-Cal managed care plans. While this process was new to Medi-Cal, it is a long-standing regulatory requirement for Medicare plans. For Health Plan, the 2024 audit concluded with no findings, and only noted an opportunity to improve the collection and monitoring of delegate data.
This spring, DHCS notified us of the 2025 NAV audit. The audit evaluated calendar year 2024 data, with a focus on ensuring accurate, reliable information to support network adequacy reporting. Key stakeholders across the organization collaborated to complete the Information Systems Capabilities Assessment Tool (ISCAT) and provide supporting documentation demonstrating the strength of our data systems and oversight processes.
To prepare, teams engaged in multiple mock audit sessions and internal system demonstrations between June and August. This preparation culminated in a virtual onsite audit on August 19, 2025.
We are pleased to share that, for the second year, the auditor did not identify any concerns or issues. Preliminary results are expected at the end of October, and we will provide updates as soon as they are available.
This strong outcome reflects the dedication and teamwork of staff across departments who continue to support Health Plan’s commitment to compliance, audit readiness, and high-quality service to our members.
DMHC Follow Up – Progress and Opportunities
In 2020, the DMHC conducted its Routine Survey of the Plan, reviewing the period of December 1, 2018 – November 30, 2020. The survey resulted in 21 findings requiring corrective action.
Earlier this year, DMHC returned for a Follow-Up Survey covering the period of March 1, 2024 – September 30, 2024. The purpose of this review was to confirm that corrective actions taken by the Plan were sustained and effective.
We are pleased to share that the Plan has made substantial progress:
3 Title 42 of the Code of Federal Regulations (CFR) §438.350(a)
• 3 findings were corrected as early as 2021, reflecting timely closure of important issues.
• 10 additional findings have since been corrected, demonstrating the effectiveness of our compliance initiatives, cross-departmental training, and oversight improvements.
• In total, 13 of the 21 original findings have been remediated and closed. These results highlight our collective efforts to strengthen compliance, improve processes, and better serve our members and providers.
While we celebrate these successes, DMHC identified 8 findings that remain open and are subject to enforcement action. Each of these represents an opportunity for us to further improve:
1. Required Member Communications – Ensuring statutory language in grievance letters, denial notices, and other required communications exactly matches regulatory standards.
2. Grievance Responses – Strengthening processes so responses to grievances involving coverage determinations consistently include the required notice language.
3. Expedited Grievances – Enhancing procedures to ensure enrollees are always immediately notified of their right to contact DMHC for urgent matters.
4. Provider Directory – Refining provider validation processes to include all information required to be disclosed back to providers.
5. Utilization Management Denials – Continuing work to ensure denial and modification notices clearly explain medical necessity determinations in plain, member-friendly language.
6. Pharmacy Denial Letters – Expanding training and oversight to improve clarity and consistency in pharmacy-related denial communications.
7. Formulary Information – Aligning informational sections of the formulary with required elements. (Note: responsibility for Medi-Cal Rx transitioned to DHCS in 2022, creating unique circumstances for this requirement.)
8. Denial/Delay/Modification Letters – Finalizing refinements so all communications use the required statutory language without variation.
Moving Forward Together
The progress made to date reflects the dedication of every department involved in implementing corrective actions. The remaining findings give us clear direction for continuous improvement, and we are committed to addressing these opportunities with the same focus and collaboration that helped us achieve 13 successful corrections.
By building on this foundation, the Plan will continue to demonstrate our strong culture of compliance, protect our members, and uphold the highest standards expected by DMHC and DHCS.
Regulatory and contractual compliance is everyone’s responsibility. Supporting the Plan’s strategic goal of Continuous Compliance means demonstrating audit readiness at all times and fostering a sustained culture of compliance across all departments. In our next issue we will share the upcoming audit schedule for 2026.
Compliance & Ethics Week: November 2–8, 2025
Compliance & Ethics Week is a nationwide initiative that highlights the importance of integrity, accountability, and ethical decision-making in the workplace. It’s a time to reflect on our shared responsibility to uphold the standards that protect our members, our organization, and each other. Let’s continue to test your knowledge with three trivia questions*
� � Q1: Which law is primarily designed to protect the privacy and security of health information?
A. HIPAA
B. OSHA
C. FLSA
D. FERPA
�
� � Q2: True or False? If you’re unsure whether an action is compliant, the best step is to ask your Compliance Department or supervisor before proceeding.
� � � Q3: What is the main purpose of Compliance & Ethics Week?
A. To celebrate company profits
B. To highlight the importance of integrity and accountability in the Plan
C. To replace annual training requirements
D. To recognize employees with perfect attendance
*Answers are at the end of the newsletter
Do you have a question for Compliance? To submit an inquiry, go to Team Sites > Compliance > Requests > Submit an Inquiry on SharePoint or simply use this link: check it out here.
Program Integrity Unit (PIU)
Privacy & Security
Submitting a Privacy Incident Report
Have you submitted a privacy incident report before? If you submitted a privacy incident report, did you wonder if you completed it correctly? Below are guidelines to follow when submitting a privacy incident:
1. Report a privacy incident as soon as you know about it. Our reporting time frame to report to DHCS is 24-hours after discovery of a privacy incident. So, the earlier you report it, the more likely we are to meet the regulatory reporting time period.
2. Click on this link to access the privacy incident report form. This link can be found in Share Point on the Health Plan’s home page under the lefthand side section called “Report an Incident”. Once you select “Report an Incident”, then select “Report a Privacy Issue”. Once you select “Report a Privacy Issue” the privacy incident report form will open.
3. Complete all the fields you can with the information you have about the privacy incident. All the fields with an asterisk are required for you to complete to submit the form.
4. Explain what occurred in the privacy incident and input the necessary details. This information helps the PIU Team conduct a proper investigation. Details that are important to include in each of the following fields;
Summary of Privacy Incident: Provide details about what happened in the incident, such as, who committed the incident and how the incident occurred.
Actions Taken by Health Plan: Provide the actions taken to prevent further disclosure of the PHI and mitigate the incident.
How Many Members Affected: Provide the number of members whose PHI was disclosed due to the incident.
Type of Protected Information Involved: Select what PHI was disclosed in the incident.
Disclosing Party Name: Provide who disclosed the PHI or made the mistake that led to the disclosing of the PHI.
Attachments: ” Attach all relevant documents to the incident such as copies of the PHI that was disclosed, call recordings, and email communications related to the incident.
5. Please note that you no longer receive an email confirming your submission of the privacy incident. This is because we transitioned to a new incident tracking vendor. However, we are working with the new vendor for the system to start automatically sending confirmation emails soon. As a temporary fix, we are manually sending submitters of privacy incidents an email letting them know we have received the incident once we have reviewed it.
6. Upon receipt of the reported incident, the PIU Team may reach out to you for further information or clarification needed for the privacy incident.
Privacy & Security Incidents
In the month of August, 66 HIPAA incidents were reported to PIU, four (4) of these incidents were reportable to DHCS, and zero (0) of these incidents were reportable to OCR.
Differences Between Fraud, Waste and Abuse: A Refresher
As part of our ongoing commitment to maintaining integrity and transparency within our healthcare organization, we want to ensure that all employees, especially our new hires, have a clear understanding of the key concepts of fraud, waste, and abuse.
Fraud Definition:
o Fraud is an intentional deception or misrepresentation made by a person with the knowledge that deception could result in some unauthorized benefit to themselves or others.
Examples:
o Intentionally Billing for Services Not Rendered: Submitting claims for medical services that were never provided.
o Falsifying Patient Records: Altering patient records to justify unnecessary tests or procedures.
o Kickbacks: Accepting payments or gifts in exchange for patient referrals.
Key Point:
o Fraud is always intentional and involves a deliberate act to deceive.
Waste
Definition:
o Waste refers to the careless or needless expenditure of resources, whether time, money, or materials, that results in unnecessary costs to the organization.
Examples:
o Over-Ordering Medical Supplies: Purchasing more medical supplies than needed, leading to excess inventory.
o Inefficient Use of Resources: Using outdated equipment or procedures that require more time and resources than necessary.
o Unnecessary Diagnostic Tests: Ordering tests that are not medically necessary.
Key Point: Waste is typically not intentional but results from poor management or practices.
Abuse
Definition:
o Abuse involves practices that are inconsistent with sound fiscal, business, or medical practices, leading to unnecessary costs or improper payment for services.
Examples:
o Misuse of Healthcare Services: Providing services that are not medically necessary to increase billing.
o Improper Billing Practices: Upcoding or unbundling services to receive higher reimbursements.
o Excessive Charges: Charging excessively for services or supplies.
Key Point:
o Abuse may not be intentional but still results in improper use of resources.
Why It Matters
Understanding the differences between fraud, waste, and abuse is essential for maintaining the integrity of our healthcare operations. By recognizing these behaviors, we can take proactive steps to prevent them and ensure that our resources are used effectively and ethically, ultimately improving patient care.
Fraud, Waste, and Abuse Cases
In August, the PIU opened one (1) new case and closed one (1) existing case. At month end, our team had 21 open cases.
Provider Exclusion Monitoring
PIU regularly monitors vendors and providers we contract with for exclusions, per 42 Code of Federal Regulations (C.F.R.) §438.610, which prohibits Medi-Cal Managed Care Plans (MCPs) from contracting or maintaining a contract with physicians or other health care providers who are excluded, suspended, or terminated from participating in the Medicare or Medi-Cal programs.
Identified Excluded Parties
Zero (0) excluded, restricted, and suspended providers were identified in the month of August through ad hoc and standard monthly screening.
Conflict of Interest (COI)
Understanding Conflict of Interest (COI) in Healthcare: What You Need to Know
A Conflict of Interest (COI) arises when personal interests could influence or appear to influence your professional decisions. In healthcare, maintaining transparency is crucial to uphold trust and compliance with California regulations.
When to Report a COI:
Report any potential or actual COI as soon as you become aware of it whether it involves financial interests, relationships, or outside activities that could impact your professional responsibilities.
How to Identify a COI:
Ask yourself if your personal interests might affect your judgment or if others might perceive a bias. Common examples include financial investments, gifts, consulting roles, or relationships with vendors or patients.
Form 700 Filing:
Certain employees, especially those in decision-making or regulatory roles, must complete the California Form 700 annually to disclose financial interests. Ensure you complete and submit this form on time to remain compliant.
If you’re unsure about whether you have a COI or need to file Form 700, consult policy CMP23 – Conflict of Interest or contact PIU@hpsj.com for guidance.
