November 2025
The Compliance4U newsletter offers insight into the day-to-day functions of the Health Plan’s Compliance Program and serves as a resource to help staff stay informed about key regulatory updates, reporting obligations, audit activities, and policy changes. Its goal is to promote awareness, accountability, and a culture of compliance across all departments within HPSJ/MVHP (“Health Plan”).
Regulatory Affairs (RA)
The Compliance Regulatory Affairs department is responsible for analyzing and implementing regulatory changes, coordinating the timely filing of routine regulatory reports, overseeing regulatory audits, managing DMHC provider complaint resolution, and tracking member complaints submitted to state and federal regulators to ensure the Plan maintains ongoing compliance with all applicable requirements. Check out what has happened since we released our last newsletter.
How We Get from APL to “Compliant”: A Behind-the-Scenes Look at RA’s Regulatory Implementation Process
Every year, Health Plan receives dozens of new and updated regulatory notices- Mostly All Plan Letters (APLs) and guidance from DHCS and DMHC. These notices shape how we operate, how we serve members, and how we stay compliant with state and federal requirements.
But what happens after one of these notices lands? How does it get translated into real operational change? And how do we know when a project is done?
That’s where Compliance Regulatory Affairs (RA) comes in.
RA leads Health Plan’s end-to-end process for reviewing regulatory changes, identifying operational impacts, coordinating with business areas, and confirming compliance. The goal is simple; make sure we stay audit-ready, avoid risk, and implement changes consistently across the organization.
How the Implementation Process Works:
1. RA drafts a gap analysis for new requirements. For each APL or regulatory notice, RA creates a gap analysis that outlines the requirements, current-state operations, and where work is needed. These are reviewed with a crossfunctional team every Thursday to ensure early alignment and visibility.
2. RA incorporates feedback and launches the project. After the Thursday review, RA adjusts the gap analysis based on input from impacted teams. Then RA schedules a formal Kick-Off meeting so business areas can understand their responsibilities and begin the implementation work.
3. Business areas complete the work – with RA guiding the way. Each team works on its assigned tasks (policy updates, system configuration, provider comms, training, monitoring, etc.). RA remains engaged throughout the project to answer questions, verify documentation, and remove roadblocks.
RA’s Continuous Improvement Project: How we Now Determine Project Closure
Over the last year, RA has enhanced the way we validate completion of regulatory projects. The goal: make the process clearer, more consistent, and easier for business areas to navigate.
What’s New:
✓ A redesigned gap analysis with stronger traceability.
The form now includes a table that ties each action item to the specific Evidence of Compliance that confirms it is complete.
• This aligns more closely with Business Requirements Document (BRD) structure.
• It makes it easier for business areas and auditors to see exactly how compliance was achieved.
✓ DocuSign closure sign-off for accountability.
Before an implementation project is officially closed, RA collects signatures from:
• Impacted business area manager(s)
• The business lead
• The executive responsible for the business area
• The RA Director
This ensures leadership visibility, shared accountability, and a clear “stop point” where we can confidently say the requirements are fully implemented.
Why This Matters
This structured process supports Health Plan’s goals to:
Stay compliant with state and federal requirements
o We translate complex regulatory notices into actionable steps and provide the documentation to back it up during audits.
Strengthen cross-department collaboration
o When RA and operational teams work side-by-side, implementation becomes faster, clearer, and more sustainable.
Reduce rework and risk
o Clear requirements, consistent processes, and leadership sign-off mean we close notices cleanly and avoid corrective actions later.
What’s going on at the State and Federal levels? To support you in your role and ensure timely awareness of changes to regulatory and contractual requirements, Regulatory Affairs staff attends regulatory calls (e.g., DHCS Managed Care Plan Call - MCPC) and other regulatory meetings/calls where key regulatory information is shared.
Calls Held by Health Plan’s Regulators
Regulatory Affairs staff maintains materials from regulator calls. Check out previous meetings HERE.
DMHC Fined Cigna for Improperly Reviewing and Denying Health Care Claims Payments
The California Department of Managed Health Care (DMHC) has taken enforcement action against Cigna, issuing a significant fine for improperly reviewing and denying claims payments. DMHC found that Cigna did not have a physician conduct a clinical review of the claims prior to issuing denials Additionally, DMHC found that Cigna was using a different review process than the policy it filed with the DMHC, which is a violation of the requirements in the Knox-Keene Act. DMHC levied a $500,000 fine. Cigna agreed to pay the fine, re-review the non-compliant cases, and implement corrections actions to correct its process.
Important takeaways from this report:
• This situation highlights the critical importance of ensuring that Health Plan complies with the requirements of the Knox-Keene Act and keeps its policies and procedures on file with the Department updated.
� � � � For more details, read the official press release here
All Plan Letters (APLs)
DHCS and DMHC issue All Plan Letters (APLs) to formally communicate updates to federal or state policy, regulatory requirements, or operational procedures. These directives are intended to guide Managed Care Plans (MCPs) on how to implement changes and ensure compliance with applicable laws and regulations.
RA reviews and analyzes each APL to interpret its impact, coordinate internal implementation, and ensure timely compliance and required filings.
Draft APLs often identified with placeholder codes such as “XXX” are released by the regulators to solicit feedback from MCPs before finalization. During this comment period, MCPs can raise concerns or seek clarification, which may influence the final version of the policy.
Below is a list of recently released APLs for your awareness:
A. DHCS Regulatory Notices
No New or Revised APLs Released since the October Newsletter was Released
B. DMHC Regulatory Notices
APL 25-016 Request for Health Plan Information (RHPI) Revisions
Issue Date: October 31, 2025
Summary: This APL notifies health plans that DMHC revised the RHPI form, effective beginning 12/01/2025.
Regulatory
Reports
Under the terms of our contract with DHCS and in alignment with our KnoxKeene license requirements regulated by DMHC the Plan is required to routinely submit reports that demonstrate operational performance and regulatory compliance. RA tracks and coordinates these submissions to ensure timeliness and accuracy across all departments.
Below is a list of upcoming regulatory reports due to our regulators this month. The table includes the accountable Director and Executive sponsor for awareness and coordination. Please review the list to determine which reports fall within your area. Reports due for the upcoming month should be saved in this Dropbox Folder.
Report Title
Monthly 274 File Clarence Rao Victoria Worthy
Monthly CBAS Waiver File Pamela Lee Lakshmi Dhanvanthari
Monthly Consolidated Billing Supplemental File Clarence Rao Victoria Worthy
Monthly ECM/CS File Clarence Rao Victoria Worthy
Weekly Encounter Data Files Clarence Rao Victoria Worthy
Monthly MCPD/PCPA Files Clarence Rao Victoria Worthy
Monthly Financial Reports Somatra Sourng Michelle Tetreault
Monthly New Member Mailing Attestation Vena Ford Evert Hendrix
Monthly NEMT/NMT Report Dale Standfill Liz Le
Monthly Post-Payment Recovery (PPR) Report Christopher Navarro Michelle Tetreault
Monthly Provider Directory File and Use Submission Ana Aranda Liz Le
Monthly Provider Information Network (PIN) Files Ana Aranda Liz Le
Monthly Restricted Provider Site Verification Toni White Betty Clark
Quarterly Fraud, Waste, and Abuse Status Report Toni White Betty Clark
Quarterly LTC-SNF Report Johnathan Yeh Lakshmi Dhanvanthari
Quarterly Claims Settlement Practices Report Aimee Griffin Michelle Tetreault
Quarterly ECM/CS Report Niyati Reddy Liz Le
Quarterly QIHEC Written Activities and Summary Submission Kathleen Dalziel Lakshmi Dhanvanthari
Report Title
Quarterly DHCS Timely Access Compliance Ana Aranda Liz Le
Semi-Annual Prop 56 Value-Based Payment Report Aimee Griffin Michelle Tetreault
Annual Financial Performance Guarantee Somatra Sourng Michelle Tetreault
Annual 24/7 Health Plan Post-Stabilization Contact Mike Shook Lakshmi Dhanvanthari
Annual Discrimination Grievance Attestation Ramanpreet Kaur Tracy Hitzeman
Provider Complaints
Provider complaints come to Health Plan in different forms (e.g., direct call to us or dispute submission to DMHC). While our Provider Services and Claims teams address those coming into us, Compliance is the point of contact for those coming through DMHC. In 2025, Health Plan received 54 requests (26 new Provider Complaints and 28 additional information requests), disputing 33 claims In 2024, we received 67 requests (28 Provider Complaints and 39 additional information requests), disputing 56 claims. In 2023, Health Plan received 20 requests (13 Provider Complaints and 7 additional information requests), disputing 28 claims In addition, each complaint may contain multiple issues that require a response.
Compliance coordinates a cross-functional group to review each complaint we receive. This group investigates the cases (from the original request to claim processing and dispute resolution) and prepares a comprehensive response to the DMHC about the provider’s concerns and the actions taken by us. These tables outline the status:
Table 2: Provider Complaint Closures by Decision as of November 11, 2025:
DMHC Consumer Complaints and Independent Medical Review (IMR):
Effective May 2025, RA manages the intake, tracking, and submission of all DMHC consumer complaints and Independent Medical Reviews (IMR) to ensure timely, compliance, and coordinated responses in collaboration with Grievance & Appeals.
DMHC Consumer Complaints
The following reflects the Consumer Complaints received, including analyses by case reason, urgency and outcome.
• Table A displays the Consumer Complaint reasons for Standard Cases, Expedited Cases and Additional Information Requests.
• Table B shows the Consumer Complaint outcomes for Standard Cases, Expedited Cases and Additional Information Requests.
11, 2025)
Table B: DMHC Consumer Complaints by Case Outcome (May 30, 2025-Nov 11, 2025)
DMHC Independent Medical Review
Table C below reflects the number of IMR cases received from the Department since May 30, 2025, and their outcomes.
Table C: DMHC Independent Medical Review (IMR) (May 30, 2025-Nov 11, 2025)
Compliance & Ethics Week: November 2–8, 2025
Thank You for Celebrating Compliance & Ethics Week With Us!
What a week. Thank you to everyone who jumped in, played hard, asked questions, challenged themselves, and made this year’s Compliance & Ethics Week one of our best yet.
We kicked things off Monday with a message from our Chief Regulatory Affairs & Compliance Officer, setting the tone for why this week matters and how each of us plays a part in keeping our program strong. From there, the games began and you all showed up.
A Look Back at the Week’s Highlights
Knowledge Bombs All Week
Every day we dropped quick learning moments designed to sharpen our understanding of compliance expectations in real time. And yes several of you caught the hidden hints before we even announced them.
“Guess Who” Meet the Compliance Division
The opening game gave everyone a chance to learn who’s who in Compliance. Some of you are alarmingly good at connecting fun facts to the right person.
“What’s the Gap?” Show Us Your Regulatory Skills
This one tested your ability to spot tasks required to implement a new regulation or benefit. The accuracy levels… let’s just say some teams might want to recruit you for their next regulatory project.
Word Scramble
A deceptively tough challenge that proved finding the right compliance terms under pressure takes strategy and maybe caffeine.
Scavenger Hunt
You navigated policies, directories, and resources to find the exact information needed. Seeing how quickly people uncovered answers was a good reminder: when we know where to look, compliance gets a whole lot easier.
Jeopardy! Finale
We wrapped the week with a fast-paced showdown that covered everything from regulatory requirements to internal processes. Congratulations to the team that walked away with bragging rights that will last all year.
Celebrating You
Handing out gift cards and Health Plan swag was the fun part but the real win is seeing our staff engage with Compliance as something meaningful, not mechanical. That’s the point of the week: building confidence, curiosity, and ownership of our shared responsibility. Congratulations to our WINNERS!
Thank you again for another year of stepping up, learning together, and reinforcing what makes our compliance program effective you.
Do you have a question for Compliance? To submit an inquiry, go to Team Sites > Compliance > Requests > Submit an Inquiry on SharePoint or simply use this link: check it out here.
Program Integrity Unit (PIU)
Privacy & Security
Notice of Privacy Practices (NPP)
• What is it: The Notice of Privacy Practices (NPP) is a notice that describes to Health Plan Members how their medical and personal information may be used and disclosed by the Health Plan. This includes information about diagnosis, treatment, race/ethnicity, language, gender identity and sexual orientation. It also tells Members how they can get access to this information.
• Why is it important: This notice is important because it tells Members about their rights and their choices, explains how Health Plan typically shares their protected health information (PHI). It also explains our responsibilities regarding their PHI and how Health Plan protects their PHI.
• Who it is for: Health Plan Members
• How often is it distributed: Members are given a copy of the NPP at the time of their enrollment, and they are sent a copy of it on an annual basis thereafter. Members are also given a copy of the NPP upon their request. If there is a material change made to the NPP, a copy of it is sent out to all Members. Health Plan reminds Members about the availability of the NPP at least once every three years.
• Where is it located: The NPP is located at this link on Health Plan’s public website.
For more information about the NPP refers to policy HPA16 Management of Notice of Privacy Practices and Privacy Statement.
Privacy & Security Incidents
In the month of October, 41 HIPAA incidents were reported to PIU. One (1) of these incidents was reportable to DHCS. The incident was not reportable to OCR
Fraud, Waste, and Abuse (FWA)
Partnering with Law Enforcement
The Program Integrity Unit (PIU) plays a vital role in combating fraud, waste, and abuse within the larger healthcare system. By partnering with law enforcement agencies, the PIU can more effectively identify fraudulent schemes, such as false billing, identity theft, and kickback arrangements. These partnerships enable SIUs to share critical intelligence, coordinate investigations, and pursue legal action against individuals or networks engaged in fraudulent activities. Law enforcement agencies bring legal authority and investigative resources, while SIUs contribute industry-specific expertise and data analytics that help uncover complex schemes. Together, they form a more powerful and efficient force against financial crimes. This not only protects Health Plan’s financial resources but also helps maintain the integrity of healthcare services and maintain a safe environment for our most vulnerable members.
You may not be aware, but the California Department of Health Care Services (DHCS) maintains a law enforcement branch with swore officers of the law. The PIU has cultivated contacts with investigators in DHCS, Health and Human Services, Office of Inspector General (HHS-OIG), San Joaquin County Sherrif’s office, and Department of Medi-Cal Fraud and Elder Abuse (DMFEA –California’s MFCU). We built these relationships by attending meetings and initiating conversations with these agencies about the activity we see here a Health Plan.
Need to Report a Concern?
You can report FWA concerns anonymously, confidentially and without fear of retaliation to the Program Integrity Unit (PIU):
• Online Reporting Tool: Report Non-Compliance, Privacy or Fraud, Waste & Abuse Issues
• Email: PIU@hpsj.com
Fraud, Waste, and Abuse Cases
In October, the PIU opened five (5) new cases and closed two (2) existing cases At month end, our team had 26 open cases.
Provider Exclusion Monitoring
PIU regularly monitors vendors and providers we contract with for exclusions, per 42 Code of Federal Regulations (C.F.R.) §438.610, which prohibits Medi-Cal Managed Care Plans (MCPs) from contracting or maintaining a contract with physicians or other health care providers who are excluded, suspended, or terminated from participating in the Medicare or Medi-Cal programs.
Identified Excluded Parties
Zero (0) excluded, restricted, and suspended providers were identified in the month of September through ad hoc and standard monthly screening.
Conflict of Interest (COI)
Quiz!
Did you read the Conflict-of-Interest section in last month’s Compliance Corner? Check what you’ve learned by answering the question below. The answer will be in our next Compliance Corner publication.
What type of things should staff consider about their personal life to determine if you have a reportable potential Conflict-of-Interest?
A. Volunteer work
B. A side business I own
C. My “side hustle”
D. All of the above
If you’re unsure about whether you have a COI or need to file Form 700, consult policy CMP23 – Conflict of Interest or contact PIU@hpsj.com for guidance.
Audit & Oversight (A&O)
Looking Ahead: Understanding the CMS Program Audit Process and Why It Matters
As part of our ongoing commitment to compliance excellence and audit readiness, the Audit & Oversight (A&O) team has expanded its audit activities to include a new focus area: Universe Integrity.
This new initiative strengthens our preparation for Centers for Medicare & Medicaid Services (CMS) audits and ensures that our organization is ready to meet the operational and data integrity requirements tied to our Dual Eligible Special Needs Plan (D-SNP) line of business. By proactively auditing our own
data accuracy, A&O is helping to identify and correct potential issues before CMS reviews them, setting the stage for stronger performance and compliance outcomes.
It’s important for everyone in our organization to understand how CMS audits work, why they matter, and what we all can do to remain audit ready. The “CMS Program Audit Process Overview” outlines the audit lifecycle for Medicare Parts C and D (and related programs). Here’s what you need to know:
What is being audited and why?
CMS’s audit strategy, managed through the Medicare Parts C and D Oversight & Enforcement Group (MOEG), ensures that organizations participating in Medicare Advantage, Prescription Drug Plans, and certain cost and Medicaiddual models meet their contractual obligations.
CMS audits verify that our data, documentation, operations, and systems truly support the care and services we promise to our members. These audits help confirm that we’re living up to our obligations, not just administratively, but with the quality and accuracy of care we deliver. The routine program audit process is divided into four key phases.
Phase I: Audit Engagement & Universe Submission
• CMS notifies the organization via an Engagement Letter that it has been selected for an audit, defining the scope, timelines, and deliverables.
• The organization must submit its universes (comprehensive data sets) and any requested documentation on schedule.
• CMS conducts “Universe Integrity Testing” to verify that submitted data is accurate, complete, and consistent with internal systems.
Highlight for us: Even at this early stage, our data management, recordkeeping, and documentation practices are under scrutiny. Ensuring accuracy and timeliness here sets the tone for the entire audit. Submitting accurate universes and being ready for integrity testing is foundational.
Phase II: Audit Field Work
• Over roughly two weeks, CMS reviews sample cases, typically via webinar or occasionally onsite.
• The organization participates in an Entrance Conference, presents supporting documentation, and responds to sample case requests.
• For any cases flagged as noncompliant or incomplete, CMS may require a root cause analysis and impact analysis within days.
Highlight for us: This is where the audit starts to feel real. Every department involved in operations or data within the audit scope may be asked to provide supporting evidence. While Compliance drives the process, many functional
areas intersect with the audit at different stages. Being prepared means having systems, records, and documentation aligned ahead of time. Documentation matters because if it’s not documented in a way CMS can test, risk increases.
Phase III: Audit Reporting
• After field work, CMS classifies findings into several categories:
ο ICAR (Immediate Corrective Action Required): Major noncompliance affecting enrollee access to care or drugs.
ο CAR (Corrective Action Required): Significant noncompliance, but not immediately enrollee-impacting.
ο ORCA (Observation Requiring Corrective Action): Limited-scope findings that require attention.
ο Observation: Minimal or isolated issue.
ο IDS (Invalid Data Submission): Failure to submit accurate universes after three attempts.
• CMS issues a Draft Audit Report typically within 60 calendar days of the Exit Conference). The organization may provide comments, after which CMS issues a Final Audit Report within 10 business days.
Highlight for us: Findings and classifications can directly affect our organization’s standing, potentially trigger enforcement actions, and even influence performance metrics such as Star Ratings. Maintaining data accuracy and documentation integrity at every stage protects our reputation and compliance posture.
Phase IV: Validation & Close-Out
• For findings requiring corrective action (CARs, ORCAs, IDS), the organization must submit a Corrective Action Plan (CAP) within 30 days of receiving the Final Audit Report.
• The organization then has up to 180 days to complete a Validation Audit to demonstrate corrections.
• CMS reviews the evidence and issues a closure decision or requests further action if deficiencies remain.
Highlight for us: Being prompt, transparent, and thorough in our corrective actions is essential. Unresolved findings can remain open, leading to extended monitoring or additional enforcement. Early and organized remediation helps close audits efficiently and strengthens compliance credibility.
In Closing
The CMS audit process is structured, rigorous, and detail-oriented but it’s also predictable when we are well-prepared. By understanding each phase, knowing how findings are classified, and recognizing CMS’s core focus areas (accurate data, timely submissions, clear documentation, and effective corrections) we can confidently support a successful audit outcome.
Our new Universe Integrity Audit initiative embodies this proactive mindset. By ensuring our data is accurate today, we strengthen our readiness for tomorrow particularly as we continue to grow and enhance our D-SNP line of business. Let’s all stay engaged, collaborative and ready as we look ahead.
Policies and Procedures
New Policy & Procedure (P&P) Template
Health Plan’s P&P template has been updated. Going forward, policy owners should utilize the P&P template found here You’ll see that we’ve incorporated new instructions and minor structural changes to help in developing D-SNP and Medi-Cal/D-SNP related P&Ps.
D-SNP Intake Process
As of 9/30/2025, all policies necessary for 10/1 D-SNP readiness have been reviewed, approved and published. This includes Benefits Administration, Sales, Marketing, Enrollment, Pharmacy and HIPAA (Privacy) policies
In August, we began policy intake for Medical Management & QI Health Equity Management. This includes Behavioral Health & Social Services, Case Management, Cultural & Linguistics, Grievances, Health Equity, Population Health, Quality Management, and Utilization Management policies. The policy team is currently reviewing these policies.
In September, we began policy intake for Claims, Provider Contracting, Provider Networks, Procurement and other public facing policies to begin the D-SNP policy intake process. The policy team is currently reviewing these policies.
In October, Compliance, IT, Administration, Facilities and Finance policies were scheduled to be added to the D-SNP intake. Thank you to those business units that have already submitted their policies.
Now in November, The Policy Team’s focus is to finalize review of the remaining D-SNP policies and work with business owners to get the policies published by 1/1/2026.
Look at the updated D-SNP Policy Intake Process schedule here: D-SNP Phased Approach
Month Departments Intake Status
July
August
Benefits Administration, Sales, Marketing, Enrollment, Pharmacy and HIPAA (Privacy) Complete
Medical Management, QI Health Equity Management In Progress
September Claims, Provider Contracting, Provider Networks, Procurement, Public Facing Policies In Progress
October Administration, Facilities, Finance In Progress
November Compliance, IT In Progress
To better support the business units during the D-SNP intake process, the Compliance Policy team is also hosting weekly office hours through the end of the year. We are also holding working sessions with policy owners to ensure the policies accurately include all necessary regulatory requirements and references. We are also hosting ad-hoc trainings, if necessary. Any requests for assistance should be made through the policy inbox at policies@hpsj.com.
As a reminder, the D-SNP Intake form needs to be filled out for every policy submitted for the D-SNP intake process. The D-SNP Intake form can be found here. Also, if you have current Medi-Cal only policies that needs to be made applicable to D-SNP and there are no additional changes to be made to the policy, a D-SNP intake form still needs to be submitted.
October 2025 Published Policies
Twenty-One (21) Medi-Cal policies were published in October.
Policy# and Name
BC01 Business Continuity Plan 10/06/2025 Medi-Cal
BH09 Behavioral Health Quality Management 10/06/2025 Medi-Cal
BH84 Dispute Resolution 10/06/2025 Medi-Cal
CLMS16 Electronic Visit Verification: Personal Care Services (PCS)and Home Health Care Services (HHCS) 10/03/2025 Medi-Cal
CM01 Advice Nurse Call Center 10/03/2025 Medi-Cal
CMP31 Oversight of Health Plan’s Delegated Administrative Functions 10/03/2025 Medi-Cal
FIN47 Financial Review of Third Parties 10/06/2025 Medi-Cal
FIN49 Community Reinvestment 10/03/2025 Medi-Cal
GRV02 Grievance Procedures 10/03/2025 Medi-Cal
HEQ01 Health Equity: Diversity, Equity, and Inclusion (DEI) Training / Transgender, Gender Diverse, and Intersex (TGI) Training 10/03/2025 Medi-Cal
PH08 Managed Drug Limitations 10/03/2025 Medi-Cal
PH21Drug Utilization Review 10/03/2025 Medi-Cal
PRO03 Provider Information and Directory Maintenance 10/03/2025 Medi-Cal
PRO08 Network Adequacy Standards Monitoring 10/03/2025 Medi-Cal
PRO28 Access and Availability Standards and Monitoring 10/03/2025 Medi-Cal
PRO30 Provider Appointment Availability Survey 10/06/2025 Medi-Cal
PRO32 Provider Satisfaction Survey 10/06/2025 Medi-Cal
QM15 Member Experience Surveys 10/06/2025 Medi-Cal
QM23 Credentialing and Recredentialing of Practitioners 10/06/2025 Medi-Cal
QM42 Ongoing Monitoring 10/06/2025 Medi-Cal
UM01 Authorization and Referral Review 10/06/2025 Medi-Cal
Did you know?
You can access all published policies directly via the Policies link on our Intranet. If you have any policy-related questions, please get in touch with the Policy Review Team at Policies@hpsj.com.
Stay Connected with Compliance!
Stay informed and updated with Compliance4U, a monthly newsletter focused on connecting and informing
*Compliance & Ethics week trivia answers: 1=FALSE; 2=C; 3=B