Introduction
The California Department of Health Care Services (DHCS) has embarked on a robust transformation of the Medi-Cal program aimed at improving healthcare quality, access, and equity for members.[1] These priorities have been reinforced through revised Medi-Cal Managed Care Plan (MCP) contracts and updated sub-regulatory guidance such as All Plan Letters (APLs)[2] and policy guides. Recently, DHCS has used these same avenues to clarify its policies regarding the imposition of enforcement actions, including corrective action plans and administrative and monetary sanctions, for non-compliance with program requirements.[3]
While DHCS continues to update its audit program to reflect the latest Medi-Cal requirements,[4] MCPs’ efforts to achieve and maintain compliance remain imperative to serve members, fulfill program aims, and avoid enforcement actions. This analysis reviews publicly available reports[5] of DHCS audits conducted in 2024 and 2025 and identifies findings occurring across multiple MCPs[6] within the six audit domains. It highlights common compliance gaps, explores underlying causes, and offers insights for MCPs seeking to strengthen operations and mitigate risk.
Overview of Audit Findings
Category 1 – Utilization Management
1. Incomplete NOA Information
DHCS auditors found deficiencies across several MCPs and their delegated entities in fulfilling Notice of Action (NOA) requirements. NOA letters often omitted the name and direct phone number of the decision-maker. MCPs also used outdated or incorrect templates, missing key elements such as “Your Rights,” non-discrimination notices, and language assistance taglines. Additionally, NOAs frequently lacked clear explanations of why the member’s conditions did not meet relevant clinical criteria or guidelines, making it harder for members to understand and appeal denials.
2. Failure to Follow Authorization Timelines
Several MCPs and their delegated entities failed to adhere to the required timeframes for authorization decisions or the issuance of NOA letters. Delays were observed for both routine and expedited prior authorization (PA) decisions.
3. Lack of Written Consent for Appeals
Multiple MCPs accepted appeals from providers or representatives without obtaining written member consent for such appeals to be filed on the member’s behalf.
4. Inconsistent Application of PA Requirements or Clinical Criteria
DHCS auditors cited MCPs for inconsistent application of medical necessity and PA requirements. In some instances, MCPs incorrectly applied PA to preventive or diagnostic services that should have been exempt under existing policies or regulations. In other cases, MCPs utilized incorrect or inconsistent clinical criteria for services that required PA.
5. Inadequate Translation of Member Notifications
DHCS identified multiple instances where NOA and appeal letters were not translated into threshold languages for members with limited English proficiency.
6. Insufficient Monitoring of Prior Authorization Referrals
Some MCPs lacked comprehensive systems to track and monitor specialty referrals requiring PA.
Category 2 – Population Health Management and Coordination of Care[[7]]
1. Failure to Complete IHAs
MCPs often did not ensure that providers completed Initial Health Appointments (IHAs) within the required 120 days of enrollment. In some cases, members did not have completed IHAs at all, while in others there were significant delays in IHA completion beyond the 120-day requirement. Furthermore, DHCS observed that several MCPs failed to consistently document all required components of the IHA or to document outreach efforts made to attempt to complete these assessments.
2. Failure to Properly Adjudicate COC Requests
DHCS identified several issues related to adjudication of continuity of care (COC) requests. MCPs failed to issue member acknowledgment letters or send member approval letters after decisions were made. Many notifications also failed to include required information, such as member rights and transition timelines. Additional issues included the failure to use standardized templates and to complete COC requests within the required timeframes.
3. Failure to Complete Blood Lead Screenings or Provide Anticipatory Guidance
Audits identified ongoing deficiencies in lead screening and anticipatory guidance for children under six years of age. These findings included failure to provide screening or anticipatory guidance and lack of documentation to support attempts to complete such activities. Additionally, MCPs failed to ensure providers performed lead risk assessments or documented lead testing at required intervals.
4. Failure to Provide ECM Services
MCPs demonstrated noncompliance with Enhanced Care Management (ECM) requirements, including the absence of health risk assessments (HRAs) and care management plans (CMPs). DHCS also identified that MCPs did not ensure members consistently received all seven ECM core service components (i.e., Outreach and Engagement, Comprehensive Assessment and CMP, Enhanced Coordination of Care, Health Promotion, Comprehensive Transitional Care, Member and Family Supports, and Coordination of and Referral to Community and Social Support Services).
Category 3 – Access and Availability of Care
1. Failure to Obtain PCS Forms
DHCS identified instances where MCPs did not obtain valid Physician Certification Statement (PCS) forms for Non-Emergency Medical Transportation (NEMT) services.
Category 4 – Member’s Rights
1. Failure to Resolve Grievances in a Timely Manner
DHCS found that many MCPs failed to resolve member grievances and send adequate grievance resolution letters within the required timeframes.
2. Inadequate Grievance Resolution Letters
Grievance resolution letters were cited for lacking clear and concise explanations of MCP decisions or failing to address all aspects of members’ complaints.
3. Lack of Medical Director Review of QOC Grievances
DHCS found that MCPs did not ensure that quality of care (QOC) grievances were reviewed promptly by a medical director.
Category 5 – Quality Management
1. Insufficient PQI Handling
Multiple MCPs failed to conduct timely or full investigations, to track and trend, or to take prompt corrective action related to Potential Quality Issues (PQIs).
Category 6 – Administrative and Organizational Capacity
1. Failure to Provide Timely FWA Reporting
DHCS cited several MCPs for failing to submit preliminary or quarterly fraud, waste, and abuse (FWA) reports on time.
Implications
DHCS’s audit findings reveal that MCPs struggle to comply not only with new and updated Medi-Cal program requirements, such as ECM, but that long-standing requirements in areas such as utilization management (UM), appeals, and grievances continue to pose challenges. In many instances, MCPs’ policies and procedures do address program requirements, but operational implementation falls short. Member-facing processes can be interrupted by silos across departments and vendors, and delegation oversight continues to be a recurring challenge in areas where MCPs heavily depend on the performance of third parties, such as in UM. Technology limitations, including legacy systems with poor interoperability, make data sharing and real-time monitoring more challenging, while workflows often lack adequate controls to ensure the uniform application of policies. When compliance issues are discovered, corrective actions are sometimes inadequate, with DHCS citing several MCPs as having recurring findings across audit years.
Strategic Takeaways
To avoid similar findings, MCPs should ensure they have comprehensive and cohesive processes and oversight strategies in place to support the underlying organizational, technological, procedural, and cultural factors that are necessary to ensure compliance. Key steps that MCPs can take include the following:
- Integrate Policy into Practice – Translate written policies into executable workflows supported by real-time monitoring and, where possible, automation.
- Enhance Delegate Oversight – Implement standardized reporting scorecards and conduct thorough monitoring and auditing of delegated entities.
- Elevate Provider Accountability – Embed compliance metrics into provider contracts and audit preventive-care documentation, including IHAs, lead screenings, and other processes that require coordination with and implementation by providers.
- Improve Language and Accessibility Compliance – Strengthen translation verification and readability standards for all member-facing communications.
- Modernize Data Systems – Enhance data infrastructure to support real-time monitoring of key compliance-driven metrics within operational processes. Prioritize system enhancements that improve data accuracy, accessibility, and integration across operational domains and enable more effective oversight and audit readiness.
- Standardize Training Protocols – Implement targeted training programs focused on operational procedures, member communication standards, and regulatory requirements. Training should emphasize areas such as authorization timelines, grievance resolution, language accessibility, and documentation standards. Regular refreshers and competency assessments can help ensure staff remain aligned with DHCS’ expectations and reduce the risk of repeat audit findings.
- Strengthen CAP Oversight – When Corrective Action Plans (CAPs) are necessary, ensure they are informed by robust root cause analysis and include clear metrics, timelines, and responsible parties. Additionally, implementing periodic monitoring will help validate the effectiveness of the actions taken. Incorporating CAP tracking into standard quality and compliance governance processes is essential for preventing the recurrence of previously identified issues.
- Adopt a Proactive Compliance Culture – Conduct regular internal monitoring, auditing, and corrective action validation to strengthen organizational compliance and maintain audit readiness year-round.
How We Can Help
Navigating Medi-Cal program requirements and audits requires more than just regulatory knowledge. It calls for operational strategies that effectively incorporate written policies and compliance into everyday practices. Ankura has extensive experience guiding MCPs and their delegated entities through audits, helping identify root causes, developing sustainable corrective actions, and establishing long-term monitoring systems to ensure ongoing compliance. We help MCPs move beyond reactive responses and implement proactive strategies to reduce the risk of enforcement action while promoting quality, equity, and member trust.
© Copyright 2025. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
[1] See https://www.dhcs.ca.gov/CalAIM/Pages/CalAIM.aspx.
[2] APLs are the means by which DHCS conveys information or interpretation of changes in policy or procedure at the Federal or State levels, and provides instruction to contractors, if applicable, on how to implement these changes on an operational basis. See https://www.dhcs.ca.gov/formsandpubs/Pages/MgdCarePlanPolicyLtrs.aspx.
[3] DHCS. APL 25-007. “Enforcement Actions: Corrective Action Plans, Administrative and Monetary Sanctions.” Issued April 25, 2025. Available at https://www.dhcs.ca.gov/formsandpubs/Documents/MMCDAPLsandPolicyLetters/APL%202025/APL25-007.pdf.
[4] DHCS. “Draft 2025 Comprehensive Quality Strategy.” Page 91. Available at Draft “Comprehensive Quality Strategy report.” 2025. Available at https://www.dhcs.ca.gov/services/Documents/Draft-2025-Comprehensive-Quality-Strategy-Report.pdf.
[5] As of November 2025. DHCS Medical Audit Reports and Corrective Action Plans are available at https://www.dhcs.ca.gov/services/Pages/MedRevAuditsCAP.aspx.
[6] Not an exhaustive list of all findings.
[7] Domain was previously known as “Case Management and Coordination of Care.”
