AB 2670 directs the Department of Health Care Services (DHCS), once the Legislature appropriates funds, to convene a task force to perform a comprehensive assessment of fraud risks across the Medi‑Cal program. The task force must be formed by January 1, 2027, complete its assessment within six months, and submit recommendations to legislative policy and fiscal committees by January 1, 2028.
The bill spells out membership from state regulators, counties, managed care plans, provider organizations, and law enforcement, and requires the task force to review current fraud‑prevention tools, identify gaps in data sharing, and evaluate federal and out‑of‑state best practices. Its recommendations must address statewide protocols, regulatory changes, technology and analytics upgrades, response strategies, and fund recovery approaches — and comply with Government Code section 9795, which governs legislative cost statements and analyses.
At a Glance
What It Does
Subject to appropriation, the bill requires DHCS to convene a multi‑stakeholder task force by Jan 1, 2027, to assess Medi‑Cal fraud risks and complete the review within six months. The task force must submit a package of recommendations to the Legislature by Jan 1, 2028, covering protocols, regulations, technology, response, and recovery.
Who It Affects
State regulators (DHCS, Department of Managed Health Care, Department of Insurance), county welfare departments, Medi‑Cal managed care plans and provider groups, and law enforcement agencies. Indirectly, it affects beneficiaries and entities that handle Medi‑Cal data because the assessment targets data‑sharing and analytics improvements.
Why It Matters
This creates a formal, time‑boxed mechanism to diagnose systemic fraud vulnerabilities in California’s Medicaid program and to produce a legislative‑ready set of fixes. For compliance officers and plan executives, the task force’s output will shape near‑term policy and technical priorities for fraud prevention and fund recovery.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
AB 2670 is a narrowly scoped planning and diagnostic bill: it does not itself change provider rules or create new penalties, but it charges DHCS with assembling a cross‑sector task force to map where Medi‑Cal is exposed to fraud and how to fix it. The trigger is an appropriation — without funding the department has no mandatory duty — and the bill sets firm calendar targets for convening, completing the assessment, and delivering recommendations to the Legislature.
The law prescribes membership to ensure perspectives from regulators (the Department of Managed Health Care and the Department of Insurance), county administrators who run eligibility and redirection programs, managed care plans that administer benefits, provider organizations, and law enforcement that pursues criminal or civil fraud. That mix is intended to surface gaps that range from front‑line billing practices to back‑end claims analytics and interagency data exchange.The task force’s six‑month review must inventory existing fraud‑prevention tools, analyze where data sharing breaks down across state and local systems, and assess whether federal or other states’ best practices can be adapted in California.
Deliverables are specific: uniform statewide protocols, proposed regulatory revisions, technology and analytics upgrades, response playbooks, and fund‑recovery strategies. Requiring compliance with Government Code section 9795 means the recommendations will need to be accompanied by whatever fiscal and cost information that statute requires, which shapes how actionable the proposals will be for fiscal committees.Practically, the bill creates a staging ground: the immediate product is information and legislative options.
The real policy changes — new regulations, budget requests for tech investments, or statutory amendments to expand data sharing — would still require follow‑up action by the Legislature or regulators based on the task force report.
The Five Things You Need to Know
The task force must be convened by DHCS by January 1, 2027, but only if the Legislature appropriates funds for the purpose.
Once formed, the task force has six months to complete a comprehensive fraud risk assessment and must review current tools, data‑sharing gaps, and federal/state best practices.
Membership is mandatory to include the Department of Managed Health Care, Department of Insurance, county welfare departments, managed care plans, provider groups, and law enforcement representatives.
By January 1, 2028, the task force must submit recommendations covering five discrete areas: uniform statewide protocols, regulatory changes, technology/data analytics improvements, fraud response strategies, and fund recovery strategies.
All recommendations submitted to the Legislature must comply with Government Code section 9795, imposing required fiscal/cost statements or related analytical requirements.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Formation trigger, scope, and timeline
This subdivision makes convening contingent on a legislative appropriation and sets the convening deadline at January 1, 2027. It narrowly frames the task force’s scope — comprehensive fraud risk assessment, review of prevention tools, identification of data‑sharing gaps, and evaluation of external best practices — and imposes a six‑month deadline to finish the assessment once the group is formed. The appropriation trigger means the duty is conditional, limiting immediate administrative obligations until the Legislature allocates funding.
Required membership and stakeholders
This subdivision specifies who must sit on the task force: two state regulators (the Department of Managed Health Care and the Department of Insurance), county welfare departments, managed care plans, provider groups, and law enforcement. The list ensures representation across regulatory, payer, provider, and enforcement functions, which matters for producing recommendations that are operationally grounded rather than purely theoretical.
Five required recommendation areas
The statute directs the task force to deliver recommendations across five categories: (A) uniform statewide protocols for fraud prevention, (B) proposed regulatory changes, (C) technology and data analytics improvements, (D) effective fraud response strategies, and (E) efficient fund recovery strategies. Each category points to distinct implementation pathways: protocol standardization for operational consistency, regulatory changes for statutory/regulatory authority, tech investments for detection, response playbooks for coordination, and recovery mechanisms to recoup improper payments.
Legislative submission requirements
This short paragraph requires that recommendations submitted to the Legislature comply with Government Code section 9795. That cross‑reference typically implicates required fiscal analyses or formal statements accompanying legislative proposals, meaning the task force’s output must be packaged with fiscal considerations acceptable to legislative policy and fiscal committees.
This bill is one of many.
Codify tracks hundreds of bills on Healthcare across all five countries.
Explore Healthcare in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- California taxpayers — A well‑executed assessment can identify recoverable improper payments and systemic vulnerabilities, offering a path to reduce leakage from the Medi‑Cal program.
- State enforcement and audit entities — Law enforcement, DHCS audit units, and inspectors general can gain a coordinated roadmap for targeting investigations and deploying analytics.
- Managed care plans and compliant providers — Clear, uniform protocols and better data sharing reduce operational ambiguity, lowering enforcement risk for actors already following rules.
Who Bears the Cost
- Department of Health Care Services — DHCS must staff and coordinate the task force and may need to absorb planning and report preparation costs unless the Legislature funds the appropriation.
- Managed care plans and provider organizations — Participation requires staff time and data‑sharing work; subsequent implementation of tech upgrades or protocol changes could produce compliance costs.
- Counties and local welfare departments — County agencies will need to dedicate personnel to participate and may face increased administrative duties if the recommendations expand data exchange or eligibility verification processes.
Key Issues
The Core Tension
The central dilemma is between strengthening fraud detection (which pushes for broader data sharing, aggressive analytics, and possibly stricter verification protocols) and preserving beneficiary access, privacy, and manageable administrative costs—measures that, if too aggressive, risk chilling access to care or imposing burdens on counties, providers, and plans.
Several implementation uncertainties and trade‑offs could blunt the task force’s impact. First, the appropriation requirement means the work will not begin automatically; fiscal choices will determine whether the task force convenes at all and with what resources.
Second, the bill is limited to producing recommendations — it contains no enforcement authority, funding for technology upgrades, or statutory changes. That means even a comprehensive assessment will require follow‑on legislative or administrative action to convert findings into operational changes.
Data sharing sits at the center of both opportunity and risk. The task force is asked to analyze data‑sharing gaps and recommend analytics improvements, but expanding data exchange raises privacy, security, and interoperability concerns.
Balancing robust cross‑agency access to claims and eligibility data against HIPAA, state privacy laws, and county operational constraints will be technically and legally complex. Finally, requiring compliance with Government Code section 9795 builds fiscal rigor into recommendations but also raises the bar for what the Legislature can act on quickly; proposals without clear, favorable fiscal framing may stall in fiscal committees despite operational merit.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.