AB 618 mandates that Medi‑Cal behavioral‑health providers and plans make member data available electronically to support treatment and care coordination. The bill charges the State Department of Health Care Services with running a stakeholder process and issuing implementation guidance that sets minimum data elements, frequency, and format for that data exchange.
This is significant because it aims to standardize information flow across Medi‑Cal managed care plans, county specialty mental health plans, Drug‑Medi‑Cal certified programs, and DMC‑ODS programs—potentially improving clinical continuity under CalAIM but also creating technical, operational, and privacy compliance work for plans and providers.
At a Glance
What It Does
The bill requires Medi‑Cal behavioral‑health entities to provide member data electronically and directs state agencies to define what and how data must be exchanged through guidance developed with stakeholders.
Who It Affects
Directly affects Medi‑Cal managed care plans, county specialty mental health plans, Drug‑Medi‑Cal certified programs, and Drug‑Medi‑Cal organized delivery system (DMC‑ODS) programs, plus the State Department of Health Care Services and CHHS as standard‑setting bodies.
Why It Matters
Standardized exchange can close clinical information gaps for behavioral health treatment and support CalAIM objectives, while also creating compliance obligations, technical integration needs, and privacy risks that payers and providers must manage.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
AB 618 adds a new section to the Welfare and Institutions Code requiring electronic data sharing among specified Medi‑Cal behavioral health participants so that clinicians and care coordinators have timely access to member information. The statute names the types of entities covered—managed care plans, county specialty mental health plans, Drug‑Medi‑Cal certified programs, and DMC‑ODS programs—and makes electronic data exchange an expectation rather than leaving it purely to local choice.
The law puts the State Department of Health Care Services (DHCS), working with the California Health and Human Services Agency, in charge of defining the operational details. DHCS must convene representatives from the affected plans and programs to develop implementing guidance that specifies minimum data elements, frequency, and data formats and that ensures timely health information exchange.
The bill requires DHCS to publish final guidance and then directs a 180‑day effective period after that guidance issues before the data sharing obligation applies.DHCS will use standard administrative tools—such as all‑county letters, plan letters, and plan/provider bulletins—to make the guidance binding in practice and to instruct plans and providers on how to comply. The statute explicitly requires the guidance to be consistent with the CHHS Data Exchange Framework and states that data sharing must comply with federal and state confidentiality laws.
It preserves HIPAA and 42 CFR Part 2 protections and points to state rules governing permissible uses of exchanged health information.
The Five Things You Need to Know
The requirement covers four distinct entity types: Medi‑Cal managed care plans, county specialty mental health plans, Drug‑Medi‑Cal certified programs, and DMC‑ODS programs.
DHCS must consult with those entities and publish final implementing guidance that addresses timely health information exchange, minimum data elements, and data format.
DHCS will publish guidance following stakeholder consultation and then use all‑county letters, plan letters, or provider bulletins to operationalize the rule for plans and programs.
The statutory clock ties implementation to guidance: entities are required to exchange data electronically 180 days after the guidance is issued.
The statute explicitly preserves federal privacy protections (HIPAA and 42 CFR Part 2) and requires adherence to state privacy rules, including permissible uses outlined in Section 14197.71(d).
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Legislative intent: improve coordination under CalAIM
This subsection frames the change as an element of broader state efforts (CalAIM and the Behavioral Health Services Act) to integrate care. It matters because the Legislature is signaling that behavioral health data exchange is a policy priority and should be treated as part of larger Medi‑Cal transformation rather than a standalone IT project.
Mandatory electronic data sharing obligation
This is the operative duty: each covered entity must provide member data electronically to support care. The provision leaves the definition of 'provide' and the technical modalities to the subsequent guidance, which means compliance will depend on how DHCS specifies endpoints, formats, and allowable exchange mechanisms (APIs, HIE connections, flat‑file feeds, etc.). It creates an enforceable expectation but not a prescriptive technical spec in statute.
Stakeholder consultation and guidance content
DHCS must convene representatives from the covered entities and CHHS to develop guidance that sets minimum data elements, frequency, and formats and that ensures timely information exchange. Practically, this requires DHCS to broker agreement among diverse stakeholders about which clinical fields and administrative data are essential for care coordination and how to represent them in machine‑readable form.
Implementation vehicles: letters and bulletins
Rather than creating a new enforcement office, the bill directs DHCS to implement and clarify requirements through existing administrative vehicles—all‑county letters, plan letters, and provider bulletins. That approach allows DHCS to impose compliance expectations quickly, but it also means much of the substantive detail will arrive outside the statute in administrative guidance.
Privacy and permissible uses
The statute explicitly states it does not diminish HIPAA or 42 CFR Part 2 protections and requires adherence to state privacy rules including Section 14197.71(d). That anchors the data exchange obligation within existing confidentiality regimes, signaling that DHCS must design guidance and technical specifications that respect consent, redisclosure limits, and use restrictions applicable to behavioral health and substance use records.
This bill is one of many.
Codify tracks hundreds of bills on Healthcare across all five countries.
Explore Healthcare in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Medi‑Cal enrollees with behavioral health needs — improved clinical continuity from quicker, more complete information flow across care settings can reduce duplicative assessments and support better transitions of care.
- Clinical teams and care coordinators — access to standardized electronic data reduces time spent tracking down records and supports more informed treatment planning and crisis response.
- County behavioral health systems — standardized exchange can improve collaboration with managed care plans and enable more consistent population health management and reporting.
Who Bears the Cost
- Medi‑Cal managed care plans — will need to build or expand interfaces, map data elements to new minimums, and upgrade workflows and vendor contracts to meet guidance.
- County specialty mental health plans and community Drug‑Medi‑Cal providers — many run on limited IT budgets; meeting electronic exchange requirements will impose configuration, training, and security costs.
- Department of Health Care Services and county IT teams — DHCS must run the stakeholder process, write detailed guidance, and support rollout; counties and state teams will carry implementation and oversight workloads with limited additional funding.
Key Issues
The Core Tension
The central tension is between maximizing clinical benefit through timely, standardized data exchange and protecting the special confidentiality interests of behavioral health and substance use disorder records: the bill pushes for broader sharing to improve care coordination, but effective, lawful sharing depends on resolving consent, redisclosure limits, and technical safeguards that protect patient privacy.
The bill delegates nearly all technical and operational choices to DHCS guidance, which creates two implementation dynamics: first, the substance of the obligation depends on how prescriptive DHCS becomes about data fields, formats, authentication, and exchange pathways; second, using plan and county letters makes the requirement administratively enforceable but relies on executive guidance rather than statute to fill technical gaps. That raises questions about consistency across counties and plans, and about the timeline for small providers to comply once guidance arrives.
Privacy and consent create the most acute unresolved questions. The statute preserves HIPAA and 42 CFR Part 2 but does not specify how to operationalize consent management at scale (for example, how Part 2‑protected records will be flagged, whether patient re‑consent is required for certain downstream uses, and how state permissible‑use rules will interact with federal redisclosure restrictions).
The bill also lacks funding or a technical assistance program for underresourced providers, leaving open the risk that larger plans meet deadlines while smaller clinics and county programs lag, undermining interoperability goals.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.