AB 682 requires health insurers to include detailed, month-by-month claims processing and dispute-resolution data in an annual report (or another commissioner-prescribed report). The data set covers counts and costs of claims denied, adjusted, or contested; in-network and out-of-network splits; the reasons for denials; procedure- and diagnosis-level cost data; and whether contested claims that were ultimately denied were ever processed or reviewed using artificial intelligence.
The bill phases in demographic disaggregation starting January 1, 2029.
The Department must receive the filings, publish insurer-level results online, and protect patient privacy through deidentification rules; the commissioner can reject deficient filings and assess administrative penalties. The measure substantially raises transparency for regulators, researchers, providers, and purchasers while creating operational, privacy, and compliance demands for insurers and potential data governance questions for the state.
At a Glance
What It Does
The bill specifies a long list of monthly data elements insurers must collect and report annually, including counts and total costs of denied, adjusted, and contested claims, broken out by network status, provider type, denial reason, specific procedures/diagnoses, and—starting in 2029—six demographic categories. It also requires disclosure of whether contested claims that were denied were at any point processed, adjudicated, or reviewed using artificial intelligence or predictive algorithms.
Who It Affects
All health insurers subject to the chapter (including plans that process in-network and out-of-network claims) plus third-party administrators who file on insurers’ behalf, contracted and noncontracted providers whose claims will be visible in the data, and the state regulator that must ingest, review, and publish the reports.
Why It Matters
This creates a public, insurer-by-insurer dataset that can surface denial patterns, network differences, procedure-level costs, demographic disparities, and the extent of AI use in claims handling. For compliance officers and health system leaders, it changes recordkeeping, reporting pipelines, and risk exposure; for regulators and advocates, it supplies a new enforcement and research tool.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill creates a structured reporting obligation for insurers to capture what happens to claims each month and to explain why claims are denied, adjusted, or contested. Insurers must track both counts and the ‘total cost’ (defined as the negotiated or expected amount the provider receives) for these categories.
The statute distinguishes in-network versus out-of-network activity, separates timeliness bands (paid/adjusted within 30 days versus beyond 30 days) and asks insurers to attribute denials to a detailed set of reasons—from medical necessity to clerical errors—plus an open “other” bucket that insurers must explain.
AB 682 phases in demographic reporting: insurers must begin reporting counts and costs by age, gender identity, sex, ethnicity, disability, and sexual orientation on and after January 1, 2029. The bill also requires procedure- and diagnosis-level breakdowns, which creates a dataset that ties denial patterns to specific clinical codes.
For contested claims, insurers must flag any claim that was, at any point, processed, adjudicated, or reviewed with artificial intelligence or predictive algorithms and that was ultimately denied.Insurers submit the prior calendar year’s data in a department-prescribed format and the Department posts insurer-level results online after applying deidentification standards and small-number suppression (claims for fewer than 11 individuals are aggregated). The commissioner may reject filings for deficiencies, require corrections within 30 days, and levy administrative penalties if the insurer fails to remedy defects.
The bill empowers the commissioner to define the form and verification process for filings and explicitly exempts creation of the form from the Administrative Procedure Act, speeding implementation but limiting public rulemaking input.Finally, the statute supplies operational definitions—such as what counts as an adjudicated or contested claim and how to calculate total cost—that will govern reporting. Those definitions matter because they determine what hits an insurer’s reporting pipeline, how many records must be retained and reconciled, and how external researchers and regulators can interpret the published figures.
The Five Things You Need to Know
Insurers must report monthly counts and total costs for claims that were denied, adjusted, or contested, separately for in-network and out-of-network claims and by provider type.
Beginning January 1, 2029, the reporting must include disaggregation by age, gender identity, sex, ethnicity, disability, and sexual orientation.
Insurers must identify the reason for each denied/adjusted/contested claim using a detailed list (e.g.
out-of-network, lack of prior authorization, medical necessity, clerical error), and specify the reason when using the catch-all “other.”, Reports for the prior calendar year must be submitted in a department-prescribed format (first due Feb 1, 2028) and the department must publish insurer-level results online (first posted by April 15, 2028), with suppression for cell sizes under 11.
For contested claims that were denied, insurers must report whether the claim was at any point processed, adjudicated, or reviewed with artificial intelligence or predictive algorithms.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Detailed monthly data elements insurers must collect
This subdivision lists the reportable items: monthly counts and total costs for processed/adjudicated claims and those denied, adjusted, or contested; in-network versus out-of-network splits; timeliness of payment (within or beyond 30 days) by provider type; an enumerated set of denial reasons; procedure- and diagnosis-level cost data; demographic breakdowns phased in for 2029; and a requirement to flag contested claims that were subject to AI review. Practically, insurers must map internal claims statuses and denial codes to these buckets and ensure cost accounting aligns with the statutory ‘total cost’ definition.
Filing schedule, publication, and privacy protections
Insurers must submit the prior calendar year’s data to the department in a prescribed form by Feb 1 (first submission due Feb 1, 2028) and the department must post the information by April 15. The department must publish insurer-level data, but it must deidentify information and suppress cells where a disaggregation represents fewer than 11 individuals. The subdivision ties public disclosure to state and federal privacy laws, requiring the department to set deidentification standards that comply with HIPAA and California medical privacy statutes.
Commissioner review and penalties for deficient filings
The commissioner can reject any filing, notify the insurer of the deficiency, and require correction within 30 days; the commissioner retains copies of rejected filings. If an insurer fails to correct a rejected filing, the commissioner may assess an administrative penalty. This creates a compliance loop requiring insurers to maintain the ability to remediate data quality issues quickly and builds a formal enforcement lever for the regulator.
Rulemaking authority and verification; APA exemption
The commissioner may prescribe the form and content of the reports and require verification as the commissioner sees fit. The bill explicitly states that creation of the form is exempt from the Administrative Procedure Act, which allows the department to adopt the reporting form without the normal notice-and-comment procedures. That expedites implementation but concentrates technical decisions inside the regulator rather than in public rulemaking.
Key definitions that drive reporting scope
Defines core terms such as adjudicated, adjusted, contested claim, lack of efficacy, artificial intelligence (by reference to Section 10123.135), claim, and total cost. Those statutory definitions set the boundaries of what counts for reporting, and they will be central to compliance because small shifts in interpretation—what counts as ‘contested’ or how to calculate ‘total cost’—can materially change reported volumes and dollar amounts.
This bill is one of many.
Codify tracks hundreds of bills on Healthcare across all five countries.
Explore Healthcare in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- State regulators and the department: Gain a structured, insurer-by-insurer dataset to detect systemic denial patterns, monitor network adequacy, and prioritize investigations.
- Patient advocates and researchers: Obtain public, code-level data to analyze disparities in denials and access across demographic groups and procedures once the 2029 demographic splits are live.
- Large purchasers and employers: Can use insurer-level disclosures to assess plan performance on timeliness, denial reasons, and out-of-network costs when selecting or negotiating benefits.
Who Bears the Cost
- Health insurers and third‑party administrators: Must build or adapt data pipelines to map internal claim statuses, denial codes, provider types, and cost accounting to the statutory buckets and to compile monthly rolls for annual submission.
- Smaller plans and community insurers: Face proportionally higher compliance overhead for data transformation, verification, and potential penalties for filing deficiencies.
- The state department/regulator: Must resource secure ingestion, deidentification, small‑n suppression, publication tooling, and complaint review—tasks that can be resource intensive if filings are large or inconsistent.
Key Issues
The Core Tension
AB 682 pits the policy goal of public, granular oversight of claim denials and AI use against competing demands: protecting patient privacy and keeping reporting feasible. Greater granularity improves accountability but increases reidentification risk and imposes real operational costs on insurers and the regulator; at the same time, narrower scope or higher suppression thresholds would blunt the law’s ability to reveal disparities and system failures.
The bill pursues granular transparency but leaves several practical implementation questions unresolved. First, the utility of demographic disaggregation depends on the accuracy and sourcing of those fields: insurers’ administrative records may mix self-reported, inferred, or missing values, which will influence both data quality and legal exposure.
Second, the statute’s requirement to report AI involvement applies only to contested claims that were denied and that were at some point processed, adjudicated, or reviewed with AI; that scope may undercount AI use that assists payers in other stages of claims handling or in approvals that do not result in a denial. Third, the law requires procedure- and diagnosis-level cost reporting, which improves transparency but raises reidentification risks and forces the department to balance suppression thresholds against analytic value.
The exemption from the Administrative Procedure Act accelerates form creation but also removes public vetting of technical definitions and file formats; insurers may face abrupt changes when the commissioner prescribes forms. Finally, enforcement levers (rejection and administrative penalties) rely on the department’s capacity to validate complex, large-scale datasets; inconsistent review standards or under-resourcing could produce uneven enforcement or data of limited comparability across insurers.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.