Medi-Cal Connect Terms of Use

• Medi-Cal Connect
• Latest Features
• About RSST
• About
• Resources
• Help

Thank you for visiting the California Department of Health Care Services (DHCS) Medi-Cal Connect website and reviewing this Terms of Use Policy (Use Policy). This Use Policy informs you about the terms and conditions that apply when you access Medi-Cal Connect, as well as the privacy and security policies that govern DHCS’ collection and use of your information when you access Medi-Cal Connect. By proceeding to access and use Medi-Cal Connect, you accept the terms and policies described below. 

The Medi-Cal Connect website is operated by Gainwell Technologies on behalf of DHCS and this Use Policy complies, as applicable, with DHCS’ own Privacy Policy and Notice of Privacy Practices. This Use Policy is subject to change without notice as needed to comply with DHCS’ business practices. 

Medi-Cal Connect Service

The Medi-Cal Connect application (“Application”) allows Managed Care Plans (MCPs) and their networks and partners to work together to identify gaps in care for their Medi-Cal members and help address their care needs through community referrals and collaboration. MCPs and their affiliated providers and partners can use this website, including its predictive data analytics and assessment tools, to help bridge care gaps and reduce disparities.

This Application may only be used to access the healthcare information for individuals whose care is managed by you/your organization. As such, when using this Application, Protected Health Information may be displayed. Activities performed through this service may be logged and monitored. Unauthorized attempts to access or use this device, systems, or data may result in civil and/or criminal penalties under state and federal law.

By acknowledging this message, you are indicating your consent to these terms and are aware that any possible evidence of unauthorized access, criminal activity, or improper use may be provided to law enforcement officials. In addition, you understand you are responsible for ending access in the future if you no longer have legal authority to access information using the Application.

User Requirements for Accessing Medi-Cal Connect

This website and the information it contains are provided as a public service by the State of California. This system is monitored to ensure proper operation, to verify the functioning of applicable security features, and for comparable purposes. Anyone using this system expressly consents to such monitoring. Unauthorized attempts to modify any information stored on this system, to defeat or circumvent security features, or to utilize this system for other than its intended purposes are prohibited and may result in civil penalties and sanctions and criminal prosecution.

When you create or maintain a Medi-Cal Connect account, or access Medi-Cal Connect, you agree to:

• Provide true, accurate, current, and complete information when creating your account or when voluntarily submitting information to DHCS;  
• Maintain the confidentiality of your login credentials by not sharing your Medi-Cal Connect username and password with others, including other individuals within the same organization as you;
• Change your password immediately if you believe it has been compromised or unauthorized access to Medi-Cal Connect using your password has occurred;
• Notify Medi-CalConnectHelpDesk@gainwelltechnologies.com if your password is compromised or unauthorized access to Medi-Cal Connect using your password has occurred, including where the compromised password or unauthorized access occurs within the same organization as you;
• Restrict access to the computing device used to access your Medi-Cal Connect account by using the security tools available on the device, including enabling data encryption and creating a PIN for access; 
• Restrict access to the computing device used to access your account; 
• Not root or jailbreak devices you use with Medi-Cal Connect, as doing so can create security risks by removing your device’s built-in security measures and exposing sensitive information. 

Gainwell and DHCS reserve the right to refuse access to Medi-Cal Connect accounts that are operating in violation of this Use Policy or otherwise posing a threat to the privacy and security of other users.

Laws That Apply to DHCS Collection of Your Personal Information

When DHCS automatically collects your information or you volunteer to actively provide DHCS with your information when visiting the Medi-Cal Connect website, both state and federal privacy laws may protect the collection and use of your information. These laws may include, but are not limited to, the California Information Practices Act, California Government Code Section 11015.5, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Privacy Act of 1974. 

Note that once provided, all information collected through this website or voluntarily submitted to DHCS becomes a public record that may be subject to inspection and copying by the public under the California Public Records Act (PRA). Some types of information are exempted from disclosure, but not all. Protected health information (PHI), as defined under HIPAA, is not subject to disclosure under the PRA. In the event of a conflict between this Use Policy and the PRA or other applicable laws, the PRA and other applicable laws will control. 

The following provides an overview of the two laws that apply to most users accessing Medi-Cal Connect.

Under the California Information Practices Act (IPA), “personal information” is information maintained by a state agency “that identifies or describes an individual, including, but not limited to, the individual’s name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history.” (Civil Code § 1798.3.) Personal information includes “statements made by, or attributed to, the individual.” (Id.). The Information Practices Act only allows an agency to disclose information for specific purposes. (see Civil Code § 1798 et seq.)

Additional protections apply for electronically collected personal information.  Government Code section 11015.5 defines “electronically collected personal information “as information that: (1) “identifies or describes an individual user, ” (2) is gathered by a state agency through “any method, device, identifier, or other database application on the internet,” and is (3) maintained by a state agency. Government Code section 11015.5 restricts how agencies can use electronically collected personal information, subject to specified allowances or permission from the individual user.

Note that two types of information are excluded from the definition of electronically collected personal information under Government Code section 11015.5. First, information that a user manually submits to an agency is excluded, whether electronically or in written form. Second, information on or relating to individual users who are serving in a business capacity, including, but not limited to, business owners, officers, or principals of that business. 

How DHCS Uses Information it Automatically Collects From You

DHCS automatically collects personal information from individuals who access the Medi-Cal Connect website. This information may be used to identify you, record your interactions with the website, and generate statistics used to manage the website.

The following information is automatically collected and stored when you visit the Medi-Cal Connect website:

1. The IP address and domain name used; 
2. The internet browser and operating system used;
3. The date and time you visited Medi-Cal Connect;
4. The webpages or services you accessed in Medi-Cal Connect;
5. Any form downloaded in Medi-Cal Connect.

In accordance with Government Code § 11015.5(a)(6), DHCS does not sell electronically collected personal information, as defined above, without the permission of the user. Any other distribution of electronically collected personal information will be in accordance with Government Code § 11015.5. 

Additionally, this website does not use cookies for advertising or tracking. However, cookies may be used for authentication, security, and site functionality. If you change your browser settings to deny or alter the use of cookies, this may interfere with the operation of this website.

How DHCS Uses Information You Voluntarily Submit

If you voluntarily submit information to DHCS by sending us an e-mail with a comment or question, we may use your information to improve our services or to respond to your request. If permitted by law, DHCS may forward your e-mail to State employees, including those at other State agencies, who may be better able to help you.  We may otherwise share your e-mail as permitted or required by law. 

Your Discard Right for Personal Information

Under Government Code § 11015.5, upon request, you may have any electronically collected personal information discarded without reuse or distribution, provided we are contacted in a timely fashion. Under the California IPA, you have the right to inquire and be notified about the information that DHCS maintains about you, and may additionally have rights of inspection, amendment, or dispute where a requested amendment is denied. (Civil Code §§ 1798.32-1798.44.) 

Links to Other Websites

Medi-Cal Connect may link to other websites that are useful to you. When you follow links to other websites, you are no longer on Medi-Cal Connect and are subject to the privacy policy of the new website. DHCS accepts no responsibility for the content or accessibility of external websites or external documents linked to this website.

Limitation of Liability

DHCS attempts to maintain the highest accuracy of content on its websites. Any errors or omissions should be reported for investigation.

DHCS makes no claims, promises, or guarantees about the absolute accuracy, completeness, or adequacy of the contents of this website and expressly disclaims liability for errors and omissions in the contents of this website. No warranty of any kind, implied, expressed, or statutory, including but not limited to the warranties of non-infringement of third-party rights, title, merchantability, fitness for a particular purpose, and freedom from computer virus, is given with respect to the contents of this website or its hyperlinks to other Internet resources. Reference in this website to any specific commercial products, processes, or services, or the use of any trade, firm, or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favoring by the State of California, or its employees or agents.

How We Safeguard PHI/PI

DHCS and Gainwell Technologies have taken several steps to safeguard the integrity of its telecommunications and computing infrastructure, including but not limited to authentication, monitoring, auditing, and encryption. Security measures have been integrated into the design, implementation, and day-to-day practices of the entire State operating environment as part of its continuing commitment to risk management. 

To safeguard personal information (PI), protected health information (PHI) as defined by HIPAA, and personally identifiable information (PII) contained in this Application or automatically collected from users accessing this application, we do the following:

• Enable the use of multi-factor authentication for users of this Application by default. Multi-factor authentication is required when you register and log on to this Application initially and when you log on from another device.
• Use encrypted connections for secure communication between servers.
• Encrypt data when it is in storage.
• Maintain internal policies and processes that limit access to PHI in the Application based on a user’s role and need for information.
• Follow DHCS’ retention and deletion policies to help us ensure we only store information we are authorized to maintain and display as part of the services.

This Use policy is dated September 19, 2025.