The Delegation Governance Standard · DGS v1.0
A free published standard. Nothing to buy.
Every delegation is a promise on paper. Prove you're keeping it.
Executive Briefing · June 2026
Health plans delegate clinical and administrative functions to third parties. Between annual reviews, almost nobody is watching.
The industry answer has been the same for twenty years: annual oversight. Once a year, collect reports, review SLAs, file the results. A delegate that begins underperforming in February will not be assessed until January. Eleven months of degraded performance with nobody watching.
The annual cycle catches problems months after they start. It was designed to file results, not to catch failures in time.
The 2026 HPMS audit updates shifted from form-based validation to evaluating whether compliance programs actually govern delegated work. Ceremonial oversight will be flagged. The November 2025 HPMS memo requires oversight models to define risk ownership, monitoring expectations, escalation thresholds, and enforcement authority. CMP totals through 2025 already exceed the combined total for 2021 through 2024.
DGS v1.0 defines the minimum requirements for structured, continuous delegation oversight. It specifies what to monitor, how often, at what thresholds, with what response protocols, and with what documentation.
It is a free published standard. The full text and the self-assessment tools are open to every health plan, delegate, and regulator at covenantdgs.com. There is no subscription, no platform fee, and nothing to buy. Covenant is a tool, not a product.
The legal floor is already set. Under 42 CFR 422.504(i), the plan remains accountable for every entity in the delegation chain: first tier, downstream, and related. CMS audits the plan, not the delegate. The standard exists because the floor is not a program.
CMS audits all 550 MA contracts now. Delegation oversight is a top finding. Your spreadsheet is a liability.
Eight governance triggers, threshold-based rather than judgment-based. Each one specifies the required response, the responsible party, and the documentation generated. A trigger that fires without a documented response is a governance failure.
The standard scores every delegated entity on a 0-100 composite, weighted by function criticality and updated as monitoring data arrives. The sample certificate shows the score in use.
DGS specifies three monitoring tiers running simultaneously:
Automated data feeds. Claims turnaround, UM decisions, call center metrics, credentialing processing. Exceptions surface as they occur, not at year-end.
Monthly or quarterly structured assessments. Claims accuracy audits, UM appropriateness reviews, quality measure validation. Defined sampling methodology.
Triggered by governance events. Regulatory actions, leadership changes, data failures. May override the periodic schedule temporarily.
Everything below is published at covenantdgs.com, free. No login required to read the standard. Sign in only if you want to save your work.
There is no subscription, no platform fee, and no sales motion behind this deck. The standard is free and stays free. The work happens in your shop, with your people, against a published bar.
Audit firms show up once a year, find problems, and leave. The standard requires continuous monitoring, with the response protocol attached to the trigger before the breach ever happens.
Spreadsheets store data. They do not trigger responses. A plan with 10 delegates, 5 functions each, 6 metrics per function, monitored monthly generates 3,600 data points per year. Nobody governs that in Excel.
A plan running DGS produces the documentation trail regulators actually want to see. Not a binder assembled the week before an audit. A living record that shows continuous governance as it happened.
There is no implementation and no vendor. A plan adopts DGS v1.0 in its own shop, with its own people, on the data it already produces. Your delegates, your contracts, and your compliance staff all stay exactly where they are.
Read the standard and run the free self-assessment against your current oversight program. It takes an afternoon. The gaps it finds are the work plan.
Map your federal and state requirements to your delegation model, and map the chain to the bottom tier. Accountability does not stop at the first contract, and neither can your visibility.
Set the eight triggers with thresholds in your own monitoring. Run the escalation tiers with teeth. Document every trigger and every response. Then self-assess the program annually, because the standard requires it of itself.
DGS v1.0 was written by one operator, not a committee.
Joe Nalley built and sold a 13-location health system (200,000+ patients) and ClearBill ($9.2M returned to payers in its first six months), then built the governance methodology applied across 65,234 specialty patients that Covenant extends to delegation oversight. Today he is Staff VP, Carelon Growth (Elevance Health), owning six specialty risk books (MSK, Oncology, CHF, Maternity, Autoimmune, Dementia) across $50B+ in spend.
Part of the Corridor family: Cadence (specialty governance), Curated (episode-based care), Caliber (claims verification), Waybright (maternity navigation).
Adopt the standard. It is free, it is published, and the self-assessment takes an afternoon. The sample certificate shows what conformance looks like when it is written down.
If you want a second set of eyes on your delegation model, book 30 minutes. I'll bring the crosswalk for your states and we can walk your chain together.