WY
WA
UT
OR
NM
NV
MT
ID
HI
CO
CA
AZ
AK
WV
VA
TN
SC
OK
NC
MS
MD
LA
KY
GA
FL
DE
AR
AL
TX
WI
SD
OH
ND
NE
MN
MI
IN
IA
IL
MO
KS
VT
NY
NH
ME
RI
NJ
MA
CT
PA
State AI Health Tracker
The map below summarizes the scope and applicability of state laws impacting the use of artificial intelligence in healthcare. Click on the stakeholder type to filter laws applicable to health care providers, health insurance, and digital health. For more detailed analyses of these and similar laws and emerging issues, see our linked thought leadership page and consult our team of Holland & Knight attorneys.
Health Insurance
Digital Health and Health Privacy
Health Providers
No Current Legislation
Click the Stakeholder Type Below to View Applicable Legislation
DISCLAIMER »
DISCLAIMER The information presented herein is updated as of October 23, 2025. This site does not constitute legal advice or establish an attorney-client relationship between you and Holland & Knight. You should consult a licensed attorney to assess and evaluate the contents of this website to verify their accuracy and their applicability to you or your affiliates. By accessing this site, you accept that this tool is not a replacement for legal counsel.
Title: Insurance Department Bulletin No. MC-25 Enactment Date: Feb. 26, 2024 Summary: Requires insurers to establish and implement written artificial intelligence (AI) systems programs to ensure use of AI does not result unfair trade or claims settlement practices, or produce outcomes that are inaccurate, arbitrary, capricious, or unfairly discriminatory. Insurers must complete an AI certification annually by Sept. 1.
Connecticut
Title: Department of Financial Services, Insurance Circular Letter No. 7 Enactment Date: July 11, 2024 Summary: Requires insurers to establish and implement a corporate governance framework that provides oversight over the use of artificial intelligence (AI) to ensure compliance with insurance laws and regulations promulgated thereunder. Title: S. 7553 Summary: Requires a clinical peer reviewer to render any adverse determination in the utilization process. A clinical peer reviewer may be a licensed physician or licensed healthcare professional who is of the same profession and specialty as the patient's treating provider. The law does not speak to the use of artificial intelligence (AI), but the effect is that a utilization review entity may not rely on AI alone to issue an adverse determination in the prior authorization process. Code Citation: NY Insurance Law § 4903
New York
Reset Map
DC
Title: Department of Commerce, Community and Economic Development (DCCED) Bulletin B 24-01 Enactment Date: Feb. 1, 2024 Summary: Requires insurers to establish and implement written artificial intelligence (AI) systems programs to ensure use of AI does not result unfair trade or claims settlement practices, or produce outcomes that are inaccurate, arbitrary, capricious or unfairly discriminatory. Title: HB 372 Enactment Date: Oct. 16, 2016 Summary: Requires utilization review programs to use qualified healthcare professionals to administer utilization review programs and oversee utilization review decisions. Requires a clinical peer to evaluate the clinical appropriateness of adverse determinations. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot deny a prior authorization request on the basis of AI alone; it must involve a healthcare provider. Code Citation: 3 AK Admin. Code 28.908
Alaska
Title: Arkansas Insurance Deptartment Bulletin 13-2024 Enactment Date: July 31, 2024 Summary: Requires insurers to establish and implement written artificial intelligence (AI) systems programs to ensure use of AI does not result unfair trade or claims settlement practices, or produce outcomes that are inaccurate, arbitrary, capricious or unfairly discriminatory. Title: Prior Authorization Transparency Act Enactment Date: 2017 Summary: Provides that a request for prior authorization (PA) may be approved by a "qualified person" employed or contracted by a utilization review entity; however, an adverse determination regarding a PA request must be made by a physician who possesses a current and unrestricted license to practice medicine in Arkansas. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: A.C.A. § 23-99-1111
Arkansas
Title: SB 1120 Enactment Date: Sept. 28, 2024 Summary of Legislation: Regulates the use of artificial intelligence (AI), algorithms and other software tools in utilization review (UR) activities. The law requires that a qualified healthcare practitioner review UR medical necessity and coverage determinations, to ensure that decisions affecting healthcare services are not left solely to automated systems. Code Citation: Cal. Health & Saf. Code § 1367.01; Cal. Ins. Code § 10123.135. HK Insight: Regulation of AI in Healthcare Utilization Management and Prior Authorization Increases (Oct. 31, 2024)
California
Title: SB21-169, Protecting Consumers from Unfair Discrimination in Insurance Practices Enactment Date: July 6, 2021 Summary: Prohibits insurers from using algorithms and predictive models that use external consumer data and information sources (ECDIS) to unfairly discriminate against consumers, based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity or gender expression. Code Citation: Colo. Rev. Stat. § 10-3-1104.9. Title: SB24-205 Colorado Consumer Protections in Interactions with Artificial Intelligence Systems Act of 2023 Enactment Date: May 17, 2024 (effective June 30, 2026) Summary: Requires developers and deployers of "high risk AI systems" to conduct impact assessments to ensure the accuracy and fairness of the artificial intelligence (AI) system and take corrective action if necessary. The act also requires deployers (e.g., health insurance companies) to notify individuals of AI-generated "consequential decisions" and how the AI system specifically contributed to the decision and provides individuals with a right to appeal such decisions. The act further requires companies that use AI for "profiling" that results in legal or similarly significant effects, including decisions resulting in provision or denial of insurance and health care services, to provide consumers an opt-out right for such profiling. Code Citation: Colo. Rev. Stat. § 6-1-1701 et seq. HK Insight: Regulation of AI in Healthcare Utilization Management and Prior Authorization Increases (Oct. 31, 2024)
Colorado
Title: Department of Insurance, Securities and Banking Bulletin 24-IB-002-05/21 Enactment Date: May 21, 2024 Summary: Requires insurers to establish and implement written artificial intelligence (AI) system programs to ensure use of AI does not result in outcomes that violate the D.C. Unfair Insurance Trade Practices Act, including outcomes that are inaccurate, arbitrary, capricious or unfairly discriminatory. Title: Prior Authorization Reform Amendment Act of 2023 Enactment Date: Jan. 17, 2024 Summary: Provides that only a licensed healthcare professional who is of the same specialty as the physician who manages the medical condition of the patient can make an adverse determination regarding a prior authorization (PA) request. The law does not directly address the use of artificial intelligence (AI) in the PA process, but the effect is that only a healthcare professional can make an adverse determination. Code Citation: DC ST § 31-3875.06
District of Columbia
Title: HB2472 (Public Act 103-0656) Enactment Date: Jan. 1, 2025 Summary of Legislation: Provides that only licensed healthcare professional can make adverse determinations regarding the medical necessity of a healthcare service in the prior authorization process. However, the bill allows either a healthcare professional or an "accredited automated process" to certify the medical necessity of a healthcare service. Code Citation: 215 ILCS 5/143.31 HK Insight: Regulation of AI in Healthcare Utilization Management and Prior Authorization Increases (Oct. 31, 2025) Title: DOI Company Bulletin 2024-08 Enactment Date: March 13, 2024 Summary: Requires insurers to establish and implement written artificial intelligence (AI) systems programs to ensure use of AI does not result in violations of Illinois unfair competition laws, which include outcomes that are inaccurate, arbitrary, capricious or unfairly discriminatory.
Illinois
Title: Insurance Division Bulletin 24-04 Enactment Date: Nov. 7, 2024 Summary: Requires insurers to establish and implement written artificial intelligence (AI) systems programs to ensure use of AI does not result in violations of Iowa unfair competition laws, which include outcomes that are inaccurate, arbitrary, capricious, or unfairly discriminatory.
Iowa
Title: Department of Insurance Bulletin 2024-02 Enactment Date: April 16, 2024 Summary: Requires insurers to establish and implement a written artificial intelligence (AI) system program to ensure use of AI does not result in unfair trade practices or unfair claims settlement practices, including unfairly discriminatory outcomes for consumers. Title: SB 54 Enactment Date: March 26, 2019 Summary: Requires insurers or private review agents to utilize licensed physicians to make a utilization review decision to deny, reduce, limit or terminate a healthcare benefit or to deny or reduce payment for a healthcare service because that service is not medically necessary or is experimental or investigational. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a prior authorization request; a healthcare provider must render the ultimate determination. Code Citation: KRS § 304.17A-607
Kentucky
Title: Maryland Insurance Administration Bulletin No. 24-11 Enactment Date: April 22, 2024 Summary: Requires insurers to establish and implement a written artificial intelligence (AI) systems program to ensure use of AI does not result in unfair trade practices or unfair claims settlement practices, including unfairly discriminatory outcomes for consumers. Title: HB 820 Enactment Date: May 20, 2025 (Effective Date: October 1, 2025) Summary: Requires insurers, HMOs, DSOs, PBMs, private review agents, and other providers of health benefit plans (an “Entity”) to ensure that its use of AI, algorithms, or other software tools bases its determinations in the utilization review process on an enrollee’s clinical history and individual clinical circumstances. An Entity may not base its determinations solely on a group dataset or use AI or an algorithm in such a way that results in unfair discrimination. The Entity must conduct quarterly audits of its AI systems and algorithms to ensure accuracy, and further, must allow the Insurance Commissioner to inspect for audit or compliance reviews the AI system and/or algorithms. Citation: Maryland Code, §15-10B-05.1
Maryland
Title: Office of Consumer Affairs and Business Regulation, Division of Insurance, Bulletin 2024-10 Enactment Date: Dec. 9, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in violations of the Massachusetts Unfair Insurance Practices Act, including unfairly discriminatory outcomes for consumers resulting from the use of AI.
Massachusetts
Title: Michigan Deptartment of Insurance and Financial Services, Bulletin 2024-20-INS Enactment Date: Aug. 7, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in violations of the Michigan Unfair and Prohibited Trade Practices and Frauds Act, which include decisions based on AI that are inaccurate, arbitrary, capricious, or unfairly discriminatory. Title: SB 247 Enactment Date: April 12, 2022 Summary: Requires an adverse determination regarding a request for a prior authorization (PA) for a medical benefit or prescription drug benefit to be made by a licensed physician or a licensed pharmacist, respectively. The licensed physician (or pharmacist) must make the adverse determination under the general direction of the insurer's medical director who oversees the utilization management program. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: MLCA 500.2212e
Michigan
Title: Nebraska Deptartment of Insurance, Guidance Document No. IGD - - H1 Enactment Date: June 11, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in violations of the Michigan Unfair Trade Practices Act and Unfair Claims Settlement Practices Act, which include decisions based on AI that are inaccurate, arbitrary, capricious or unfairly discriminatory. Title: Ensuring Transparency in Prior Authorization Act Enactment Date: June 4, 2025 (Effective January 1, 2026) Summary: Requires utilization review (UR) agents to ensure that all adverse determinations for prior authorization requests are made by a physician or clinical peer. The law further prohibits UR agents from relying solely on artificial intelligence (AI)-based algorithms to deny, delay, or modify healthcare services based on medical necessity. Additionally, the law mandates that UR agents disclose its use of AI to the state Department of Insurance, in-network providers, enrollees, and on the agent’s public website. The law also authorizes the department to audit AI-driven utilization management systems at any time, including through third-party contractors. Code Citation: LB77, 109th Leg., 1st Sess. § 12 (Neb. 2025)
Nebraska
Title: New Hampshire Insurance Department., Bulletin Docket #INS 24-011-AB Enactment Date: Feb. 20, 2024 Summary: Requires insurers to establish and implement a written artificial intelligence (AI) systems program to ensure use of AI does not result in unfair trade practices, including unfairly discriminatory outcomes for consumers.
New Hampshire
Title: Nevada Department of Business and Industry, Division of Insurance, Bulletin 24-001 Enactment Date: Feb. 23, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in violations of Nevada’s Unfair Trade Practices Act, including decisions based on AI that are inaccurate, arbitrary, capricious or unfairly discriminatory.
Nevada
Title: North Carolina Department of Insurance, Bulletin 24-B-19 Enactment Date: Dec. 18, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not violate North Carolian laws on unfair trade practices or unfair claims settlement practices, which includes decisions predicated on inaccurate, arbitrary, capricious or unfairly discriminatory applications of AI.
North Carolina
Title: Bulletin No. 2024-11 Enactment Date: Nov. 14, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in violations of Oklahoma’s Unfair Practices and Frauds Act and Unfair Claims Settlement Practices Act, which includes decisions predicated on inaccurate, arbitrary, capricious or unfairly discriminatory applications of AI. Title: Ensuring Transparency in Prior Authorization Act Enactment Date: May 15, 2024 Summary: Mandates that only qualified physicians or licensed mental health professionals (as applicable) can render an adverse determination in response to a prior authorization (PA) request. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: 36 Okl.St.Ann. § 6570.11
Oklahoma
Title: Insurance Department Notice 2024-04 Enactment Date: April 6, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in unfair trade practices, including arbitrary, inaccurate or unfairly discriminatory outcomes for consumers. Title: SB 225 Enactment Date: Nov. 3, 2022 Summary: Provides that utilization review that results in a denial of payment for a healthcare service shall be made by a licensed physician, psychologist or dentist (depending on the service). The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer or utilization review entity cannot use AI alone to deny a prior authorization request. Code Citation: 40 P.S. § 991.2152
Pennsylvania
Title: Insurance Bulletin No. 2024-03 Enactment Date: March 15, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in unfair trade practices or unfair claims settlement practices, including unfairly discriminatory outcomes for consumers. Title: H5175 Enactment Date: Aug. 3, 2017 Summary: The Rhode Island Benefit Determination and Utilization Review Act requires a licensed practitioner to make all adverse benefit determinations for healthcare service that had been ordered by a physician, dentist or other practitioner, including the denial of a prior authorization (PA) request. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request; a healthcare provider must render the ultimate determination. Code Citation: RI Gen L § 27-18.9-5
Rhode Island
Title: Insurance Bulletin No. 229 Enactment Date: March 12, 2024 Summary: Requires insurers to establish and implement a written artificial intelligence (AI) system program to ensure use of AI does not result in unfair trade practices or unfair claims settlement practices, including unfairly discriminatory outcomes for consumers.
Vermont
Title: Office of Insurance Commissioner, Technical Assistance Advisory 2024-02 Enactment Date: April 22, 2024 Summary: Requires insurers to establish and implement a written Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in unfair trade practices or unfair claims settlement practices, including unfairly discriminatory outcomes for consumers.
Washington
Title: Insurance Bulletin No. 24-06 Enactment Date: Aug. 9, 2024 Summary: Requires insurers to establish and implement an Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in state laws concerning unfair trade practices or unfair claims settlement practices, including arbitrary, inaccurate or unfairly discriminatory decisions that adversely impact customers.
West Virginia
Title: Office of the Commissioner of Insurance, Bulletin: Use of AI System in Insurance Enactment Date: March 18, 2025 Summary: Requires insurers to establish and implement a written Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in unfair marketing practices or unfair claims settlement practices, including unfairly discriminatory outcomes for consumers.
Wisconsin
Title: Virginia Bureau of Insurance, Administrative Letter 2024-01 Enactment Date: July 22, 2024 Summary: Requires insurers to establish and implement a written Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in unfair trade practices, unfair claims settlement practices, or unfair discrimination.
Virginia
Title: New Jersey Department of Banking and Insurance, Bulletin No. 25-03 Enactment Date: Feb. 11, 2025 Summary: Requires insurers to establish and implement a written Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in violations of the New Jersey Unfair Trade Practices Act or Unfair Claims Settlement Practice Act. Title: Ensuring Transparency in Prior Authorization Act Enactment Date: Jan. 16, 2024 Summary: Provides that any denial of a prior authorization (PA) request must be approved by a physician acting under the clinical director of a payer who is licensed to practice medicine in New Jersey. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: N.J. Stat § 17B:30-55.8
New Jersey
Title: Department of Insurance, Domestic and Foreign Bulletin No. 148 Enactment Date: Feb. 5, 2025 Summary: Requires insurers to establish and implement a written Automated Indicator Sharing (AIS) program to ensure use of artificial intelligence (AI) does not result in violations of the Delaware Unfair Trade Practices Act or Unfair Claims Settlement Practices Act.
Delaware
Title: Health Care Service Utilization Review Act Enactment Date: May 6, 1994 Summary: Requires any determination by a utilization review agent as to the necessity or appropriateness of an admission, service or procedure or to make it be reviewed by a physician or determined in accordance with standards or guidelines approved by a physician. The law does not address the use of artificial intelligence (AI). Code Citation: Ala.Code 1975 § 27-3A-5
Alabama
Title: Ensuring Transparency in Prior Authorization Act Enactment Date: March 4, 2024 Summary: Requires adverse determinations in the prior authorization (PA) process to be made by physicians or other licensed healthcare professionals who have 1) sufficient medical knowledge in an applicable practice area or specialty, 2) knowledge of the coverage criteria, 3) a current and unrestricted license to practice within the U.S. and 4) knowledge of the applicable person's medical history and diagnosis. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: W.S.1977 § 26-55-104
Wyoming
Title: Prior Authorization Fairness Act Enactment Date: May 19, 2023 Summary: Requires an adverse determination regarding a request for prior authorization (PA) for a healthcare service to be made by a licensed physician or healthcare professional with the same or a similar specialty as the healthcare professional requesting the PA. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: Tenn. Code § 56-7-3703
Tennessee
Title: Ensuring Transparency in Prior Authorization Act Enactment Date: May 10, 2021 Summary: Mandates that utilization review entities have a "clinical peer" review the clinical appropriateness of an adverse determination to a prior authorization (PA) request. Additionally, the utilization review entity may not issue an adverse determination until a clinical peer consults with the patient's treating provider. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: O.C.G.A § 33-46-1 et seq.
Georgia
Title: SB380 Enactment Date: May 19, 2023 Summary: The bill requires an adverse determination regarding a request for a prior authorization (PA) for a prescription drug benefit to be made by a physician whose specialty focuses on the diagnosis and treatment of the condition for which the prescription drug was prescribed. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer cannot use AI alone to deny a PA request for a prescription drug benefit. Code Citation: MCA 33-32-221
Montana
Title: Mississippi Prior Authorization Reform Act (SB 2140) Enactment Date: March 1, 2024 Summary: A utilization review program cannot issue an adverse determination on any question relating to medical necessity (including a prior authorization (PA) request) without the prior evaluation and concurrence of a physician licensed in Mississippi. The law does specifically address the use of artificial intelligence (AI) in the PA process, but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: Miss. Code Ann. § 41-83-31
Mississippi
Title: SF 3204 Enactment Date: May 27, 2020 Summary: Requires utilization review organizations to have a physician review and make adverse determinations in all cases in which the utilization review entity has concluded that an adverse determination for clinical reasons is appropriate. The physician must be licensed in Minnesota and be of the same speciality as the patient's treating provider. The law does specifically address the use of artificial intelligence (AI) in the prior authorization (PA) process, but the effect is that an insurer cannot use AI alone to deny a PA request. Code Citation: M.S.A. § 62M.09
Minnesota
Title: SB 2280 Enactment Date: April 24, 2025 (Effective Jan. 1, 2026) Summary: Requires "prior authorization review organizations" to ensure all adverse determinations are made by a licensed physician, licensed dentist or licensed pharmacist. The reviewing individual must make the adverse determination under the clinical direction of one of the prior authorization review organization's medical directors who is responsible for the healthcare services provided to enrollees. The law does not specifically address the use of artificial intelligence (AI), but the effect is that an insurer or utilization review entity cannot use AI alone to deny a prior authorization request. Code Citation: N.D. Cent. Code § 26.1-36.12-03
North Dakota
Title: HB 2175 Enactment Date: May 12, 2025 Summary: Provides that before a healthcare insurer or its utilization plan may deny a prior authorization (PA) request, the medical director must individually review the denial and "may not rely solely on recommendations from any other source." The law was enacted specifically in response to artificial intelligence (AI), and the effect of the legislation is that an insurer or a utilization review entity cannot use AI alone to deny a PA request.
Arizona
Title: Use of Artificial Intelligence-Based Algorithms (SB 815) Enactment Date: June 20, 2025 (effective Sept. 1, 2025) Summary: Amends Section 4201.156 of the Texas Insurance Code to regulate the use of artificial intelligence (AI) in utilization review (UR) processes for health benefit plans. The law prohibits UR agents from utilizing “automated decision systems” to the use of AI-based algorithms to make, in whole or in part, an adverse determination regarding the provision of health care services to a patient. The law does permit UR agents to utilize AI systems, algorithms, and automated decision systems for administrative support and fraud-detection functions. The law further authorizes the Texas Department of Insurance to audit a UR agent’s use of automated decision system. Code Citation: Tex. Ins. Code § 4201.156
Texas
Title: California Consumer Privacy Act of 2018 Enactment Date: June 28, 2018 (effective Jan. 1, 2020) Summary: Provides consumers with a right to limit a company's use and disclosure of sensitive personal information, including biometric and genetic data. Directs the Attorney General (AG) to develop and issue regulations governing access and opt-out rights with a respect to business use of automated decision making technology, including profiling decisions concerning a person’s health. The act also requires the AG to develop regulations that requires companies to conduct privacy risk assessments for processing activities that present a "significant risk" to consumers’ privacy or security. There are exemptions for "covered entities" or protected health information to the extent regulated under the Health Insurance Portability and Accountability Act (HIPAA) or California Confidentiality of Medical Information Act (CMIA). Additional regulations are forthcoming. Code Citation: Cal. Civ. Code § 1798.100 et seq. Title: California AB 2013 (Artificial Intelligence Training Data Transparency) Enactment Date: Sept. 28, 2024 (effective Jan. 1, 2026) Summary: Requires "developers" of "generative artificial intelligence" made publicly available to Californians, to post documentation summarizing the data used by the developer to train the generative artificial intelligence. There are several exceptions including for generative artificial intelligence used by a hospital's medical staff member. Code Citation: Cal. Civ. Code, section 3110 et seq. Read more »
Title: Colorado Privacy Act (as amended by House Bill 24-1130) Enactment Date: July 7, 2021 (general provisions effective July 1, 2023; provisions on biometric data effective July 1, 2025) Summary: Regulates processing of "sensitive data," including mental or physical health condition or diagnosis, biometric data, genetic data and "sensitive data inferences." Also regulates use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. The law contains numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Colo. Rev. Stat. § 6-1-1301 Title: Colorado Consumer Protections in Interactions with Artificial Intelligence Systems Act of 2023 Enactment Date: May 17, 2024 (effective June 30, 2026) Summary: Creates a "duty of care" and other obligations for developers and deployers of artificial intelligence (AI) systems used to make decisions that have "a material legal or similarly significant effect on the provision or denial to any consumer of, or the cost or terms of" certain opportunities and services, including health care services. The law does not apply to certain decisions made by businesses that are "covered entities" under HIPAA. Code Citation: Colo. Rev. Stat. § 6-1-1701 et seq. HK Insights: Colorado Legislature Approves AI Bill Targeting "High-Risk" Systems and AI Labeling (May 16, 2024); Regulation of AI in Healthcare Utilization Management and Prior Authorization Increases (Oct. 31, 2024)
Title: Connecticut Data Privacy Act Enactment Date: May 10, 2022 (effective July 1, 2023) Summary: Regulates processing of "sensitive data," including "mental or physical health condition or diagnosis," "consumer health data," biometric data and genetic data. Also regulates use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. The law contains numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Connecticut General Statutes, Section 42-515 et seq.
Title: Delaware Personal Data Privacy Act Enactment Date: May 19, 2023 (effective Jan. 1, 2025) Summary: Regulates processing of "sensitive data," including "mental or physical health condition or diagnosis," biometric data and genetic data. Also regulates use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. The law contains numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Delaware Code, Section 12D-101 et seq.
Title: Indiana Consumer Data Protection Act Enactment Date: May 1, 2023 (effective Jan. 1, 2026) Summary: Regulates processing of "sensitive data," including “mental or physical health diagnosis" made by a healthcare provider, biometric data and genetic data. Also regulates use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. The law contains numerous exceptions and exemptions, including for businesses that are covered entities under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: IC 24-15-1-1 et. seq.
Indiana
Title: Kentucky Consumer Data Protection Act Enactment Date: April 4, 2024 (effective Jan. 1, 2026) Summary: Regulates processing "sensitive data," including “mental or physical health diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities under HIPAA." Code Citation: KRS 367.110 et seq.
Title: Maryland Online Data Privacy Act Enactment Date: May 9, 2024 (effective Oct. 1, 2025) Summary: Regulates processing of "sensitive data, including "consumer health data," unless strictly necessary to provide a service requested by the consumer. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Md. Code, Com. § 14-4701 et seq.
Title: Minnesota Consumer Data Privacy Act Enactment Date: May 24, 2024 (effective July 31, 2025) Summary: Regulates processing "sensitive data," including "mental or physical health condition or diagnosis," biometric data and genetic data." Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Minn. Stat. 325M.10 et seq.
Title: Montana Consumer Data Privacy Act Enactment Date: May 19, 2023 (Effective Oct. 1, 2024) Summary: Regulates processing of "sensitive data," including "mental or physical health condition or diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Montana Code, Section 30-14-2801 et seq.
Title: Nebraska Data Privacy Act Enactment Date: April 17, 2024 (effective Jan. 1, 2025) Summary: Regulates processing of "sensitive data," including "mental or physical health diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Nebraska Code, Section 87-1101 et seq.
Title: New Hampshire Privacy Act Enactment Date: March 6, 2024 (effective Jan. 1, 2025) Summary: Regulates processing of "sensitive data," including data revealing "mental or physical health condition or diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. The are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: NH RSA 507-H:1 et seq.
Title: New Jersey Data Privacy Law Enactment Date: Jan. 16, 2024 (effective Jan. 15, 2025) Summary: Regulates processing of "sensitive data," including data revealing "mental or physical health condition, treatment, or diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: N.J. Stat. § 56:8-166.4 et seq.
Title: Oregon Consumer Data Privacy Act Enactment Date: July 18, 2023 (effective July 1, 2024 for for-profit entities and July 1, 2025 for non-profits (i.e., 501(c)(3)) Summary: Regulates processing of "sensitive data," including data revealing "mental or physical condition or diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" regulated under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: ORS 646A.570 et seq.
Oregon
Title: Rhode Island Data Transparency and Privacy Protection Act Enactment Date: June 28, 2024 (effective Jan. 1, 2026) Summary: Regulates processing of "sensitive data," including data revealing "mental or physical health condition or diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" regulated under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: RI. Gen Laws section 6-48.1-1 et seq.
Title: Tennessee Information Protection Act Enactment Date: May 11, 2023 (effective July 1, 2025) Summary: Regulates processing of "sensitive data," including data revealing health "mental or physical health diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Tenn. Code section 47-18-3301 et seq.
Title: Texas Data Privacy and Security Act Enactment Date: June 18, 2023 (effective July 1, 2024) Summary: Regulates processing of "sensitive data," including data revealing "mental or physical health diagnoses," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services. There are numerous exceptions and exemptions, including for businesses that are "covered entities" or protected health information under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Texas Code, Title 11, section 541.0001 et seq. Title: Texas Responsible Artificial Intelligence Governance Act (TRAIGA) Enactment Date: June 22, 2025 (effective Jan. 1, 2026) Summary: The Texas Responsible Artificial Intelligence Governance Act sets standards for the use of artificial intelligence (AI) systems across the state. In healthcare settings, TRAIGA requires providers to disclose when AI is used in delivering services or treatment, ensuring patients are informed before or at the time of interaction, except in the case of emergencies, in which case the provider shall provide the required disclosure as soon as reasonably possible. TRAIGA also sets standards for the deployment of AI to identify a specific individuals using biometric data, but limits the applicability of these provisions to government agencies. The law also prohibits the use of AI with the specific intent to discriminate against protected classes of individuals; however, TRAIGA states that a “disparate impact” is not sufficient by itself to demonstrate an intent to discriminate. HK Insights: Texas Enacts Comprehensive AI Governance Laws with Sector-Specific Healthcare Provisions (June 27, 2025)
Title: Utah Consumer Privacy Act Enactment Date: March 24, 2022 (effective Dec. 31, 2023) Summary: Regulates processing of "sensitive data," including data revealing "information regarding an individual’s medical history, mental or physical health condition, or medical treatment or diagnosis by a health care professional," as well as biometric data and genetic data. There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Title: House Bill 452 Enactment Date: March 25, 2025 (effective May 7, 2025) Summary: The law restricts suppliers of mental health chatbots from sharing or selling to any third party the individually identifiable health information or user input of Utah users. The restriction does not apply to individually identifiably information that is requested by a health care provider or health plan with user consent. The law separately requires suppliers of mental health chatbots to disclose to Utah users upfront that the chatbot is an artificial intelligence (AI) technology. Code Citation: Utah Code 13-72a-101 et seq.
Utah
Title: Virginia Consumer Data Protection Act Enactment Date: March 2, 2021 (effective Jan. 1, 2023) Summary: Regulates processing of "sensitive data," including "mental or physical health diagnosis," biometric data and genetic data. Also regulates the use of automated processing where such produces legal or similarly significant effects concerning a consumer, including provision or denial of healthcare services . There are numerous exceptions and exemptions, including for businesses that are "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Code of Virginia § 59.175 et seq.
Title: Washington My Health My Data Act Enactment Date: April 27, 2023 (effective in part July 23, 2023, and fully March 31, 2024) Summary: Requires collection of consent for processing "consumer health data," unless the processing is necessary to provide a specific service requested by the consumer. Additional separate consents are required for certain disclosures, including sales, of consumer health data. The law does not apply to "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA).
Title: SB 270 - Security and Privacy of Consumer Health Data Enactment Date: June 16, 2023 (effective March 31, 2024) Summary: Requires "regulated entities" to collect consent before processing "consumer health data," unless the processing is necessary to provide a specific service requested by the consumer. Additional separate consents required for certain disclosures, including sales, of consumer health data. Regulated entities must also develop and post a privacy policy for consumer health data. There are numerous exceptions and exemptions, including for any person or entity that is subject to the Health Insurance Portability and Accountability Act (HIPAA). Code Citation: Nev. Rev. Stat. 603A.400. Title: Assembly Bill 406 Enactment Date: June 6, 2025 Summary: Prohibits an artificial intelligence provider from offering or marketing artificial intelligence (AI) systems to persons in the State of Nevada which system provides services that constitutes the practice of professional mental or behavioral health care. Licensed mental and behavioral health professionals may use AI only for administrative or support functions, including scheduling appointments, billing, maintaining records, and similar non-clinical tasks. Establishes civil penalties for up to $15,000 per violation. Additionally, the law prohibits public schools from using AI to perform the duties of school counselors, psychologists, or social workers related to student mental health and requires the Department of Education to adopt policies governing AI use in these roles. Code Citation: N.R.S. AB 406 § 7
Title: An Act to Ensure Transparency in Consumer Transactions Involving Artificial Intelligence Enactment Date: June 12, 2025 Summary: Requires deployers of AI chatbots to notify consumers in a "clear and conspicuous manner" that the consumer is engaging with artificial intelligence technology, and is not engaging with a human being. The law impacts the manner in which mental health chatbots, for example, can be deployed in Maine. Failure to provide the required disclosure constitutes a violation of the Maine Unfair Trade Practices Act. Code Citation: 10 MRSA, ch. 239
Maine
Title: NY SB 3008 Enactment Date: May 9, 2025 (Effective Nov. 5, 2025) Summary: Prohibits any person or entity from operating or providing an artificial intelligence (AI) companion to a user in New York unless the system includes a protocol to detect and respond to suicidal ideation or expressions of self-harm. Protocols must identify such expressions and refer users to crisis services, including suicide prevention hotlines. The law applies to AI companions designed to simulate sustained human-like relationships, excluding systems used solely for customer service or internal business functions. Operators must also provide a clear and conspicuous notice (verbal or written) at the start of each interaction, and at least every three hours during continuous use, informing users they are interacting with an AI, not a human. Violations may result in civil penalties of up to $15,000 per day, enforceable by the state attorney general, with funds directed to a suicide prevention fund. Code Citation: N.Y. Gen. Bus. Law §§ 1700 et seq.
Title: California SB 53 (Transparency in Frontier Artificial Intelligence Act) Enactment Date: Date: Sept. 29, 2025 Summary: Regulates both “frontier developers” and “large frontier developers” of foundational models, which are defined as artificial intelligence ("AI") systems trained on broad datasets, designed for general outputs, and capable of performing a wide range of tasks. Developers subject to the bill must have annual gross revenues exceeding $500 million. Requires large frontier developers to publish and annually update a framework on their website detailing how they incorporate national standards, international standards, and industry best practices into their frontier AI development. This framework must also address how large frontier developers assess, mitigate, and manage catastrophic risks (exceeding $1 billion). Frontier developers must publish transparency reports outlining the intended uses of their models. Requires developers to proactively identify and report critical safety incidents to California’s Office of Emergency Services and establishes a mechanism for members of the public to report critical safety incidents. Includes whistleblower protections to ensure employees can safely report concerns about AI systems that may threaten public health or safety, and establishes civil penalties of up to $1,000,000 per violation. Code Citation: Cal. Bus. & Prof. Code, ch. 25.1 « Back
Title: SB 243 Enactment Date: October 13, 2025 (Effective July 1, 2027) Summary: Establishes regulations for “companion chatbot” platforms that use artificial intelligence (AI) to simulate human-like interactions. The law requires operators to clearly disclose when users are interacting with AI, particularly if the chatbot could be mistaken for a human. Further, the law mandates safeguards for minors, including periodic reminders and restrictions on sexually explicit content. Operators must implement and publish protocols to detect and respond to suicidal ideation, including referrals to crisis services, and report annually to the Office of Suicide Prevention. The law also provides a private right of action for individuals harmed by violations, including injunctive relief, damages of up to $1,000 per violation, and reasonable attorney’s fees and costs. Excepted from the law are bots utilized only for customer service, technical assistance, or a business’ operational purposes. Code Citation: Cal. Bus. & Prof. Code §§ 22601 - 22606 Title: AB 489 Enactment Date: October 11, 2025 Summary: Prohibits developers and deployers of AI systems (including generative AI technologies) that provide healthcare advice, reports, or assessments from advertising or otherwise representing that such services are provided by licensed medical professionals. Prohibited practices include utilizing any abbreviations, letters, terms, or phrases reserved for licensed HCPs (e.g., MD) to promote the AI technology. Code Citation: Cal. Bus. & Prof. Code, ch. 15.5 « Back
Read more »
Title: AB 3030 Enactment Date: Sept. 28, 2024 Summary: Requires healthcare providers to disclose to patients when artificial intelligence (AI) is used in patient communications relating to clinical care unless the communication is reviewed and read by a healthcare provider. Code Citation: Cal. Health & Saf. Code § 1339.75. HK Insight: Regulation of AI in Healthcare Utilization Management and Prior Authorization Increases (Oct. 31, 2024) Title: AB 489 Enactment Date: October 11, 2025 Summary: Prohibits developers and deployers of AI systems (including generative AI technologies) that provide healthcare advice, reports, or assessments from advertising or otherwise representing that such services are provided by licensed medical professionals. Prohibited practices include utilizing any abbreviations, letters, terms, or phrases reserved for licensed HCPs (e.g., MD) to promote the AI technology. Code Citation: Cal. Bus. & Prof. Code, ch. 15.5
Title: House Bill 203 Enactment Date: May 2, 2023 Summary: HB 203 permits licensed optometrist or ophthalmologist to use an "assessment mechanism," to conduct an eye assessment or generate a prescription for contact lenses or glasses subject to certain conditions. "Assessment mechanism" includes artificial intelligence (AI) devices and any automated equipment or tests that are used to conduct eye assessments. The provider may use the mechanism, provided 1) the data obtained from the assessment mechanism is not the sole basis for issuing the prescription, 2) the assessment mechanism alone is not used to generate an initial prescription or the first renewal of the initial prescription and 3) the assessment mechanism is used only where the patient has had a traditional eye examination in the past two years. Code Citation: O.C.G.A. 31-12-12
Title: House Bill 191 Enactment Date: March 30, 2018 Summary: Permits licensed optometrist or physician to use an "assessment mechanism," to conduct an eye assessment or generate a prescription for contact lenses or glasses subject to certain conditions. "Assessment mechanism" includes artificial intelligence (AI) devices and any automated equipment or tests that are used to conduct eye assessments. The provider may use the mechanism, provided 1) the data obtained from the assessment mechanism is not the sole basis for issuing the prescription, 2) the assessment mechanism alone is not used to generate an initial prescription or the first renewal of the initial prescription and 3) the assessment mechanism is used only where the patient has had a traditional eye examination in the past two years. Code Citation: KRS 367.680 et seq. Title: Kentucky Department for Medicaid Services, Telehealth Service Coverage and Reimbursement Enactment Date: June 2, 2022 Summary: As a condition of coverage, asynchronous telehealth services "must involve timely actual input and responses from the provider, and shall not be solely the result of reviewing an artificial intelligence messaging generated interaction with a recipient." Code Citation: 907 Ky. Admin. Regs. 3:170
Title: Mississippi Board of Medicine Regulations – Alternative Medicine Practices Enactment Date: Aug. 25, 2019 Summary: Mississippi Board of Medicine permits licensees to incorporate complementary and alternative medicine practices, which specifically includes utilization of artificial intelligence (AI), provided 1) the physician obtains informed consent from the patient and 2) the AI technology is beneficial to patient care and/or diagnosis. Licensees remain ultimately responsible for the decision-making process. Code Citation: 30 Code Miss. R. Pt. 2635, R. 13.1 et seq.
Title: North Carolina Medical Board Position Statement on Documentation, Electronic Health Records, Access and Retention Enactment Date: July 2018 (last amended November 2024) Summary: This position statement emphasizes the importance of accuracy in transcription of notes where medical records are generated with artificial intelligence (AI) or dictation software to ensure the medical record is complete for proper patient care. It includes that where AI is used, the licensee accepts responsibility to respond to the AI recommendations, such that the licensee must provide rationale in support of the recommendation. Conversely, the licensee should also be able to provide rationale in defense of deviating from the recommended suggested course of treatment as generally inconsistent with the applicable standard of care. Ultimately, the licensee bears the responsibility in relation to the use of its AI and must be prepared to offer independent medical insight into the standard of care. Title: North Carolina Medical Board, Position Statement on Telemedicine Enactment Date: July 2010 (amended March 2024) Summary: Provides that a licensee who incorporates artificial intelligence (AI) as part of telemedicine to treat a patient should understand the use of the AI tool and its limitation, including "the potential bias against populations that were not adequately represented in original testing of the tool."
Title: Consumer Protection in Eye Care Act Enactment Date: June 29, 2022 Summary: Permits licensed optometrist or ophthalmologist to use an "assessment mechanism," to conduct an eye assessment or generate a prescription for contact lenses or glasses subject to certain conditions. "Assessment mechanism" includes artificial intelligence (AI) devices and any automated equipment or tests that are used to conduct eye assessments. The provider may use the mechanism, provided 1) the data obtained from the assessment mechanism is not the sole basis for issuing the prescription, 2) the assessment mechanism alone is not used to generate an initial prescription or the first renewal of the initial prescription and 3) the assessment mechanism is used only where the patient has had a traditional eye examination in the past two years. Code Citation: R.I. General Laws, Title 23, ch. 97.
Title: Artificial Intelligence in Electronic Health Record (SB 1188) Enactment Date: June 20, 2025 (effective Sept. 1, 2025) Summary: The law establishes new requirements for electronic health record (EHR) systems used by healthcare providers in Texas, including provisions specific to the use of artificial intelligence (AI) in healthcare. Notably, the law permits healthcare practitioners to use AI for diagnostic purposes, including the use of AI for recommendations on a diagnosis or course of treatment based on the patient’s medical record, provided: 1) the provider is acting within the scope of their license, 2) the use of AI is not otherwise prohibited by law, and 3) the provider reviews all AI-generated records in accordance with standards set by the Texas Medical Board. Practitioners must also disclose their use of AI to their patients. Code Citation: Tex. Health & Safety Code § 183.005 HK Insights: Texas Enacts Comprehensive AI Governance Laws with Sector-Specific Healthcare Provisions (June 27, 2025)
Title: Artificial Intelligence (AI) Policy Act Enactment Date: March 13, 2024 (as amended by AI Consumer Protection Amendments, adopted March 27, 2025) Effective Date: May 7, 2025 Summary: Requires certain regulated occupations, including multiple healthcare professions (e.g., physicians, dentists, nurses and pharmacists) to clearly and conspicuously disclose use of generative AI (GenAI) technologies before end users interact with a "high risk artificial intelligence interaction." This includes interaction with GenAI that involves the collection of health data or biometric data, or personalized advice regarding the provision of medical/mental health advice or services. Code Citation: Utah Code 13-2-12. Title: House Bill 452 Enactment Date: March 25, 2025 Effective Date: May 7, 2025 Summary: The law restricts suppliers of mental health chatbots from sharing or selling to any third party the individually identifiable health information or the user input of Utah users. The restriction does not apply to individually identifiably information that is requested by a healthcare provider or health plan with user consent. The law separately requires suppliers of mental health chatbots to disclose to Utah users upfront that the chatbot is an AI technology. Code Citation: Utah Code 13-72a-101 et seq.
Title: HB 2154 Enactment Date: March 18, 2021 Summary: Requires hospitals, nursing homes and certified nursing facilities to ensure patient access to an "intelligent personal assistant" when a patient receives inpatient services. An intelligent personal assistant is defined to be "a combination of an electronic device and a specialized software application designed to assist users with basic tasks using a combination of natural language processing and artificial intelligence, including digital and virtual assistants." Code Citation: Code of Virginia § 32.1-127
Title: Position Statement on Ethical Use of Artificial Intelligence Enactment Date: Jan. 24, 2024 Summary: Adopts the American Nurses Association Position Statement on the Ethical Use of Artificial Intelligence in Nursing Practice. Nurses are permitted to use artificial intelligence (AI) to assist in clinical practice; however AI "does not replace a nurse's decision-making, judgment, critical thinking, or assessment skills." Nurses must ensure "the appropriate use of AI to optimize the health and well-being of those in their care."
South Carolina
Title: New Mexico Medical Board, Artificial Intelligence Policy Enactment Date: Nov. 8, 2024 Summary: Permits licensees to utilize artificial intelligence (AI) "as a decision-support tool that assists, but does not replace, clinical reasoning and discretion." Per the policy, "once a practitioner chooses to use AI, they accept responsibility for responding appropriately to the AI’s recommendations." Licensees are required to "maintain transparency with patients about the use of AI in the health care they provide."
New Mexico
Title: Texas Board of Nursing Position Statement 15.31 Artificial Intelligence (AI) in Nursing Enactment Date: January 2024 Summary: In Position Statement 15.31, the Texas Board of Nursing sets forth parameters to guide the responsible use of AI in the practice of nursing. Nurses remain accountable for patient care and must prioritize maintaining nursing standards and compliance with Board rules when considering the integration of AI into their practice, ensuring that AI is used safely and ethically without replacing their professional judgment. Source: Practice - Texas Board of Nursing Position Statements Title: Texas Responsible Artificial Intelligence Governance Act (TRAIGA) Enactment Date: June 22, 2025 (effective Jan. 1, 2026) Summary: The Texas Responsible Artificial Intelligence Governance Act sets standards for the use of artificial intelligence (AI) systems across the state. In healthcare settings, TRAIGA requires providers to disclose when AI is used in delivering services or treatment, ensuring patients are informed before or at the time of interaction, except in the case of emergencies, in which case the provider shall provide the required disclosure as soon as reasonably possible. TRAIGA also sets standards for the deployment of AI to identify a specific individuals using biometric data, but limits the applicability of these provisions to government agencies. The law also prohibits the use of AI with the specific intent to discriminate against protected classes of individuals; however, TRAIGA states that a “disparate impact” is not sufficient by itself to demonstrate an intent to discriminate.
Read More »
« Back
Title: Use of Nursing Titles by Nonhuman Entities (HB 2748) Enactment Date: June 24, 2025 Summary: Prohibits nonhuman entities, including an "agent powered by artificial intelligence," from using protected nursing titles in Oregon. The law specifically prohibits the use of the following titles and abbreviations: Advanced Practice Registered Nurse (APRN), Certified Registered Nurse Anesthetist (CRNA), Clinical Nurse Specialist (CNS), Licensed Practical Nurse (LPN), Registered Nurse (RN), Nurse Practitioner (NP), Certified Medication Aide (CMA) and Certified Nursing Assistant (CNA). Code Citation: Or. Rev. Stat. § 678.__ (to be codified)
Title: HB1806 - Wellness and Oversight for Psychological Resources Act Enactment Date: August 1, 2025 Summary: Permits licensed professionals to utilize AI to assist in providing administrative support (e.g., appointment scheduling, billing) or supplemental support in therapy or psychotherapy services, provided the licensed professional: (1) maintains full responsibility for all interactions, outputs, and data use associated with the system, and (2) where the therapy session is recorded or transcribed, the patient provides a revocable, written consent to the use of the AI system. The Act further prohibits licensed professionals from utilizing AI to make independent therapeutic decisions, directly interact with clients in any form of therapeutic communication, generate treatment plans without review and approval by the licensed professional, or detect emotions or mental states. Violations of the act include civil penalties up to $10,000 per violation. Code Citation: To be codified HK Insight: New Illinois Law Restricts Use of AI in Mental Health Therapy (Aug. 26, 2025)
Title: Assembly Bill 406 Enactment Date: June 6, 2025 Summary: Prohibits an artificial intelligence provider from offering or marketing artificial intelligence (AI) systems to persons in the State of Nevada which system provides services that constitutes the practice of professional mental or behavioral health care. Licensed mental and behavioral health professionals may use AI only for administrative or support functions, including scheduling appointments, billing, maintaining records, and similar non-clinical tasks. Establishes civil penalties for up to $15,000 per violation. Additionally, the law prohibits public schools from using AI to perform the duties of school counselors, psychologists, or social workers related to student mental health and requires the Department of Education to adopt policies governing AI use in these roles. Code Citation: N.R.S. AB 406 § 7
