In recent years, federal and state governments have made more rules about using AI in healthcare. The Centers for Medicare & Medicaid Services (CMS) created new rules for AI in utilization management and prior authorization. For 2024, Medicare requires that medical necessity decisions look at each patient’s situation. These decisions cannot be based only on AI algorithms. They must include human clinical judgment and follow HIPAA privacy rules.
The CMS Interoperability and Prior Authorization final rule will start on January 1, 2027. It requires payers to use a Prior Authorization API to make decisions faster—72 hours for urgent requests and seven days for standard ones. AI can help meet these deadlines, but doctors still need to be involved.
States also have important laws about AI in healthcare. Colorado’s law says high-risk AI systems must have impact assessments. It also requires that patients be told if AI helped make decisions. California’s rules ask for patient consent before using AI and human reviewers for medical necessity decisions. Illinois and New York have similar laws to make sure AI uses fair, evidence-based methods.
Healthcare administrators and IT managers must follow these rules carefully. They have to make sure AI systems meet both federal and state standards. This helps avoid legal problems and keeps patient trust.
Testing AI systems before and after they are used is very important. This helps find and fix bias and mistakes that can harm patients or break rules. Here are some key steps:
Use Representative Datasets
AI learns from the data it receives. If the data does not represent all patients, the AI may become biased. For example, if AI is trained with data from mostly one group of people, it might not work well for others. This can lead to wrong denials of care.
To avoid this, testing must use data that shows all kinds of patients, health conditions, and care settings. This helps reduce biases from unbalanced training data.
Conduct Side-by-Side Comparisons
Before using AI fully, compare its decisions with those of human clinical reviewers. This helps find differences, understand AI limits, and adjust AI decision rules. It also follows CMS rules that medical decisions cannot rely only on automation.
Evaluate Algorithmic Transparency
Testing should check if AI decisions can be explained. Medical staff must understand how the AI reached its conclusions. This helps verify fairness and correctness and find errors or bias in AI.
Test for Compliance with Regulations
Make sure AI tools follow federal and state laws, including HIPAA privacy, patient consent, and rights to appeal AI-driven denials. Not following these rules can cause legal trouble and hurt reputation.
After deploying AI, organizations must keep checking its performance. AI is not a tool you can just set and forget. It needs ongoing review to stay accurate and fair.
Performance Audits and Quality Checks
Regular audits should check how AI performs. Look at accuracy of medical necessity decisions, how fast responses are, and if patients or providers complain. Compare automated results with real clinical outcomes and peer reviews.
Data Updates and Retraining
AI needs new data regularly to avoid bias from old information. Changes in medical guidelines, diseases, or patient groups can make AI less accurate over time. Updating data helps AI stay current.
Managing Feedback Loops
Sometimes clinicians change how they work based on AI advice. This can accidentally cause AI errors to grow. Watch how users interact with AI and update AI as needed.
Transparency in Monitoring Activities
Keeping records of monitoring helps show others, like patients and regulators, that the AI is being watched and adjusted for fairness.
Transparency helps build trust in healthcare AI. Patients and doctors must know when AI affects decisions, especially about medical necessity or prior authorization.
Disclosure of AI Involvement
Some states, like Colorado and California, require telling patients if AI helped make decisions. This should explain AI’s role and how much it influenced the decision.
Explainable AI Reports
Healthcare leaders should make sure AI can explain its decisions to doctors and patients. This helps users understand and question wrong or unfair results.
Appeal Rights for AI-Generated Decisions
Patients must be able to appeal decisions that involve AI. CMS and state laws require accessible appeal processes with human review to ensure fairness.
Collaborative Governance
Including different groups—doctors, patients, IT staff, and legal experts—in the oversight of AI helps maintain transparency and ethical use.
Using AI in healthcare means following rules and also being fair and responsible with patient data and decisions.
Fairness and Bias Mitigation
AI bias can come from poor data or methods. Healthcare leaders must use balanced data, fair algorithms, and continuous checks to reduce discrimination.
Privacy Safeguards
Since AI uses sensitive patient data, it must meet privacy laws like HIPAA and protect data from unauthorized access.
Accountability Structures
Clear roles should exist to manage AI ethics. These include data managers, ethics officers, and compliance teams.
Maintaining Safety and Security
AI systems should be tested to prevent security risks that could hurt patient care or data safety.
AI can help reduce work in healthcare offices. It can improve how staff schedule appointments, send reminders, handle billing, and answer calls.
Front-Office Phone Automation
AI phone systems can manage patient calls, answer basic questions, gather info for prior authorizations, and guide patients through processes. This lets staff focus on other tasks.
Integration with Prior Authorization APIs
By 2027, CMS requires Prior Authorization APIs. AI can connect with payer systems to speed up approvals while doctors review complex cases.
Reducing Human Error
Automated workflows lower mistakes from manual data entry or communication. But AI must be regularly checked for errors and bias to stay accurate.
Enhancing Patient Experience
Automation gives patients timely updates and clear information about AI use. It also provides ways to appeal or ask questions, which is important as laws require patient consent and disclosure.
Healthcare rules about AI are complicated and keep changing. Practices must follow federal CMS rules and state laws about consent, transparency, assessments, and appeals.
Working with legal experts and AI vendors who understand these rules is very important. Training staff about AI ethics and compliance makes sure everyone knows their role.
Healthcare leaders should keep detailed records of audits, impact reviews, and fixes made to AI systems. This helps meet regulatory standards.
Teams of providers, IT staff, AI developers, regulators, and patients should work together to handle ethical and regulatory challenges of AI. Sharing knowledge and feedback helps fix bias, improve explanations, and build patient trust.
Some groups, like Holland & Knight’s Healthcare & Life Sciences Team, focus on working with regulators and clinicians during AI design and use. This helps make AI fit real medical needs and follow new laws.
Artificial intelligence has a strong role in making healthcare work better and making decisions easier. But medical administrators, owners, and IT managers must test, watch, and be clear about AI use. Staying up to date on rules, having good management, and being open with patients helps healthcare use AI the right way. This protects patients and keeps trust strong.
The Medicare Program; Contract Year 2024 Policy and Technical Changes to the Medicare Advantage Program final rule issued by CMS mandates that Medicare Advantage organizations ensure medical necessity determinations consider the specific individual’s circumstances and comply with HIPAA. AI can assist but cannot solely determine medical necessity, ensuring fairness and mechanisms to contest AI decisions.
Effective by January 1, 2027, this rule requires payers to implement a Prior Authorization Application Programming Interface (API) to streamline the PA process. Decisions must be sent within 72 hours for urgent requests and seven days for standard requests. AI may be deployed to comply with timing but providers must remain involved in decision-making.
Signed on October 30, 2023, it mandates HHS to develop policies and regulatory actions for AI use in healthcare, including predictive and generative AI in healthcare delivery, financing, and patient experience. It also calls for AI assurance policies to enable evaluation and oversight of AI healthcare tools.
Examples include Colorado’s 2023 act requiring impact assessments and anti-discrimination measures for AI systems used in healthcare decisions; California’s AB 3030 requiring patient consent for AI use and Senate Bill 1120 mandating human review of UM decisions; Illinois’ H2472 requiring clinical peer review of adverse determinations and evidence-based criteria; and pending New York legislation requiring insurance disclosures and algorithm certification.
Plans must navigate varying state and federal regulations, ensure AI systems do not result in discrimination, guarantee that clinical reviewers oversee adverse decisions, maintain transparency about AI use, and implement mechanisms for reviewing and contesting AI-generated determinations to remain compliant across jurisdictions.
Regulations emphasize that qualified human clinical reviewers must oversee and validate adverse decisions related to medical necessity to prevent sole reliance on AI algorithms, assuring fairness, accuracy, and compliance with legal standards in UM/PA processes.
AI systems must be tested on representative datasets to avoid bias and inaccuracies, with side-by-side comparisons to clinical reviewer decisions. After deployment, continuous monitoring of decision accuracy, timeliness, patient/provider complaints, and effectiveness is critical to detect and correct weaknesses.
Insurers and healthcare providers should disclose AI involvement in decisions to patients and providers, including how AI contributed to decisions, ensuring individuals are informed and entitled to appeal AI-generated determinations, promoting trust and accountability.
Engagement with regulators, healthcare providers, patient groups, and technology experts helps navigate regulatory complexities, develop ethical best practices, and foster trust, ensuring AI in UM/PA improves decision quality while adhering to evolving standards and patient rights.
Continuous review of regulatory changes, internal quality assurance, periodic audits for algorithm performance, adherence to clinical guidelines, and responsiveness to complaints are necessary to ensure AI systems remain compliant, fair, and effective in prior authorization and utilization management.