From algorithms to bedside: Navigating the intersection of AI, healthcare, and emerging policy

BY Bradley Byars, J.D., M.H.A., LL.M. and Michael R. Alexander, J.D., Brown & Fortunato, P.C.

 

A patient checks her phone on a chilly January morning for lab results. She notices a note labeled: “This communication was generated by an artificial intelligence tool. She wonders: “Who, or what, is advising me?” This reaction captures a microcosm of the modern healthcare experience—where advanced algorithms increasingly shape patient interactions, while policymakers race to ensure these tools serve the public good. And, with a medley of federal guidance from HHS, CMS, the FDA, and various states, the legal landscape is changing as fast as the technology itself.

The call for a comprehensive but balanced governance framework is apparent. Healthcare practitioners must reconcile algorithmic efficiency with the sacrosanct promise of patient welfare and comply with emerging mandates on coverage decisions, data privacy, and professional liability. Yet these new tools promise better diagnostics, streamlined administrative tasks, and expanded access to care. So, how is the legal framework shaping AI’s use in medicine, and what are the key considerations healthcare management teams and policymakers need to consider to appropriately harness AI’s strengths?

 

The Evolving Regulatory Landscape

In April 2024, HHS released a strategic plan promoting responsible AI use in public benefit programs focusing on forging ethical guardrails for automated decision-making and fostering transparency in how AI influences patient care. Simultaneously, HHS published a “Trustworthy AI Playbook,” charting best practices for adopting AI solutions safely. CMS has focused on AI used by Medicare Advantage Organizations and Part D sponsors, requiring that automated tools only reference approved clinical evidence when determining medical necessity.

 

For many years, states allowed federal bodies to set the pace. That is changing. California’s AB 3030, effective January 1, 2025, stands as a bellwether. AB 3030 mandates disclaimers when generative AI is used in clinical communications and requires contact details for patients to reach a licensed human provider. Utah, Colorado, Georgia, Illinois, and Massachusetts have similarly introduced or passed legislation restricting AI’s role in healthcare.

 

Further, other industry participants, such as the Federation of State Medical Boards (FSMB) and the American Medical Association (AMA) have released guidance focused on the integration and use of AI in the provision of healthcare services.

 

Legal and Practical Concerns for Healthcare Administrators

In this evolving landscape, healthcare management teams must navigate several pivotal concerns:

• Providers remain the ultimate stewards of patient welfare and owe a duty of care that cannot be delegated to a machine. If an AI tool misdiagnoses a patient, the physician who relied on that tool may face malpractice claims. Healthcare managers must ensure robust staff training, consistent use of disclaimers, and well-documented peer reviews before and after AI deployment.

 

• AI systems thrive on data. Yet the more personal health information they ingest, the more providers must tighten compliance with HIPAA, the HITECH Act, and analogous state privacy laws. Healthcare leaders should partner with technology vendors that can demonstrate a secure infrastructure, adopt privacy-by-design principles, and maintain reliable audit trails. Patient consent forms may require new language to capture the evolving data flows inherent in AI training and inference.

 

• AB 3030 highlights a growing legislative push to guarantee patients know when they communicate with an AI system. Whether disclaimers instill confidence or stoke fears depends on patient demographics, the complexity of the medical matter, and the clarity of disclaimers. Also, in high-stakes or invasive treatment decisions, best practices should emphasize human oversight and two-way discussions that surpass mere disclaimers.

 

• AI also transforms billing by suggesting ICD-10 codes and speeding up E/M coding procedures. In doing so, it introduces new compliance pitfalls under CMS rules and the False Claims Act. Administrators are wise to establish internal compliance checks and disclaimers, clarifying that final coding determinations rest with a qualified human reviewer.

 

Considerations for Healthcare Organizations

To balance innovation with safety, administrators should concentrate on five strategic areas:

 

1. Establish a Governing Body. An AI Oversight Committee—a cross-functional team of clinicians, IT specialists, compliance officers, and patient advocates—can review and approve AI deployments. This committee sets performance benchmarks, monitors vendor relationships, and conducts post-implementation audits.
2. Implement Risk-Stratified Approaches. AI is not a monolith. Tools vary from rudimentary chatbots handling appointment reminders to advanced predictive models that guide oncology treatments. Management should assess each AI tool by risk category, adopting more stringent reviews and disclaimers for high-risk clinical uses while permitting simpler approvals for administrative tasks.
3. Create Transparent Policies and Communication Plans. Public-facing disclaimers (especially in states like California) should be succinct yet informative, reminding patients that “This communication was generated by an artificial intelligence system, with oversight from licensed professionals. If you have questions, contact us at [phone/email].”
4. Require Human Oversight for Clinical Decisions. Emphasize that AI augments physician decision-making rather than supplants it. Encourage providers to verify AI suggestions against clinical judgment. AI tools should not finalize or deny treatment unless a licensed physician concurs.
5. Continuously Audit and Update. AI models degrade over time or become outdated as medical evidence evolves. Management teams should require periodic revalidation to confirm the algorithm’s accuracy. When an AI system demonstrates bias or errors, swift remediation is essential.

 

By adopting policies that (i) require disclaimers when AI crafts patient communications, (ii) maintain robust human oversight for clinical decisions, (iii) safeguard data privacy, (iv) ensure compliance with federal and state billing regulations, and (v) foster transparency, healthcare management teams and legal advisors can tap into AI’s many benefits without forfeiting the values at the heart of medicine. When properly governed, AI can serve as a boon rather than a burden, illuminating paths to better and more equitable care.