Understanding New AI Regulations for Healthcare Utilization Review and Compliance

Understanding New AI Regulations for Healthcare Utilization Review and Compliance

On September 28, California enacted SB 1120, amending the Health and Safety and Insurance Codes to regulate AI and algorithmic use in health care utilization review processes. According to an article by the Fenwick firm, this law impacts health plans, disability insurers, and associated vendors and mandates compliance with fairness, transparency, and non-discrimination standards.

Here are some key provisions that go into effect on January 1, 2025:

1. Individualized Decision-Making: AI tools used in utilization review must incorporate specific clinical data from each patient’s medical record rather than relying solely on generalized datasets. This ensures decisions are tailored to individual clinical needs, preventing reliance on aggregated data alone.
2. Human Oversight: Licensed professionals must make final determinations on medical necessity. AI cannot independently approve, delay, or deny care, preserving professional judgment in healthcare decisions and preventing potential harm to patients.
3. Transparency: Health plans must disclose AI usage policies, compliance records, and review processes to regulators, providers, and enrollees upon request, ensuring clarity on AI’s role in utilization management.
4. Non-Discrimination: AI systems must operate without bias, adhering to anti-discrimination laws to protect enrollees from unfair treatment based on race, gender, or other protected characteristics.
5. Audits and Compliance: AI tools used by health plans will undergo regular audits by the California Department of Managed Health Care (DMHC) and Department of Insurance (DOI) to ensure adherence to legal standards, including patient data protection.

Health plans using AI in utilization management must evaluate their systems to comply with SB 1120, keeping transparency, individualized review, and human oversight central to decision-making. Compliance teams should prepare for audits and review disclosure policies, as further guidance from DMHC and DOI is expected.