Artificial intelligence tools hold breathtaking potential in the healthcare ecosystem.
In just a few short years, AI has already greatly expedited functions such as coding, utilization management, and reimbursement determinations that were previously executed manually.
For overworked healthcare providers worldwide, the next-generation technology has been a godsend in reducing their administrative workload—transcription tools that convert speech to text and generate draft notes have proven to be particularly facilitative—and allowing more time for actual patient care. For good measure, such AI-powered administrative tools oftentimes bolster documentation accuracy within the realm of medical recordkeeping.
But as AI technology becomes more ingrained in the fabric of everyday care delivery and healthcare administration by underpinning coverage decisions, medical necessity reviews, and claims accuracy determinations, healthcare organizations need to brace for heightened regulatory oversight and enforcement of their various AI uses—both at the state and perhaps even federal level.
In doing so, such institutions will need to ensure that AI-fueled payment decisions are justifiable under both public and private healthcare payer roles. Meanwhile, the rampant use of AI in the healthcare arena has ushered in a wave of thorny legal issues, according to the National Law Review, including privacy exposure, storage and review costs, record-integrity concerns, and billing risk.
What is required to address these concerns is a “human-in-the-loop” methodology, in which living and breathing people are actually somewhat involved in the AI workflow to safeguard accuracy and make ethical decisions.
The current AI legislation patchwork
One of the most glaring drawbacks to AI’s meteoric evolution is that legal frameworks have not been able to adapt quickly enough to properly govern the technology.
While there may not be an all-encompassing federal AI legislation framework in the United States, healthcare companies deploying AI tools for the aforementioned functions still face significant risk within an enforcement environment remaining largely convoluted and disjointed.
In fact, regulatory and litigation activity is escalating in many areas. For example, the Department of Justice (DOJ) has appeared inclined to apply tenets of the False Claims Act (FCA) towards adjudicating the deployment of AI tools in healthcare reimbursement activity, according to a Morgan Lewis blog post.
Some state legislatures are scrambling to pass AI enforcement laws grounded in consumer protection, antitrust, and false claims statutes.
Two large states, Texas and California, recently imposed healthcare-focused regulations that restrict the use of AI in medical necessity determinations and mandate significant human oversight in clinical decision-making processes, according to another blog post by Morgan Lewis.
Several states have established notice and consent requirements for recording communications, while others are tackling the deployment of AI in healthcare interactions more directly. Several states have mandated that licensed professionals supply notice of the recording and obtain both verbal (on the recording) as well as written consent prior to utilizing AI tools to record conversations, according to the National Law Review.
Furthermore, with no overarching nationwide AI legislation in place, some federal agencies are pivoting towards current statutes to police AI activity on the healthcare front, according to a Holland & Knight blog post.
AI tools impacting coverage determinations and clinical decisions
When claim determinations are automated and human judgment is muted—or in some cases, completely absent—organizations may open themselves up to a series of liability issues, as state regulators and perhaps even attorneys general will want to closely scrutinize whether AI tools embed improper financial incentives, produce systemic upcoding or denials, or obscure clinical responsibility.
One of the most glaring examples would be AI-generated transcriptions that fail to accurately and thoroughly record conversations, leading to incorrect coding, billing, and utilization review. In the event that AI-produced language is included in a patient’s medical record, without appropriate human review and ultimately undergirds an inaccurate claim, overpayment issues could very well ensue, according to the National Law Review.
Bracing for heightened enforcement around AI use in healthcare
Regulatory enforcement surrounding the AI healthcare landscape may be in its nascent stages, but with AI tools becoming increasingly more integrated in healthcare operations, it is naturally expected to amplify in the balance of the decade.
More specifically, the Centers for Medicare & Medicaid Services (CMS), Health and Human Services (HHS) Office of Inspector General, and the Department of Justice are projected to implement longstanding fraud and abuse laws in their oversight efforts, according to Healthcare IT News.
Jeff Wurzburg, healthcare partner at Norton Rose Fulbright, a prominent global law firm, recently told Healthcare IT News, “The use of AI does not shift liability away from providers or health plans submitting claims to federal healthcare programs. To the contrary, large‑scale automation raises the risk of systemic errors, such as embedded upcoding, inappropriate denials or algorithmic bias toward revenue optimization—all of which are fertile ground for False Claims Act scrutiny by DOJ and oversight by CMS and the HHS‑OIG.”
Moreover, as AI becomes incrementally more embedded in clinical and operational work, health systems may encounter greater HIPAA-related risk from opaque data use, unauthorized release of Protected Health Information (PHI), and a disconnect between AI vendor practices and well-established privacy and security requirements.
Important considerations for healthcare organizations using AI
For healthcare organizations trying to drive forward innovation by developing new methods for deploying AI, it may be prudent to consider the following compliance measures:
- Bolster oversight measures: Consider initiating an AI governance committee that incorporates legal, technology, and business stakeholders. Also, for AI-powered claim review processes, it may be worthwhile to conduct bias and fairness audits while subsequently making records of the results.
- In-house counsel responsibilities: In conjunction with an AI governance committee, the in-house counsel should also view AI activity as an important legal and compliance matter. In other words, AI is not merely within the domain of technology and business, and an organization’s in-house counsel needs to bear in mind that AI tools can factor into litigation down the road. Also, it would be prudent for in-house counsel to make sure that Business Associate Agreements (BAAs) clearly delineate breach notification procedures among other compliance matters.
- Stay current on regulatory developments: It’s critical to remember that at both the state and federal levels, the AI regulatory landscape remains very fluid. There is constant change, and for companies with a national reach, there’s the added pressure of monitoring evolving state-level regulations while also staying up to date on both federal agency enforcement activity and executive actions.
- Clearly articulate disclosures: Given the current environment, many courts and regulators are now expecting greater transparency into automated decision-making via AI technology. Particularly regarding AI-generated claim review decisions, public disclosures about AI activity should be in concert with actual system capabilities.
David Ostrowsky serves as the Manager of Corporate Communications for The Phia Group, a healthcare cost containment company headquartered in Canton, Massachusetts. He has previously written for The Self-Insurer, Compliance Today, and DC Journal, as well as other healthcare publications.
