Navigating the Intricate Maze of AI Regulations in Healthcare: Insights for Managing the Complicated Web of Rules
The regulatory landscape for Artificial Intelligence (AI) in healthcare in the United States is a complex tapestry, woven together by a combination of binding rules, enforcement actions, advisory opinions, and less formal guidance primarily from federal agencies such as the Department of Health and Human Services (HHS) and the Food and Drug Administration (FDA), supplemented by state laws.
1. Federal Regulatory Framework and Action Plans
In July 2025, the U.S. federal government under the Trump Administration released "America’s AI Action Plan," a comprehensive national strategy to promote safe, ethical AI innovation across sectors, including healthcare. The Plan emphasizes accelerating AI innovation, building AI infrastructure, and leading in international AI policy and security. It seeks to ensure patient safety and data privacy while promoting the adoption of AI technologies for improved clinical care and operational efficiency.
The AI Action Plan includes around 90 policy recommendations targeting stakeholder collaboration, regulatory clarity, data quality, privacy protections, and standards development related to AI in health and life sciences. It aligns federal agencies toward fostering innovation balanced with compliance and safety oversight.
2. FDA Oversight of AI Medical Devices
The FDA continues to serve as the primary regulator for AI-based medical devices under existing medical device regulations, classifying AI software as medical devices if they meet statutory definitions. This includes pre-market review, risk-based classification, and post-market surveillance.
The FDA has issued guidance documents outlining evidence expectations for AI/ML-based software used in clinical decision support, diagnostics, and treatment planning. The agency also employs enforcement discretion in some low-risk AI applications, encouraging transparency, human oversight, and continuous evaluation to promote safety without stifling innovation.
3. Department of Health and Human Services (HHS) Role
HHS agencies, including the Office for Civil Rights (OCR), oversee data privacy protections under HIPAA and related rules, crucial for AI systems processing patient data. HHS provides advisory guidance regarding ethical use of AI, data anonymization, patient consent, and prohibitions against discriminatory algorithms for federally funded programs.
HHS may issue informal advisories, best practices, and enforcement actions primarily focused on safeguarding patient rights and data security in AI deployments.
4. State-Level Legislation and Regulation
Intensive legislative activity has emerged at the state level. By mid-2025, 46 states have introduced over 250 AI-related bills addressing healthcare among other sectors. Examples include California’s Physicians Make Decisions Act requiring human oversight of AI-driven utilization decisions effective Jan 1, 2025, and Illinois’s Insurance-Adverse Determination Act enhancing transparency in prior authorization programs involving AI.
Some states impose restrictions on AI use to prevent discriminatory outcomes, require transparency if AI chatbots engage patients, and ensure AI decisions are reviewable and auditable. These laws often prohibit insurers or providers from solely relying on AI to deny claims or modify healthcare services without human review to protect patient safety and fairness in care delivery.
5. Enforcement Actions and Advisory Options
Enforcement actions have focused on violations of privacy, discriminatory AI use, and failure to provide adequate transparency or human oversight. Both FDA and HHS use warnings, fines, corrective action plans, or withdrawal of approval against AI healthcare vendors or providers violating regulatory standards.
Advisory options include public comment periods on draft guidelines, stakeholder workshops, and consultation services facilitated by federal agencies to help entities comply with evolving AI healthcare regulations.
This dynamic landscape balances fostering innovation with protecting patient safety, data privacy, and fairness in healthcare delivery. The FDA has noted that its traditional pathways for medical device regulations were not designed to be applied to AI, and the agency is looking to update its current processes. The Biden Administration has also released an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence ("EO") in October 2023, which aims to establish new standards for the responsible use, development, and procurement of AI systems across the federal government, including in the healthcare context.
6. Executive Order on AI and Healthcare
The Biden Administration's Executive Order on AI emphasizes promoting transparency, accountability, and critical research to ensure AI technologies in healthcare are secure, trustworthy, and benefits global health and wellness. The order encourages AI governance by calling for a National AI Research Resource to address AI technology, data, and model sharing, and AI research prioritization for areas like ethical and equitable AI, AI explainability, and AI human-centered design.
7. Increasing Transparency and Trust
To increase trust in AI applications in healthcare, both the FDA and HHS emphasize transparency in AI algorithm development, performance, and limitations. However, there is also a need for readily accessible resources and fair policies to minimize disparities in AI's potential benefits resulting from socio-economic, geographic, or demographic factors.
8. International Collaboration and Global Policy Standards
Lastly, global collaboration is essential to establish consistent policy standards and international best practices for the ethical and responsible deployment of AI in healthcare. The United States plays an active role in international forums like the G-7 and OECD in shaping global AI strategy and intelligence on AI and privacy, AI ethics, and AI standards for quality, safety, and interoperability.
