Among the growing number of state AI statutes, multiple states have now enacted laws governing the use of artificial intelligence technology by health insurers when determining whether or not to cover claims.
This article outlines some considerations for insurers, focusing on Nebraska, Georgia and Colorado statutes.
- Nebraska’s “Ensuring Transparency in Prior Authorization Act.” This statute prohibits an insurer’s utilization review agent from basing relevant coverage decisions solely on an “artificial intelligence-based algorithm.” In addition, utilization review agents must make separate disclosures whether such artificial intelligence are or will be used in the utilization review project to the Department of Insurance, health providers, “each enrollee,” and “on its public website.” Automated utilization review systems are subject to audit “at any time” by the Department of Insurance.
- Colorado’s SB 21-169. “[W]with regard to any insurance practice” and “pursuant to rules adopted by the Commissioner,” insurers shall not “use any… algorithms or predictive models that use external consumer data and information sources, in a way that unfairly discriminates based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.” The statute clarifies that “algorithms” include machine learning that “informs human decision making.” The statue also addresses requirements for disclosures to the regulator, and the need to “establish and maintain a risk management framework” designed to determine whether an algorithm results in unfair discrimination, with officer attestation of implementation. The Commissioner is broadly empowered to examine and investigate uses of algorithms in any insurance practice.
- Georgia’s SB 444. Georgia’s statute enables the use of artificial intelligence systems as part of utilization review, “provided that such systems or tools are a part of a utilization review plan that is in accordance with the standards set forth in this chapter and the rules and regulations adopted by the Commissioner.” The statute goes on to expressly prohibit the use of artificial intelligence systems to “issue an adverse determination to a patient” until a qualified natural person “conducts a utilization review in which a clinical peer participates.” The statute then states: “In no event shall artificial intelligence systems, artificial intelligence, or other software tools supersede the judgment of such clinical peer.”
These statutes underline – and as also evident in other areas of AI policymaking (e.g., employment and AI law) – that legislatures continue in many instances to be skeptical of the use of AI to replace human decision making, especially where those decisions have important effects on individuals.
Taft’s Privacy, Security & AI attorneys are available to assist with questions related to these issues. As always, please sign up to receive emails of our latest posts here on Privacy and Data Security Insights, and follow us on LinkedIn for the latest in privacy, security and artificial intelligence legal news.