U.S. Senators Question HHS Official on AI Use in Electronic Health Records
Senators on the Senate Health, Education, Labor and Pensions Committee questioned HHS’s senior health IT official regarding the expanding use of artificial intelligence within electronic health record systems, signaling growing congressional interest in oversight of AI enabled health technology. Lawmakers raised concerns about patient privacy, potential bias in AI driven clinical tools, and limited transparency into how AI models rely on and are trained using sensitive health data.
HHS Assistant Secretary for Technology Policy, Thomas Keane, acknowledged the concerns but did not point to specific new regulatory requirements, instead referencing existing federal health IT standards and a December 2025 HHS AI Request for Information (RFI) on the safe and effective use of AI in health care. While no immediate policy changes were announced, the hearing reflects increasing bipartisan focus on whether additional guardrails may be needed as AI becomes more deeply embedded in clinical software and care delivery.
CMS Announces Medicare App Library
The Centers for Medicare & Medicaid Services (CMS) recently announced the development of the Medicare App Library as part of its Health Technology Ecosystem initiative. The library will provide a centralized directory through which Medicare beneficiaries can access patient facing digital health tools that integrate with CMS Aligned Networks.
CMS stated that participating apps will be grouped into three categories: applications designed to eliminate manual check in processes, conversational artificial intelligence assistants, and diabetes and obesity management tools. To be included, apps must sign CMS’s interoperability pledge and meet specified participation requirements, including implementing identity verification through ID.me or CLEAR, enabling connectivity to CMS Aligned Networks, and completing an evaluation by the Digital Medicine Society or the CARIN Alliance prior to CMS review. CMS also indicated that participants in the Advancing Chronic Care with Effective, Scalable Solutions (ACCESS) Model that join the Health Technology Ecosystem will be identified in the library with a special designation. The announcement reflects CMS’s continued emphasis on voluntary participation, interoperability, and consumer facing digital tools within Medicare.
Congress Working on Kids’ Online Safety Legislation with AI Implications
The House Energy and Commerce Committee advanced a broad package of children’s online safety bills, including the Kids Internet and Digital Safety (KIDS) Act (H.R. 7757) and Children and Teens’ Online Privacy Protection Act (COPPA 2.0- H.R. 6291), which now heads to the House floor. While the debate largely centered on privacy and platform accountability, several provisions touch directly on artificial intelligence—including mandatory disclosure when AI chatbots interact with minors and new studies on how social media algorithms impact mental health.
The House package, driven by Republicans, drew criticism from Democrats who argued it weakens key protections found in bipartisan Senate counterparts of these bills. Notably, the House bill omits “duty of care” language that would require tech and AI-enabled platforms to design products with children’s safety in mind.
Meanwhile, the Senate unanimously passed its COPPA 2.0 (S. 836), which expands data protections to teens under 17 and restricts how companies—including those deploying AI-driven personalization and advertising tools—can use minors’ data.
Overall, both chambers are moving toward tighter regulation of platforms and AI technologies that interact with young users, though the House and Senate currently diverge on how strong those protections should be.
Senate Committee Passes Cybersecurity Bill
On February 26, the Senate Health, Education, Labor and Pensions (HELP) Committee passed the Health Care Cybersecurity and Resiliency Act (S. 3315) by a vote of 22-1. This legislation would establish new minimum cybersecurity standards for HIPAA‑regulated entities—including multifactor authentication, data encryption, penetration testing, and regular security audits—while strengthening federal coordination through HHS and CISA and requiring a comprehensive cybersecurity incident response plan. It also updates breach reporting rules, mandates publication of corrective actions after incidents, and designates the Administration for Strategic Preparedness and Response (ASPR) as the Sector Risk Management Agency for healthcare. This bipartisan bill has been of interest since recent cybersecurity threats have crippled parts of the health care industry.
Professionals
