Digital Health Blog

Senator Richard Durbin (D-IL) and Senator Josh Hawley (R-MO) introduced the AI LEAD Act. The legislation classifies all Artificial Intelligence (AI) systems, including those incorporated into health care settings, as products, and permits the Department of Justice, state attorneys general, and individuals to bring claims against developers of large language models (LLMs) under traditional products liability doctrine. If passed, developers of AI systems may face increased claims over design defects and be forced to increase transparency regarding development and deployment of AI tools. The legislation follows from Congressional hearings on AI safety and may inspire similar state legislation as both federal and state policymakers seek to establish a new regulatory framework for artificial intelligence.

The FDA’s Digital Health Center of Excellence is requesting public comment on methods for measuring and evaluating the performance of artificial intelligence-enabled medical devices. This initiative aims to improve regulatory clarity and foster innovation while ensuring safety and effectiveness. Stakeholders—including developers, clinicians, and researchers—are encouraged to share feedback on evaluation frameworks, performance metrics, and uncertainty quantification. Comments are due December 1.

The Office of Science and Technology Policy (OSTP) is seeking public input to identify federal statutes, regulations, and administrative processes that may hinder the development and adoption of AI technologies in the U.S. This Request for Information invites feedback from industry, academia, government entities, and other stakeholders to help shape future regulatory reforms that promote AI innovation. Comments are due October 27.

Government funding has lapsed as of October 1, as well as current telehealth waivers. It is expected that if and when Congress acts on government spending, an extension would be included, but it is not clear when that will occur. CMS released guidance directing Medicare Administrative Contractors (MACs) to implement a temporary claims hold. This standard practice is typically up to 10 business days and prevents the need for reprocessing large volumes of claims should Congress act after the statutory expiration date. Providers can continue to submit claims during this time, but payment will not be made until the hold is lifted. Additionally, CMS reiterated that absent congressional action, many of the statutory limitations that were in place prior to the COVID-19 Public Health Emergency (PHE) will take effect again, and that practitioners may choose to hold claims associated with telehealth services that are not payable by Medicare in the absence of congressional action. CMS noted that clinicians in applicable Medicare Accountable Care Organizations (ACOs) can provide and receive payment for covered telehealth services to certain Medicare beneficiaries without geographic restriction and in the beneficiary’s home. Stay up to date on further information related to government funding and expiring provisions via our website. You can also sign up for our government relations and public policy email newsletter for further updates.

On September 23, 2025, the California Privacy Protection Agency (CPPA) finalized a landmark set of regulations under the California Consumer Privacy Act (CCPA), approved by the Office of Administrative Law.

The new regulations introduce significant obligations for covered businesses using automated decision-making technologies (ADMT), require regular cybersecurity audits, and mandate technical privacy risk assessments. While the CPPA narrowed the scope of earlier proposals to the updated regulations – limiting ADMT provisions to technologies that “substantially replace” human decision-making – the final rules represent an expansion of compliance duties.

The regulations are set to take effect January 1, 2026, with the compliance deadlines phased in based on business type and size.

The Joint Commission, in partnership with the Coalition for Health AI (CHAI), has released new guidance to support the responsible adoption of artificial intelligence in health care. The recommendations provide a high-level framework for hospitals and health systems as they navigate AI integration, with a focus on governance, bias assessment, resource evaluation, and risk management.

Building on this work, the Joint Commission and CHAI plan to also develop practical governance playbooks and a voluntary AI certification program for accredited organizations. For providers—particularly those accredited by the Joint Commission—this is a timely opportunity to evaluate their AI strategies and establish or strengthen internal governance structures to assess current and future AI tools.

The Joint Commission’s announcement and guidance are available here.

We are pleased to launch our new Digital Health Blog by announcing that Eric Fish has joined HLB as a partner in our Washington, D.C. office. Eric brings more than a decade of experience at the intersection of AI, digital health, and state and federal regulation, advising health care providers and innovators on navigating complex compliance challenges while preparing for the future of care delivery. To learn more, please see our full press release. Welcome to the firm Eric!

A California family has filed the first wrongful death suit against OpenAI, alleging that ChatGPT encouraged self-harm and assisted their teenage son in planning his suicide. The lawsuit, filed in San Francisco County Superior Court, accuses OpenAI design of negligence and prioritizing rapid product development over safety considerations. In response, OpenAI announced introduction of parental controls and product enhancements developed in conjunction with physicians, psychologists, and other mental health professionals.

This lawsuit also comes at a time of increasing efforts by state legislatures to address concerns about unlicensed practice of health care professions, privacy and consent, and standards of use in clinical settings.

The American Medical Association (AMA) has unveiled the CPT® 2026 code set, introducing 288 new codes that reflect the latest advancements in medical, surgical, and diagnostic services. Key updates include expanded coding for digital health, remote patient monitoring, and augmented intelligence (AI). Notably, new AI-related codes enhance physician decision-making by analyzing complex data, and remote monitoring codes now cover shorter durations and lower time thresholds.

The Coalition for Health AI (CHAI), an organization with the mission of advancing responsible AI and promoting best practices, released its Transparency Report, analyzing over 250 state bills related to transparency in health AI. The report reviews common trends and themes across state policymaking as a resource to inform future legislation. The report notes that in the absence of federal legislation, 46 states have stepped up to introduce health AI transparency bill in the legislature. Themes examined include health care denials, safety and bias mitigation, human oversight, and the shift toward lifecycle governance.