Digital Health Blog
Legal & Policy Insight to Empower the Evolution of Health Care
Never Miss an Update
New York Introduces Legislation to Regulate Use of AI in Mental Health Care
New York State has introduced the Oversight of Technology in Mental Health Care Act (S.8484), a landmark bill aimed at regulating the use of artificial intelligence in mental health services. The legislation prohibits autonomous AI from delivering direct therapeutic care and mandates that licensed professionals oversee any AI-assisted treatment. It also requires explicit, informed consent from patients and ensures compliance with privacy and recordkeeping standards. While restricting clinical use, the bill encourages AI for administrative tasks like scheduling and billing. Religious counseling and peer support services are exempt. This move reflects a growing national trend toward safeguarding mental health care in the age of AI.
Amendments to California’s Data Exchange Framework Pass Legislature
SB 660 (Menjivar) has passed through the California legislature and now awaits signature by Governor Newsom. The bill reshapes the governance of the state’s Data Exchange Framework (DxF) by transferring oversight from the California Health and Human Services Agency (CalHHS) to the Department of Health Care Access and Information (HCAI) and authorizes HCAI to initiate enforcement actions, contingent on budget appropriations. SB 660 also clarifies the health care organizations required to participate in the DxF, in addition to other entities designated by HCAI as required entities.
California passes Legislation Addressing Misrepresentation from Chatbots
On September 8th, the California legislature passed AB 489, which seeks to prohibit AI and generative AI (GenAI) systems from misrepresenting themselves as licensed or certified healthcare professionals. The bill now heads to Governor Newsom’s desk for signature.
The legislation comes in response to growing concerns about the integration of AI technologies into clinical settings, particularly the rise of AI-powered therapy chatbots that may appear to patients as offering professional medical advice. Under AB 489, AI and GenAI systems would be barred from using any terms, letters, or phrases—whether in advertising or functionality—that suggest the advice, care, reports, or assessments they provide are coming from a licensed human healthcare provider. This includes titles such as “M.D.” or “Dr.”, which are already protected under California law against improper use by unlicensed individuals. The bill clarifies that these existing prohibitions now explicitly extend to individuals or entities that develop or deploy AI technologies.
As proposed, each violation of the law would be treated as a separate offense, enforceable by the appropriate state professional licensing board. The legislation would also authorize these boards to seek injunctions or restraining orders against violators.
HHS Releases Updated Security Risk Assessment Tool v3.6
HHS has launched version 3.6 of its Security Risk Assessment (SRA) Tool, designed to support HIPAA compliance and strengthen data protection. Key updates include a new approval tracking feature, an updated NIST-aligned risk scale, enhanced reporting, refreshed library files, and improved educational content. Join live webinars on September 15 at noon ET or September 16 at 3pm ET to explore the new features and get your questions answered by experts.
Congress Weighs Health AI Policy Amid Shifting Political Landscape
At a recent House Energy and Commerce Health Subcommittee hearing, lawmakers explored innovative use cases and challenges of artificial intelligence in health care, revealing deep partisan divides on AI regulations while acknowledging a few areas of bipartisan concern. Although Republicans praised the Administration’s hands-off approach to AI regulation, Democrats warned that innovation cannot thrive without adequate healthcare funding and equity. Despite broader disagreements, members found common ground on key issues: protecting mental health counseling using AI tools, safeguarding children’s use of AI, and addressing algorithm-driven denials of care. Data privacy and reimbursement challenges also surfaced as major hurdles. The hearing marked the first major step in shaping health AI policy in the 119th Congress.
HHS Cracks Down on Health Data Blocking
HHS launched a major enforcement initiative to stop health data blocking, ensuring patients and the providers have easier access to their electronic health information. The agency is directing an increase in resources to support enforcement of information blocking rules promulgated under the 21st Century Cures Act of 2016 by the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (ASTP/ONC) and HHS Office of Inspector General (OIG). Health care providers participating in Medicare programs could be subject to disincentives under those programs. Health IT developers of certified health IT or who meet the definition of a health information network or health information exchange that obstruct data sharing could face penalties up to $1 million per violation. Developers of product(s) certified under the ONC Health IT Certification Program could have certifications terminated and be banned from the program.
This move supports innovation, transparency, and patient-centered care, aligning with broader efforts to modernize the healthcare system. Violations can be reported through an Information Blocking Portal.
CMS Announced Tech Competition to Combat Fraud
CMS announced its “Crushing Fraud Chili Cook-Off Competition” – an effort aimed at utilizing machine learning models to detect anomalies in Medicare claims data. Finalists will receive access to Medicare Fee-for-Service (FFS) Hospice, Part B, and Durable Medical Equipment (DME) claims. CMS will accept submissions through September 19 and will publicly announce the winner the week of December 15, 2025.
HHS Announces New Health Tech Ecosystem
On July 30, the White House and the Department of Health and Human Services (HHS) announced its establishment of a new Health Tech Ecosystem. Over 60 data networks, health systems and providers, app developers, and payers have made voluntary commitments to adopt and align with a new interoperability framework designed to create a process for easily accessible and shareable medical information across newly created CMS Aligned Networks. HHS encourages additional health care providers and entities to become early adopters and participate in the framework. Apps included in this first round of early adopters will focus on apps that can eliminate manual check-in forms, apps that provide conversational AI assistants, and apps centered on diabetes and obesity prevention and management. The Centers for Medicare and Medicaid Services (CMS) has made its own commitments to update and modernize Medicare tools already available.