Digital Health Blog

Effective January 1, 2026, UnitedHealthcare will limit reimbursement for remote patient monitoring (RPM) to two conditions: chronic heart failure and hypertensive disorders during pregnancy. The policy applies across Medicare Advantage, commercial, and Medicaid plans, and will exclude coverage of RPM for commonly monitored conditions like type 2 diabetes, COPD, and general hypertension.

UnitedHealthcare cites a lack of sufficient clinical evidence for RPM’s effectiveness outside the two covered conditions. However, critics argue that the policy overlooks well-established data, may disrupt care for millions of patients currently using RPM for chronic disease management, and raises legal questions under the Medicare Advantage statute.

OpenAI recently updated its usage policy to prohibit individuals from using ChatGPT and other OpenAI platforms to provide medical advice, reinforcing the distinction between AI-generated health information and licensed clinical guidance. The policy, announced on October 29, 2025, reflects growing industry and regulatory concern about the use of generative AI in health care settings, particularly where users may misinterpret outputs as diagnostic or treatment recommendations. The policy changes came just days before seven lawsuits were filed in California state courts alleging wrongful death, assisted suicide, involuntary manslaughter, and a variety of product liability, consumer protection, and negligence claims against OpenAI.

Companies integrating LLMs into patient facing platforms should increase their diligence to ensure that product messaging, user interfaces, and disclosures align with both platform policies and applicable health care regulations, including whether the platform is engaged in the practice of medicine.

Earlier this month, Senator Bill Cassidy introduced the Health Information Privacy Reform Act (S. 3097), which would significantly expand federal oversight of health information and reshape the HIPAA right of access provisions. As proposed, the bill would authorize HHS, in consultation with the FTC, to regulate individually identifiable health information held by “regulated entities” and “service providers” that currently fall outside HIPAA’s scope – including many health apps, consumer-facing wellness platforms, and data intermediaries. The bill would also narrow HIPAA’s right of access provisions by requiring patients to provide a valid authorization whenever they direct copies of their records be sent to a third party for reasons other than treatment, payment, or health care operations, and it would allow states to set fees for such third-party transmissions.

On October 21, CMS instructed all MACs to lift the hold on claims with dates of service on and after October 1, 2025 for certain services impacted by select expired Medicare legislative provisions, including claims paid under the Medicare Physician Fee Schedule and telehealth claims that CMS can confirm are for behavioral and mental health services. CMS continues to direct MACs to temporarily hold claims for non-behavioral/mental health telehealth services and for acute Hospital Care at Home claims.

The Centers for Medicare & Medicaid Services (CMS) released an updated telehealth Frequently Asked Questions (FAQ) which addresses how the federal government shutdown impacts rendering these services to Medicare beneficiaries. The FAQs address where Medicare beneficiaries need to be to receive telehealth services, which practitioners can furnish these services, whether audio-only visits are allowed, among other questions.

The American Medical Association (AMA) announced the launch of its Center for Digital Health and Artificial Intelligence (AI). The Center will focus on putting physicians in a leadership role to shape policy, digital tools, educate and collaborate with others to build partnerships across the government and healthcare, technology, research sectors.

On September 25, 2025, the Massachusetts Senate unanimously passed the Massachusetts Data Privacy Act (“MDPA”), originally introduced as SB 2608 and now refiled as SB 2619. The bill proposes sweeping reforms to consumer data protection, including bans on the sale of sensitive data (such as biometric, health, and geolocation information), enhanced data privacy rights for minors, and strict limits on data collection practices. The Senate referred the bill to the Massachusetts House of Representatives.

On October 16, Massachusetts joined growing number of states taking legislative action on the use of artificial intelligence in healthcare. SB 2632 sets clear boundaries around AI’s role in behavioral and mental health services, as well as in healthcare decision-making and utilization review. Under SB 2632, artificial intelligence cannot be used to make independent therapeutic decisions in a mental or behavior health setting. All treatment plans and patient interactions involving AI must be reviewed by a licensed professional. The bill also mandates transparency: patients must be informed when AI is used in their care and must provide explicit consent. The legislation further restricts how insurance carriers use AI in utilization review and other administrative functions. Specifically, it prohibits AI from replacing human decision-making or being used in ways that could result in discrimination against insured individuals.

As state legislatures gear up for the 2026 session, more proposals addressing artificial intelligence in healthcare and data privacy issues are likely. These developments reflect growing public and policymaker concern over the ethical, legal, and social implications of emerging technologies. However, states are taking varied approaches to regulation and enforcement, signaling an evolving and diverse policy landscape.

California Governor Newsom has signed Assembly Bill 489 into law, which establishes protections against the misuse of artificial intelligence in health care communications. The new law, which takes effect January 1, 2026, prohibits AI systems from impersonating or misrepresenting themselves as licensed medical professionals.

Sponsored by Assemblymember Rob Bonta and supported by the California Medical Association and SEIU California, AB 489 amends existing consumer protection laws to ensure that generative AI tools cannot use misleading titles, post-nominal letters, or phrases that imply clinical authority. Each violation is enforceable by the relevant licensing board and treated as a separate offense.

The enactment of AB 489 reflects California’s proactive approach to maintaining patient trust and transparency as AI tools increasingly interact with patients. The legislation compels developers to revise user interfaces and marketing language that could mislead users into believing they are receiving care from credentialed providers. Existing California law already mandates that AI-generated patient-facing content include clear disclaimers and offer access to a human contact when clinical information is presented. By extending false advertising and impersonation protections to AI-generated content, California sets a precedent for other states considering similar regulations. AB 489 underscores the importance of ethical boundaries and oversight as AI continues to reshape the health care landscape.

Senator Richard Durbin (D-IL) and Senator Josh Hawley (R-MO) introduced the AI LEAD Act. The legislation classifies all Artificial Intelligence (AI) systems, including those incorporated into health care settings, as products, and permits the Department of Justice, state attorneys general, and individuals to bring claims against developers of large language models (LLMs) under traditional products liability doctrine. If passed, developers of AI systems may face increased claims over design defects and be forced to increase transparency regarding development and deployment of AI tools. The legislation follows from Congressional hearings on AI safety and may inspire similar state legislation as both federal and state policymakers seek to establish a new regulatory framework for artificial intelligence.

The FDA’s Digital Health Center of Excellence is requesting public comment on methods for measuring and evaluating the performance of artificial intelligence-enabled medical devices. This initiative aims to improve regulatory clarity and foster innovation while ensuring safety and effectiveness. Stakeholders—including developers, clinicians, and researchers—are encouraged to share feedback on evaluation frameworks, performance metrics, and uncertainty quantification. Comments are due December 1.