Industry · AI in clinical care, diagnostic devices, and protected health information
AI Compliance for Healthcare
Healthcare AI compliance moves on three regulatory axes at once. FDA governs AI/ML-enabled medical devices through the SaMD framework, the Predetermined Change Control Plan guidance, and an active pre-market and post-market surveillance pipeline that has cleared over 1,000 AI-enabled devices to date. HHS OCR enforces HIPAA on protected-health-information handling by AI vendors and, through the Section 1557 final rule, prohibits discrimination in patient-care decision-support tools — including third-party clinical algorithms hospitals merely use. State insurance regulators have layered additional AI rules on payers (NAIC Model Bulletin, Colorado SB21-169, New York Circular Letter 7). The EU AI Act classifies most medical-device AI as high-risk and adds conformity-assessment obligations on top of the existing MDR/IVDR regime. Enforcement is no longer hypothetical: HHS OCR has opened Section 1557 investigations into hospital algorithms, FDA has issued warning letters on undisclosed model updates, and state AGs have begun probing AI tenant-style screening of patients for prior authorization. AIGI tracks every primary-source rule, guidance, enforcement action, and bill in this stack — across hospitals, payers, life sciences, and digital health. As of the most recent update, AIGI tracks 421 primary-source items affecting healthcare.
Who tracks this?
Typically: Chief Compliance Officer, hospital General Counsel, or Chief Medical Officer. AIGI is built to put primary-source AI updates affecting healthcare in front of this role daily — with citation chains, status timelines, and obligation mapping.
Coverage at a glance
- Items tracked
- 421
- Jurisdictions
- 8
- Last update
- 12/28/2000
Most active jurisdictions for healthcare AI
Recent healthcare AI activity
- US regulation effective 12/28/2000
[HHS OCR] Standards for Privacy of Individually Identifiable Health Information
This rule establishes standards for the privacy of individually identifiable health information under HIPAA, applying to health plans, clearinghouses, and providers to protect patient rights and regulate data uses and disclosures.
Authority: HHS Office for Civil Rights
- US regulation effective 5/1/2020
[HHS OCR] 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program
This final rule implements provisions of the 21st Century Cures Act regarding health IT interoperability, information blocking, and ONC Health IT Certification Program requirements.
Authority: HHS Office for Civil Rights
- FR enforcement action enforcement 5/28/2026
[CNIL] Données de santé : sanction de 5 millions d’euros à l’encontre de la société IQVIA
The French CNIL fined IQVIA OPERATIONS FRANCE €5 million and issued injunctions for failing to comply with data protection authorizations regarding health data warehouses, citing insufficient transparency, rights exercise, and security measures.
Authority: CNIL
- TX legislation enacted
[TX Legislature] SB815 (89R): Relating to the use of certain automated systems in, and certain adverse determinations made in connection with, the health benefit claims p
Texas SB815, enacted on June 20, 2025, and effective September 1, 2025, regulates the use of automated systems and adverse determinations in health benefit claims processes.
Authority: Texas Legislature
- TN legislation introduced
[TN Legislature] HB1951 (GA114): Criminal Offenses — As introduced, creates a new offense of coercive suicide; specifies that a person or entity commits the offense of coerc
Tennessee bill HB1951 proposes creating a criminal offense for persons or entities whose AI systems advise or encourage a person to commit or attempt to commit suicide.
Authority: Tennessee Legislature
- TN legislation enacted
[TN Legislature] SB1580 (GA114): Health Care — As enacted, prohibits a person from developing or deploying an artificial intelligence system that advertises or represe
Tennessee law prohibits AI systems from advertising or acting as qualified mental health professionals.
Authority: Tennessee Legislature
- NL guidance effective 7/13/2026
[AP] AP helpt ontwikkelaars en organisaties met nieuwe AVG-richtlijnen voor generatieve AI
The Dutch Data Protection Authority (AP) publishes new GDPR guidelines and a practical tool to help organizations responsibly develop and use generative AI while protecting personal data.
Authority: Autoriteit Persoonsgegevens
- EU agency report enforcement 7/7/2026
[EU Commission Press] Commission refers Ireland, Spain, France and the Netherlands to the Court of Justice for failing to transpose the rules on cybersecurity
The European Commission has referred Ireland, Spain, France, and the Netherlands to the CJEU for failing to transpose the NIS2 Directive into national law.
Authority: European Commission
- NL agency report enforcement 6/8/2026
[AP] AP: grote toename van privacyklachten
The Dutch Data Protection Authority (AP) reports a 75% increase in privacy complaints in 2025, primarily concerning data access, deletion rights, and data breaches.
Authority: Autoriteit Persoonsgegevens
- SG guidance effective 1/22/2026
Singapore Launches New Model AI Governance Framework for Agentic AI
Singapore's IMDA launched the Model AI Governance Framework for Agentic AI, providing global guidance for responsible deployment, risk mitigation, and human accountability for AI agents.
Authority: Singapore Personal Data Protection Commission
- VA legislation introduced 1/12/2026
[VA Legislature] SB269: Mental health service providers; definitions, use of artificial intelligence system, civil penalty.
Virginia SB269 permits mental health providers to use AI for assistance with full human responsibility, prohibits unsupervised AI therapy, and establishes a civil penalty up to $10,000 for violations.
Authority: Virginia General Assembly
- US rulemaking notice effective 9/24/2025
[HHS OCR] Computer Software Assurance for Production and Quality System Software; Guidance for Industry and Food and Drug Administration Staff; Availability
FDA announces the availability of final guidance on computer software assurance for production and quality system software in medical device manufacturing.
Authority: HHS Office for Civil Rights
+ 409 more — start trial for full access.
Frequently asked questions
- Which AI laws apply to healthcare?
- AI in healthcare touches medical-device classification, AI-assisted diagnosis, protected health information, Section 1557 nondiscrimination, FDA-equivalent approvals, and patient consent for AI-assisted care. AIGI tracks every primary-source AI rule affecting hospitals, payers, life-sciences companies, and digital-health platforms.
- Who at a healthcare company should track these rules?
- Chief Compliance Officer, hospital General Counsel, or Chief Medical Officer is typically the role accountable for healthcare-AI compliance. AIGI is designed to put primary-source updates in front of this role daily.
- How many healthcare AI items does AIGI track?
- AIGI currently tracks 421 primary-source items where healthcare appears as an affected industry, spanning 8+ jurisdictions. The corpus is updated continuously.
- Which jurisdictions are most active on healthcare AI?
- Activity varies by sub-sector. AIGI's coverage map shows per-jurisdiction depth, and each item links to its primary authority source. See /coverage for the live distribution.
- Where do AIGI's healthcare citations come from?
- Every item on this page links to its primary government, regulator, or research source. AIGI does not paraphrase secondary commentary — our citation methodology is documented at /how-we-cite.
Related
Stay informed