Laws & Statutes AL AL-SB-63
SB-63
AL · State · USA
AL
USA
● Passed
Proposed Effective Date
2026-10-01
Alabama SB 63 — An Act Relating to Health Insurance; to Impose Limitations on the Use of Artificial Intelligence by Insurers in Making Determinations of Coverage Under Health Benefit Plans; and to Authorize the Department of Insurance of the State of Alabama to Investigate and Impose Disciplinary Action for Violations
Regulates insurers' use of artificial intelligence in prior authorization determinations under health benefit plans in Alabama. Requires AI-based prior authorization determinations to be based on individual enrollee clinical data — including medical history, unique clinical circumstances, and medical records — and prohibits reliance solely on group datasets. Adverse prior authorization decisions (denials, reductions, deferrals) must always be made by a licensed physician or competent health care professional who evaluates the AI's recommendation in light of the enrollee's specific clinical issues. Insurers must provide written disclosure of AI use in utilization review, certify annually to the Department of Insurance that their AI complies with the act's requirements and is periodically reviewed for accuracy, and ensure patient data is not used beyond its stated purpose consistent with HIPAA. Enforcement is exclusively through the Alabama Department of Insurance via investigation, corrective action plans, and disciplinary measures for repeat violations.
Legislative History
2026-01-13 committee referral Read for the first time and referred to the Senate Committee on Healthcare
2026-02-11 committee passage Reported Out of Committee House of Origin
2026-02-19 chamber passage Third Reading in House of Origin
2026-02-19 amendment Motion to Read a Third Time and Pass as Amended - Adopted Roll Call 477
2026-02-19 chamber passage Engrossed
2026-02-19 committee referral Read for the first time and referred to the House Committee on Insurance
2026-03-17 committee passage Reported Out of Committee Second House from House Insurance TBV8D95-1
Mapped Requirements
HC-01 Healthcare AI Decision Restrictions R-02 Regulatory Disclosure & Submissions
Official Sources
Full Text
Entry Last Reviewed
2026-03-27
AI generated
Summary

Regulates insurers' use of artificial intelligence in prior authorization determinations under health benefit plans in Alabama. Requires AI-based prior authorization determinations to be based on individual enrollee clinical data — including medical history, unique clinical circumstances, and medical records — and prohibits reliance solely on group datasets. Adverse prior authorization decisions (denials, reductions, deferrals) must always be made by a licensed physician or competent health care professional who evaluates the AI's recommendation in light of the enrollee's specific clinical issues. Insurers must provide written disclosure of AI use in utilization review, certify annually to the Department of Insurance that their AI complies with the act's requirements and is periodically reviewed for accuracy, and ensure patient data is not used beyond its stated purpose consistent with HIPAA. Enforcement is exclusively through the Alabama Department of Insurance via investigation, corrective action plans, and disciplinary measures for repeat violations.

Enforcement & Penalties
Enforcement Authority
Alabama Department of Insurance has enforcement authority. Enforcement is agency-initiated: the Department may notify an insurer of an alleged violation when it has reasonable grounds to believe a violation occurred, and the insurer must respond within 30 days. If the response is unsatisfactory, the Department may hold an administrative hearing under Article 1, Chapter 2 of Title 27, Code of Alabama 1975. No private right of action is created. The Department is directed to adopt rules to enforce the section.
Penalties
For initial violations, the Department may impose a corrective action plan requiring the insurer to correct procedures, policies, and guidelines to bring utilization review into compliance. For repeat violations, the Department may impose disciplinary measures provided in Section 27-3A-6(d), Code of Alabama 1975. No monetary damages, civil penalties, or private remedies are specified in the act itself.
Who Is Covered
INSURER. The term includes all of the following: a. Any entity that issues, delivers, or renews a health benefit plan, including a person as defined in Section 27-1-2, a health maintenance organization established under Chapter 21A of Title 27, Code of Alabama 1975, a nonprofit health care services plan established under Article 6, Chapter 20 of Title 10A, Code of Alabama 1975, or a nonprofit agricultural organization that offers health care benefits pursuant to Chapter 33 of Title 2, Code of Alabama 1975. b. Any department or office internal to an entity described in paragraph a. which performs utilization review. c. Any separate entity that performs utilization review as a contractor or agent of an entity described in paragraph a.
Compliance Obligations 6 obligations · click obligation ID to open requirement page
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Section 1(b)(1)
Plain Language
When an insurer uses AI to make prior authorization determinations, those determinations must be based on the individual enrollee's medical history, unique clinical circumstances as presented by the treating provider, and any additional clinical information in the enrollee's medical record. This effectively prohibits insurers from making AI-driven prior auth decisions based solely on population-level data or algorithmic generalizations without considering the specific patient's individual clinical profile.
Statutory Text
(b)(1) An insurer that uses artificial intelligence to make determinations on requests for prior authorization under health benefit plans shall base determinations on all of the following: a. The enrollee's medical history. b. Any clinical circumstances unique to the enrollee which are presented by the requesting health care provider. c. Additional clinical information about the enrollee which may be present in the enrollee's medical record.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Section 1(b)(3)
Plain Language
Every adverse prior authorization decision — whether a denial, reduction, or deferral — must be made by a licensed physician or other competent health care professional, not by AI alone. The human reviewer must be competent to evaluate the AI's recommendation in the context of the specific clinical issues unique to the enrollee and the treating provider's recommendation. This is a mandatory human-in-the-loop requirement: AI may inform the decision, but a qualified clinician must always make the final adverse determination.
Statutory Text
(3) In addition to the requirements listed in subdivisions (1) and (2), a determination to deny, reduce, or defer a request for prior authorization shall always be made by a licensed physician or other health care professional who is competent to evaluate any recommendation or conclusion of artificial intelligence in the light of the specific clinical issues involved in the health care service requested which are unique to the enrollee's circumstances or as recommended by the treating health care provider.
R-02 Regulatory Disclosure & Submissions · R-02.4 · Deployer · Healthcare
Section 1(b)(2)
Plain Language
Insurers must annually certify to the Alabama Department of Insurance that their AI prior authorization systems meet three standards: (1) they do not rely solely on group-level datasets; (2) they are configured and applied fairly, producing consistent results for enrollees with similar clinical profiles; and (3) they do not discriminate directly or indirectly against any subscriber group or enrollee in violation of state or federal law, including HHS regulations and guidance. This is a proactive annual regulatory submission — insurers cannot wait to be asked.
Statutory Text
(2) An insurer shall certify annually to the department that the artificial intelligence used to make determinations on requests for prior authorization complies with all of the following: a. Does not rely solely on a group dataset to make determinations. b. Is configured and applied in a fair manner for each subscriber group and enrollee such that resulting determinations are consistent for enrollees who present with similar clinical considerations. c. Does not discriminate directly or indirectly against any subscriber group or enrollee in violation of state or federal law, including any regulation or guidance issued by the federal Department of Health and Human Services.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
Section 1(c)(1)
Plain Language
Insurers that use AI as a tool in utilization review must provide prominent written disclosure of that fact. For group plans, the disclosure goes to the plan sponsor (typically the employer). For individual plans, the disclosure goes directly to the enrollee. This is a general disclosure obligation about AI use in utilization review — it does not require claim-by-claim notification, but rather a prominent written statement that AI contributes information to the utilization review process.
Statutory Text
(c) An insurer shall do all of the following: (1) Make prominent written disclosure if artificial intelligence is used as a tool to contribute information in utilization review to: a. The sponsor in the case of a group plan; or b. The enrollee in the case of an individual plan.
R-02 Regulatory Disclosure & Submissions · R-02.4 · Deployer · Healthcare
Section 1(c)(2)
Plain Language
Insurers must annually certify to the Department of Insurance two things: first, that their AI systems and the outcomes they produce are periodically reviewed to maximize accuracy and reliability; and second, that AI use in utilization review complies with all of subsection (b)'s requirements (individualized clinical data, no sole reliance on group data, fairness, non-discrimination, and human review of adverse decisions). This certification is separate from and in addition to the subsection (b)(2) certification — subsection (b)(2) certifies the AI's configuration and fairness standards, while this provision certifies ongoing operational review and overall subsection (b) compliance.
Statutory Text
(2) Certify annually to the department that: (i) use of artificial intelligence and the outcomes that it generates are reviewed on a periodic basis to maximize accuracy and reliability; and (ii) use of artificial intelligence in utilization review complies with the requirements of subsection (b).
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Section 1(c)(3)
Plain Language
Patient data that AI systems use in utilization review functions must not be repurposed beyond the intended and stated purpose of that utilization review. This is a use limitation obligation consistent with HIPAA — insurers must ensure that clinical data ingested by AI for prior authorization decisions is not used for secondary purposes such as marketing, product development, or other functions not disclosed to the patient. The obligation references HIPAA as the baseline standard but is independently enforceable under this act.
Statutory Text
(3) Ensure that patient data used in utilization review functions by artificial intelligence is not used beyond its intended and stated purpose consistent with the federal Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. § 1320d et seq.