Laws & Statutes AL AL-SB-63
SB-63
AL · State · USA
AL
USA
● Passed
Proposed Effective Date
2026-10-01
Alabama SB 63 — An Act Relating to Health Insurance; to Impose Limitations on the Use of Artificial Intelligence by Insurers in Making Determinations of Coverage Under Health Benefit Plans; and to Authorize the Department of Insurance of the State of Alabama to Investigate and Impose Disciplinary Action for Violations
Imposes limitations on health insurers' use of artificial intelligence in prior authorization determinations under health benefit plans in Alabama. Requires AI-based prior authorization decisions to be grounded in individual enrollee medical history and clinical circumstances, not solely on group datasets. Mandates that any adverse determination (denial, reduction, or deferral) be made by a licensed physician or competent health care professional. Requires insurers to disclose AI use in utilization review to plan sponsors or enrollees, certify annually to the Department of Insurance that AI tools are periodically reviewed for accuracy and non-discrimination, and restrict patient data use consistent with HIPAA. Enforcement is through the Department of Insurance, which may impose corrective plans and disciplinary measures for violations.
Legislative History
2026-01-13 committee referral Read for the first time and referred to the Senate Committee on Healthcare
2026-01-13 Pending Senate Healthcare Pending Senate Healthcare
2026-02-11 committee passage Reported Out of Committee House of Origin
2026-02-11 Healthcare 1st Substitute NRSWP8T-1 Healthcare 1st Substitute NRSWP8T-1
2026-02-12 Read for the Second Time and placed on the Calendar Read for the Second Time and placed on the Calendar
2026-02-19 chamber passage Third Reading in House of Origin
2026-02-19 amendment Motion to Read a Third Time and Pass as Amended - Adopted Roll Call 477
2026-02-19 chamber passage Engrossed
2026-02-19 committee referral Read for the first time and referred to the House Committee on Insurance
2026-02-19 Healthcare 1st Substitute Offered NRSWP8T-1 Healthcare 1st Substitute Offered NRSWP8T-1
2026-02-19 Orr motion to Adopt - Adopted Roll Call 476 NRSWP8T-1 Orr motion to Adopt - Adopted Roll Call 476 NRSWP8T-1
2026-02-19 Pending House Insurance Pending House Insurance
2026-03-17 committee passage Reported Out of Committee Second House from House Insurance TBV8D95-1
2026-03-17 Read for the Second Time and placed on the Calendar Read for the Second Time and placed on the Calendar
2026-04-08 Third Reading in Second House Third Reading in Second House
2026-04-08 Insurance Engrossed Substitute Offered TBV8D95-1 Insurance Engrossed Substitute Offered TBV8D95-1
2026-04-08 Motion to Adopt - Adopted Roll Call 1307 TBV8D95-1 Motion to Adopt - Adopted Roll Call 1307 TBV8D95-1
2026-04-08 Shaw 1st Amendment Offered G359Y22-1 Shaw 1st Amendment Offered G359Y22-1
2026-04-08 Motion to Adopt - Adopted Roll Call 1308 G359Y22-1 Motion to Adopt - Adopted Roll Call 1308 G359Y22-1
2026-04-08 Motion to Read a Third Time and Pass as Amended - Adopted Roll Call 1309 Motion to Read a Third Time and Pass as Amended - Adopted Roll Call 1309
2026-04-08 Gudger Motion to Concur In and Adopt House Amendment - Adopted Roll Call 1261 Gudger Motion to Concur In and Adopt House Amendment - Adopted Roll Call 1261
2026-04-08 Ready to Enroll Ready to Enroll
2026-04-09 Enrolled Enrolled
2026-04-09 Delivered to Governor Delivered to Governor
2026-04-09 Signature Requested Signature Requested
2026-04-17 Enacted Enacted
2026-04-17 Enacted Enacted
Mapped Requirements
HC-01 Healthcare AI Decision Restrictions R-02 Regulatory Disclosure & Submissions S-01 AI System Safety Program
Official Sources
Full Text
Entry Last Reviewed
2026-04-18
AI generated
Summary

Imposes limitations on health insurers' use of artificial intelligence in prior authorization determinations under health benefit plans in Alabama. Requires AI-based prior authorization decisions to be grounded in individual enrollee medical history and clinical circumstances, not solely on group datasets. Mandates that any adverse determination (denial, reduction, or deferral) be made by a licensed physician or competent health care professional. Requires insurers to disclose AI use in utilization review to plan sponsors or enrollees, certify annually to the Department of Insurance that AI tools are periodically reviewed for accuracy and non-discrimination, and restrict patient data use consistent with HIPAA. Enforcement is through the Department of Insurance, which may impose corrective plans and disciplinary measures for violations.

Enforcement & Penalties
Enforcement Authority
The Department of Insurance of the State of Alabama has enforcement authority. Enforcement is agency-initiated: when the department has reasonable grounds to believe an insurer has violated subsection (b), it may notify the insurer, which must respond within 30 days. If the response is unsatisfactory, the department may hold a hearing under Article 1, Chapter 2 of Title 27. Upon finding a violation, the department may impose a corrective plan or, for repeat violations, disciplinary measures under Section 27-3A-6(d). The department is also directed to adopt rules to enforce the section. No private right of action is created.
Penalties
No monetary damages are specified in the bill itself. For first violations, the department may impose a corrective plan on the insurer. For repeat violations, the department may impose disciplinary measures as provided in Section 27-3A-6(d), Code of Alabama 1975, which may include fines or other sanctions under existing insurance law. No private right of action or statutory damages are available to enrollees.
Who Is Covered
INSURER. The term includes all of the following: a. Any entity that issues, delivers, or renews a health benefit plan, including a person as defined in Section 27-1-2, a health maintenance organization established under Chapter 21A of Title 27, Code of Alabama 1975, a nonprofit health care services plan established under Article 6, Chapter 20 of Title 10A, Code of Alabama 1975, or a nonprofit agricultural organization that offers health care benefits pursuant to Chapter 33 of Title 2, Code of Alabama 1975. b. Any department or office internal to an entity described in paragraph a. which performs utilization review. c. Any separate entity that performs utilization review as a contractor or agent of an entity described in paragraph a.
Compliance Obligations 8 obligations · click obligation ID to open requirement page
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Section 1(b)(1)
Plain Language
Insurers using AI for prior authorization decisions must base those decisions on the individual enrollee's medical history, the unique clinical circumstances presented by the requesting provider, and any additional clinical information in the enrollee's medical record. This effectively prohibits insurers from using AI to make prior authorization determinations based solely on aggregate or population-level data without individualized clinical review.
Statutory Text
(b)(1) An insurer that uses artificial intelligence to make determinations on requests for prior authorization under health benefit plans shall base determinations on all of the following: a. The enrollee's medical history. b. Any clinical circumstances unique to the enrollee which are presented by the requesting health care provider. c. Additional clinical information about the enrollee which may be present in the enrollee's medical record.
R-02 Regulatory Disclosure & Submissions · R-02.4 · Deployer · Healthcare
Section 1(b)(2)
Plain Language
Insurers must annually certify to the Alabama Department of Insurance that their AI systems used in prior authorization comply with three requirements: (1) determinations are not based solely on group-level datasets; (2) the AI is configured fairly so that enrollees with similar clinical profiles receive consistent outcomes; and (3) the AI does not discriminate directly or indirectly in violation of state or federal law, including HHS guidance. This is a proactive annual certification obligation — insurers must affirmatively represent compliance, not merely respond to regulator inquiries.
Statutory Text
(2) An insurer shall certify annually to the department that the artificial intelligence used to make determinations on requests for prior authorization complies with all of the following: a. Does not rely solely on a group dataset to make determinations. b. Is configured and applied in a fair manner for each subscriber group and enrollee such that resulting determinations are consistent for enrollees who present with similar clinical considerations. c. Does not discriminate directly or indirectly against any subscriber group or enrollee in violation of state or federal law, including any regulation or guidance issued by the federal Department of Health and Human Services.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Section 1(b)(3)
Plain Language
Every adverse prior authorization determination — whether a denial, reduction, or deferral — must be made by a licensed physician or other competent health care professional, not by the AI system alone. The human reviewer must be competent to evaluate the AI's recommendation in light of the enrollee's individual clinical circumstances and the treating provider's recommendation. AI may inform the decision, but the final adverse determination must rest with a qualified human. This is an unconditional human-in-the-loop requirement for all adverse outcomes — there is no exception for low-risk or routine denials.
Statutory Text
(3) In addition to the requirements listed in subdivisions (1) and (2), a determination to deny, reduce, or defer a request for prior authorization shall always be made by a licensed physician or other health care professional who is competent to evaluate any recommendation or conclusion of artificial intelligence in the light of the specific clinical issues involved in the health care service requested which are unique to the enrollee's circumstances or as recommended by the treating health care provider.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
Section 1(c)(1)
Plain Language
Insurers must provide prominent written disclosure when AI is used as a tool in utilization review. For group plans, the disclosure goes to the plan sponsor (typically the employer). For individual plans, the disclosure goes directly to the enrollee. This is a general disclosure obligation about the insurer's use of AI in utilization review, not a per-claim disclosure requirement — the statute says 'if artificial intelligence is used' rather than requiring disclosure on each individual determination.
Statutory Text
(c) An insurer shall do all of the following: (1) Make prominent written disclosure if artificial intelligence is used as a tool to contribute information in utilization review to: a. The sponsor in the case of a group plan; or b. The enrollee in the case of an individual plan.
S-01 AI System Safety Program · S-01.7 · Deployer · Healthcare
Section 1(c)(2)
Plain Language
Insurers must annually certify to the Department of Insurance that (1) the AI system and its outputs are periodically reviewed to maximize accuracy and reliability, and (2) AI use in utilization review complies with the individualized data, fairness, and non-discrimination requirements of subsection (b). The first element is a substantive periodic performance review obligation — the insurer must actually conduct ongoing reviews, not merely certify at year-end. The second element is a compliance certification overlapping with the subsection (b)(2) annual certification but framed in the context of ongoing utilization review operations.
Statutory Text
(2) Certify annually to the department that: (i) use of artificial intelligence and the outcomes that it generates are reviewed on a periodic basis to maximize accuracy and reliability; and (ii) use of artificial intelligence in utilization review complies with the requirements of subsection (b).
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Section 1(c)(3)
Plain Language
Insurers must ensure that patient data processed by AI in utilization review functions is not repurposed beyond its intended and stated use, consistent with HIPAA. This is a data use limitation specific to AI-processed patient data in the utilization review context — it prevents insurers from, for example, using patient clinical data gathered for prior authorization AI to train models for marketing, underwriting, or other secondary purposes not disclosed to the patient.
Statutory Text
(3) Ensure that patient data used in utilization review functions by artificial intelligence is not used beyond its intended and stated purpose consistent with the federal Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. § 1320d et seq.
Other · Healthcare
Section 1(d)(1)-(3)
Plain Language
This provision establishes the Department of Insurance's enforcement process: the department may notify an insurer of an alleged violation, the insurer must respond within 30 days, and if the response is unsatisfactory, the department may hold a hearing. Upon finding a violation, the department may impose a corrective plan or, for repeat violations, disciplinary measures under existing insurance law. This is an enforcement mechanism, not an independent compliance obligation — the substantive requirements being enforced are found in subsection (b).
Statutory Text
(d)(1) When the department has reasonable grounds to believe that an insurer has or is engaged in conduct that violates subsection (b), including making determinations of prior authorization adverse to an enrollee without taking into consideration the enrollee's medical history and relevant clinical circumstances, the department may notify the insurer of the alleged violation and the insurer shall respond to the notice within 30 days. (2) If the department finds the response required in subdivision (1) to be unsatisfactory, the department may hold a hearing as provided in Article 1, Chapter 2 of Title 27, Code of Alabama 1975. (3) If, upon hearing the case, the department determines that the insurer has or is engaged in conduct that violates subsection (b), including making determinations of prior authorization adverse to an enrollee without taking into consideration the enrollee's medical history and relevant clinical circumstances, the department may do any of the following: a. Impose a plan upon the insurer to correct procedures, policies, and guidelines to bring the insurer's utilization review into compliance with this section. b. For repeat violations, impose upon the insurer the disciplinary measures provided in Section 27-3A-6(d), Code of Alabama 1975.
Other · Healthcare
Section 1(e)
Plain Language
The Department of Insurance is directed to adopt rules to implement and enforce the act. This is a delegation of rulemaking authority to the regulator and does not impose a direct compliance obligation on insurers. Future rules adopted under this authority may create additional compliance requirements not yet specified in the statute.
Statutory Text
(e) The department shall adopt rules to enforce this section.