Laws & Statutes NY NY-A-03991
A-03991
NY · State · USA
NY
USA
● Pending
Proposed Effective Date
2025-01-30
New York Assembly Bill 3991 — An Act to amend the insurance law, in relation to requirements for the usage of artificial intelligence in utilization review and management
Establishes requirements for health care service plans and specialized health care service plans in New York that use artificial intelligence, algorithms, or other software tools for utilization review or utilization management. Requires that such tools base determinations on individual enrollee medical history and clinical circumstances, prohibits discrimination across a broad set of protected characteristics, mandates periodic review of tool performance, and restricts patient data use. Requires that adverse medical necessity determinations be made by a licensed physician or competent health care provider who considers the enrollee's individual circumstances. Enforcement would be through the existing New York Department of Financial Services regulatory framework; no private right of action is created.
Passage Likelihood
Low
Chamber No passage
Committee No action
Majority party Yes
Bipartisan No
Prior session None
Legislative History
2025-01-30 committee referral referred to insurance
2026-01-07 committee referral referred to insurance
Mapped Requirements
HC-01 Healthcare AI Decision Restrictions H-02 Non-Discrimination & Bias Assessment
Official Sources
Full Text
Entry Last Reviewed
2026-03-28
AI generated
Summary

Establishes requirements for health care service plans and specialized health care service plans in New York that use artificial intelligence, algorithms, or other software tools for utilization review or utilization management. Requires that such tools base determinations on individual enrollee medical history and clinical circumstances, prohibits discrimination across a broad set of protected characteristics, mandates periodic review of tool performance, and restricts patient data use. Requires that adverse medical necessity determinations be made by a licensed physician or competent health care provider who considers the enrollee's individual circumstances. Enforcement would be through the existing New York Department of Financial Services regulatory framework; no private right of action is created.

Enforcement & Penalties
Enforcement Authority
The New York Department of Financial Services (DFS) has general enforcement authority over the insurance law, including sections governing health care service plans and utilization review. No private right of action is created by this bill. Enforcement is agency-initiated through the existing DFS regulatory and examination framework.
Penalties
The bill does not specify penalties, damages, or remedies. Enforcement would fall under the existing penalty and enforcement provisions of the New York Insurance Law as administered by the Department of Financial Services.
Who Is Covered
Compliance Obligations 8 obligations · click obligation ID to open requirement page
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Insurance Law § 3224-e(a)(1)
Plain Language
Health care service plans using AI, algorithms, or other software tools in utilization review must ensure those tools base their determinations on the individual enrollee's medical or dental history, the clinical circumstances presented by the requesting provider, and other relevant clinical information in the enrollee's record. This prohibits determinations based solely on aggregate or group-level data and requires individualized clinical inputs.
Statutory Text
(1) The artificial intelligence, algorithm, or other software tool bases its determination on the following information, as applicable: (i) An enrollee's medical or dental history; (ii) Individual clinical circumstances as presented by the requesting provider; and (iii) Other relevant clinical information contained in the enrollee's medical or dental record.
HC-01 Healthcare AI Decision Restrictions · HC-01.1 · Deployer · Healthcare
Insurance Law § 3224-e(a)(2)
Plain Language
AI, algorithm, or software tools used in utilization review or management must not replace or supplant health care provider decision making. The tool may inform or support decisions, but the final clinical judgment must remain with a human provider. This is a general prohibition against full automation of clinical decisions in the utilization review context.
Statutory Text
(2) The artificial intelligence, algorithm, or other software tool does not supplant health care provider decision making.
HC-01 Healthcare AI Decision Restrictions · HC-01.2 · Deployer · Healthcare
Insurance Law § 3224-e(b)
Plain Language
Any denial, delay, or modification of health care services based on medical necessity must be made by a licensed physician or a health care provider competent to evaluate the specific clinical issues at hand. The reviewing professional must consider the requesting provider's recommendation and the enrollee's individual medical or dental history and clinical circumstances. This effectively requires a qualified clinical peer to make all adverse medical necessity determinations, regardless of what AI tools were used in the process.
Statutory Text
(b) Notwithstanding subsection (a) of this section, a denial, delay, or modification of health care services based on medical necessity shall be made by a licensed physician or other health care provider competent to evaluate the specific clinical issues involved in the health care services requested by the provider by considering the requesting provider's recommendation and based on recommendation, the enrollee's medical or dental history, as applicable, and individual clinical circumstances.
H-02 Non-Discrimination & Bias Assessment · H-02.1 · Deployer · Healthcare
Insurance Law § 3224-e(a)(3)-(4)
Plain Language
Health care service plans must ensure that AI tools used in utilization review do not discriminate — directly or indirectly — against individuals based on a broad set of protected characteristics including race, color, religion, national origin, ancestry, age, sex, gender identity, gender expression, sexual orientation, disability (present or predicted), expected length of life, degree of medical dependency, quality of life, or other health conditions. The tool must also be fairly and equitably applied across all enrollees. The protected class list is notably broader than typical anti-discrimination provisions, including predicted disability, expected length of life, and quality of life.
Statutory Text
(3) The use of the artificial intelligence, algorithm, or other software tool does not adversely discriminate, directly or indirectly, against an individual on the basis of race, color, religion, national origin, ancestry, age, sex, gender, gender identity, gender expression, sexual orientation, present or predicted disability, expected length of life, degree of medical dependency, quality of life, or other health conditions. (4) The artificial intelligence, algorithm, or other software tool is fairly and equitably applied.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Insurance Law § 3224-e(a)(5)-(6)
Plain Language
Health care service plans must ensure that AI tools used in utilization review are open to inspection — meaning regulators or other authorized parties can examine how the tool operates. In addition, the plan's written policies and procedures must contain disclosures about the use and oversight of the AI tool. Together, these provisions require both regulatory transparency (inspection access) and internal documentation (written policies describing use and oversight).
Statutory Text
(5) The artificial intelligence, algorithm, or other software tool is open to inspection. (6) Disclosures pertaining to the use and oversight of the artificial intelligence, algorithm, or other software tool are contained in the written policies and procedures.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
Insurance Law § 3224-e(a)(7)
Plain Language
Health care service plans must periodically review and revise the performance, use, and outcomes of AI tools used in utilization review to maximize their accuracy and reliability. This is an ongoing operational obligation — not a one-time pre-deployment check. The bill does not specify a review frequency, leaving plans to determine an appropriate cadence.
Statutory Text
(7) The artificial intelligence, algorithm, or other software tool's performance, use, and outcomes are periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Insurance Law § 3224-e(a)(8)
Plain Language
Patient data used by AI tools in utilization review must not be repurposed beyond its intended and stated use. This data minimization requirement operates alongside — not in place of — existing HIPAA and applicable New York state health privacy requirements. Plans must ensure AI tools do not use patient data for secondary purposes such as marketing, model training, or other uses outside the utilization review function.
Statutory Text
(8) Patient data is not used beyond its intended and stated purpose, consistent with applicable state laws and the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191).
Other · Healthcare
Insurance Law § 3224-e(a)(9)
Plain Language
Health care service plans must ensure that AI tools used in utilization review do not directly or indirectly cause harm to enrollees. This is a broad catch-all safety obligation. The bill does not define 'harm,' leaving open whether it encompasses only physical harm, financial harm from improperly denied coverage, psychological harm, or all of the above. In practice, this creates a general duty of care standard that regulators could invoke when AI-driven utilization decisions cause any form of enrollee injury.
Statutory Text
(9) The artificial intelligence, algorithm, or other software tool does not directly or indirectly cause harm to the enrollee.