Laws & Statutes NY NY-A-08556
A-08556
NY · State · USA
NY
USA
● Pending
Proposed Effective Date
2025-08-18
New York Assembly Bill 8556 — An Act to amend the public health law and the insurance law, in relation to the use of an artificial intelligence, algorithm, or other software tool for the purpose of utilization review
NY A 8556 prescribes requirements for the use of AI, algorithms, or other software tools in utilization review by utilization review agents (under the Public Health Law) and disability insurers including specialized health insurers (under the Insurance Law). The bill requires that AI tools used in coverage determinations base their outputs on individualized enrollee clinical data rather than solely on group datasets, prohibits AI from denying, delaying, or modifying healthcare services based on medical necessity, and requires that all medical necessity determinations be made by licensed physicians or competent healthcare professionals. The bill also mandates periodic review and revision of AI tools for accuracy, limits patient data use to stated purposes consistent with HIPAA, requires disclosures about AI use in written policies and procedures, and ensures AI tools are open to regulatory inspection. The bill applies in parallel to the Public Health Law and Insurance Law with substantially identical obligations.
Passage Likelihood
Low
Chamber No passage
Committee No action
Majority party Yes
Bipartisan No
Prior session None
Legislative History
2025-05-20 committee referral referred to insurance
2026-01-07 committee referral referred to insurance
Mapped Requirements
HC-01 Healthcare AI Decision Restrictions H-02 Non-Discrimination & Bias Assessment
Official Sources
Full Text
Entry Last Reviewed
2026-04-01
AI generated
Summary

NY A 8556 prescribes requirements for the use of AI, algorithms, or other software tools in utilization review by utilization review agents (under the Public Health Law) and disability insurers including specialized health insurers (under the Insurance Law). The bill requires that AI tools used in coverage determinations base their outputs on individualized enrollee clinical data rather than solely on group datasets, prohibits AI from denying, delaying, or modifying healthcare services based on medical necessity, and requires that all medical necessity determinations be made by licensed physicians or competent healthcare professionals. The bill also mandates periodic review and revision of AI tools for accuracy, limits patient data use to stated purposes consistent with HIPAA, requires disclosures about AI use in written policies and procedures, and ensures AI tools are open to regulatory inspection. The bill applies in parallel to the Public Health Law and Insurance Law with substantially identical obligations.

Enforcement & Penalties
Enforcement Authority
The New York Department of Health enforces the Public Health Law provisions (§ 4905-a of the Public Health Law) and the New York Department of Financial Services enforces the Insurance Law provisions (§ 4905-a of the Insurance Law). Both departments have authority to conduct audits and compliance reviews of AI tools used in utilization review. Enforcement is agency-initiated. No private right of action is created by this bill. The AI tools must be open to inspection for audit or compliance reviews by the respective departments.
Penalties
The bill does not specify penalty amounts, civil fines, or damage remedies. Enforcement and penalties would be governed by existing enforcement authorities under the Public Health Law and Insurance Law, which include administrative actions, corrective orders, and potential license revocation for non-compliance.
Who Is Covered
Compliance Obligations 18 obligations · click obligation ID to open requirement page
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(a)-(b)
Plain Language
Utilization review agents using AI tools in coverage determinations must ensure those tools base their outputs on individualized enrollee clinical data — including the enrollee's medical history, clinical circumstances presented by the requesting provider, and other relevant clinical information in the enrollee's record. The AI tool may not base its determination solely on a group dataset. This requires AI systems to incorporate individualized patient information rather than relying exclusively on aggregate population-level data.
Statutory Text
(a) The artificial intelligence, algorithm, or other software tool bases its determination on the following information, as applicable: (i) an enrollee's medical or other clinical history; (ii) individual clinical circumstances as presented by the requesting provider; and (iii) other relevant clinical information contained in the enrollee's medical or other clinical record. (b) The artificial intelligence, algorithm, or other software tool does not base its determination solely on a group dataset.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Pub. Health Law § 4905-a(2)
Plain Language
AI tools are categorically prohibited from denying, delaying, or modifying healthcare services based on medical necessity — even partially. All medical necessity determinations must be made by a licensed physician or licensed healthcare professional who is competent in the specific clinical area at issue. The reviewing professional must consider the treating provider's recommendation, the enrollee's medical history, and individual clinical circumstances. This is an absolute prohibition on AI making adverse coverage decisions, not merely a requirement for human oversight — the AI may not make the determination at all.
Statutory Text
Notwithstanding subdivision one of this section, the artificial intelligence, algorithm, or other software tool shall not deny, delay, or modify health care services based, in whole or in part, on medical necessity. A determination of medical necessity shall be made only by a licensed physician or a licensed health care professional competent to evaluate the specific clinical issues involved in the health care services requested by the provider, as provided in this title, by reviewing and considering the requesting provider's recommendation, the enrollee's medical or other clinical history, as applicable, and individual clinical circumstances.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(i)
Plain Language
Utilization review agents must periodically review and revise the AI tools they use in utilization review to maximize accuracy and reliability. This is an ongoing operational obligation — not a one-time pre-deployment check. The statute does not specify the review interval, but the obligation is continuous and covers the tool's performance, use patterns, and outcomes.
Statutory Text
The artificial intelligence, algorithm, or other software tool's performance, use, and outcomes are periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(j)
Plain Language
Patient data used by AI tools in utilization review must not be used beyond its intended and stated purpose. This obligation is explicitly tied to HIPAA compliance and limits secondary use of patient data collected or processed in connection with AI-driven utilization review. Utilization review agents must ensure that data provided for coverage determination purposes is not repurposed for other functions such as marketing, product development, or unrelated analytics.
Statutory Text
Patient data is not used beyond its intended and stated purpose, consistent with this section and the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(g)-(h)
Plain Language
Utilization review agents must ensure their AI tools are available for regulatory inspection, audit, and compliance review by the Department of Health. Additionally, disclosures about the use and oversight of AI tools must be included in the written utilization review policies and procedures required under existing law (PHL § 4902). This creates both a regulatory transparency obligation (making AI tools open for audit) and a documentation obligation (including AI disclosures in existing UR policy filings).
Statutory Text
(g) The artificial intelligence, algorithm, or other software tool is open to inspection for audit or compliance reviews by the department. (h) Disclosures pertaining to the use and oversight of the artificial intelligence, algorithm, or other software tool are contained in the written policies and procedures, as required by section forty-nine hundred two of this title.
H-02 Non-Discrimination & Bias Assessment · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(e)-(f)
Plain Language
Utilization review agents must ensure their AI tools do not discriminate — directly or indirectly — against enrollees in violation of state or federal anti-discrimination law. The tools must also be applied fairly and equitably, in accordance with applicable HHS regulations and guidance. This is both a non-discrimination obligation (no disparate treatment or disparate impact in violation of law) and an equity obligation (fair and equitable application consistent with federal guidance). The statute does not prescribe specific testing methodologies, but the obligation to ensure non-discrimination implies a need for monitoring and assessment.
Statutory Text
(e) The use of the artificial intelligence, algorithm, or other software tool does not discriminate, directly or indirectly, against enrollees in violation of state or federal law. (f) The artificial intelligence, algorithm, or other software tool is fairly and equitably applied, including in accordance with any applicable regulations and guidance issued by the federal department of health and human services.
HC-01 Healthcare AI Decision Restrictions · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(d)
Plain Language
AI tools used in utilization review must not replace healthcare provider decision-making. This is broader than the medical necessity prohibition in subdivision 2 — it applies to the entire utilization review process, not just medical necessity determinations. The tool may inform or assist provider decisions but may not displace them. This operates as a general principle that AI remains an adjunct to, not a substitute for, clinical judgment.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not supplant health care provider decision-making.
Other · Healthcare
Pub. Health Law § 4905-a(1)(k)
Plain Language
Utilization review agents must ensure that their AI tools do not directly or indirectly cause harm to the enrollee. This is a broad, freestanding 'do no harm' obligation that goes beyond non-discrimination or accuracy requirements. It could encompass clinical harm from incorrect outputs, financial harm from coverage delays, and psychological harm from the utilization review process. The statute does not define 'harm,' making the scope of this obligation uncertain and potentially very broad.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not directly or indirectly cause harm to the enrollee.
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Ins. Law § 4905-a(1)(a)-(b)
Plain Language
Disability insurers (including specialized health insurers) using AI tools in utilization review or utilization management must ensure those tools base their outputs on individualized insured clinical data — including the insured's medical history, clinical circumstances presented by the requesting provider, and other relevant clinical information in the insured's record. The AI tool may not base its determination solely on a group dataset. This mirrors the Public Health Law obligation but applies to the insurance-regulated entity population.
Statutory Text
(a) The artificial intelligence, algorithm, or other software tool bases its determination on the following information, as applicable: (i) An insured's medical or other clinical history; (ii) Individual clinical circumstances as presented by the requesting provider; and (iii) Other relevant clinical information contained in the insured's medical or other clinical record. (b) The artificial intelligence, algorithm, or other software tool does not base its determination solely on a group dataset.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Ins. Law § 4905-a(2)
Plain Language
AI tools used by disability insurers are categorically prohibited from denying, delaying, or modifying healthcare services based on medical necessity — even partially. All medical necessity determinations must be made by a licensed physician or licensed healthcare professional competent in the relevant clinical area, who reviews the treating provider's recommendation, the insured's medical history, and individual clinical circumstances. This mirrors the Public Health Law obligation but applies to insurers regulated under the Insurance Law.
Statutory Text
Notwithstanding subsection one of this section, the artificial intelligence, algorithm, or other software tool shall not deny, delay, or modify health care services based, in whole or in part, on medical necessity. A determination of medical necessity shall be made only by a licensed physician or licensed health care professional competent to evaluate the specific clinical issues involved in the health care services requested by the provider, as provided in this title, by reviewing and considering the requesting provider's recommendation, the insured's medical or other clinical history, as applicable, and individual clinical circumstances.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
Ins. Law § 4905-a(1)(i)
Plain Language
Disability insurers must periodically review and revise AI tools used in utilization review to maximize accuracy and reliability. This is an ongoing operational obligation covering the tool's performance, use patterns, and outcomes. This mirrors the Public Health Law obligation for insurers regulated under the Insurance Law.
Statutory Text
The artificial intelligence, algorithm, or other software tool's performance, use, and outcomes are periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Ins. Law § 4905-a(1)(j)
Plain Language
Disability insurers must ensure that patient data used by AI tools in utilization review or utilization management is not used beyond its intended and stated purpose, consistent with state law and HIPAA. This mirrors the Public Health Law obligation for insurers regulated under the Insurance Law.
Statutory Text
Patient data is not used beyond its intended and stated purpose, consistent with state law and the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Ins. Law § 4905-a(1)(g)-(h)
Plain Language
Disability insurers must ensure their AI tools are available for regulatory inspection, audit, and compliance review by the Department of Financial Services. Disclosures about the use and oversight of AI tools must be included in the written utilization review policies and procedures already required under existing law (Insurance Law § 4902). This mirrors the Public Health Law obligation for insurers regulated under the Insurance Law.
Statutory Text
(g) The artificial intelligence, algorithm, or other software tool is open to inspection for audit or compliance reviews by the department pursuant to applicable state and federal law. (h) Disclosures pertaining to the use and oversight of the artificial intelligence, algorithm, or other software tool are contained in the written policies and procedures, as required by section forty-nine hundred two of this title.
H-02 Non-Discrimination & Bias Assessment · Deployer · Healthcare
Ins. Law § 4905-a(1)(e)-(f)
Plain Language
Disability insurers must ensure their AI tools do not discriminate — directly or indirectly — against insureds in violation of state or federal anti-discrimination law, and that the tools are applied fairly and equitably in accordance with applicable HHS regulations and guidance. This mirrors the Public Health Law obligation for insurers regulated under the Insurance Law.
Statutory Text
(e) The use of the artificial intelligence, algorithm, or other software tool does not discriminate, directly or indirectly, against insureds in violation of state or federal law. (f) The artificial intelligence, algorithm, or other software tool is fairly and equitably applied, including in accordance with any applicable regulations and guidance issued by the federal department of health and human services.
HC-01 Healthcare AI Decision Restrictions · Deployer · Healthcare
Ins. Law § 4905-a(1)(d)
Plain Language
AI tools used by disability insurers in utilization review must not replace healthcare provider decision-making. This mirrors the Public Health Law obligation and operates as a general principle that AI remains an adjunct to, not a substitute for, clinical judgment in the insurance-regulated context.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not supplant health care provider decision-making.
Other · Healthcare
Ins. Law § 4905-a(1)(k)
Plain Language
Disability insurers must ensure that their AI tools do not directly or indirectly cause harm to the insured. This mirrors the Public Health Law obligation and is an equally broad 'do no harm' requirement applicable to the insurance-regulated context.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not directly or indirectly cause harm to the insured.
Other · Healthcare
Pub. Health Law § 4905-a(1)(c)
Plain Language
AI tools used in utilization review must comply with all criteria and guidelines established under the Public Health Law article governing utilization review, as well as all other applicable state and federal law. This is a compliance pass-through provision — it does not create a new AI-specific obligation but confirms that AI tools are not exempt from existing utilization review legal requirements.
Statutory Text
The artificial intelligence, algorithm, or other software tool's criteria and guidelines complies with this article, including, but not limited to any other applicable state and federal law.
Other · Healthcare
Pub. Health Law § 4905-a(5)-(7)
Plain Language
These provisions require compliance with applicable federal HHS rules and guidance regarding AI in healthcare (a pass-through to federal standards), authorize the Department of Health to issue implementing guidance exempt from the state APA, authorize the department to enter into contracts for implementation, and condition the section's applicability on obtaining federal approvals and maintaining federal financial participation. Subdivision 5's federal compliance mandate is a pass-through obligation, not a new AI-specific requirement. Subdivisions 6 and 7 are administrative and conditional provisions creating no obligations for regulated entities.
Statutory Text
5. A health care service plan subject to this section shall comply with applicable federal rules and guidance issued by the federal department of health and human services regarding the use of artificial intelligence, algorithm, or other software tools. The department may issue guidance to implement this section within one year of the adoption of federal rules or the issuance of guidance by the federal department of health and human services regarding the use of artificial intelligence, algorithm, or other software tools. Such guidance shall not be subject to the state administrative procedure act. 6. For purposes of implementing this section, the department may enter into exclusive or nonexclusive contracts, or amend existing contracts, on a bid or negotiated basis. Contracts entered into or amended pursuant to this subdivision shall be exempt from articles nine and eleven of the state finance law, and shall not be subject to review or approval of any other state agency or entity. 7. This section applies only to the extent that the department obtains any necessary federal approvals, and federal financial participation is not otherwise jeopardized.