Laws & Statutes NY NY-S-07896
S-07896
NY · State · USA
NY
USA
● Pending
Proposed Effective Date
2025-08-11
New York Senate Bill 7896 — An act to amend the public health law and the insurance law, in relation to the use of an artificial intelligence, algorithm, or other software tool for the purpose of utilization review
Regulates the use of AI, algorithms, and software tools in utilization review and medical necessity determinations by utilization review agents (under Public Health Law) and disability insurers including specialized health insurers (under Insurance Law). Prohibits AI tools from serving as the basis for denying, delaying, or modifying healthcare services based on medical necessity — such determinations must be made by a licensed physician or competent healthcare professional reviewing individualized clinical data. Requires that AI tools base determinations on individual enrollee clinical history rather than solely on group datasets, prohibits discrimination, mandates periodic performance review, restricts patient data use consistent with HIPAA, and requires AI tools to be open to regulatory inspection. Enforced by the Department of Health and the Department of Financial Services through existing regulatory authority.
Passage Likelihood
Low
Chamber No passage
Committee No action
Majority party Yes
Bipartisan No
Prior session None
Legislative History
2025-05-13 committee referral REFERRED TO HEALTH
2026-01-07 committee referral REFERRED TO HEALTH
Mapped Requirements
HC-01 Healthcare AI Decision Restrictions H-02 Non-Discrimination & Bias Assessment
Official Sources
Full Text
Entry Last Reviewed
2026-03-28
AI generated
Summary

Regulates the use of AI, algorithms, and software tools in utilization review and medical necessity determinations by utilization review agents (under Public Health Law) and disability insurers including specialized health insurers (under Insurance Law). Prohibits AI tools from serving as the basis for denying, delaying, or modifying healthcare services based on medical necessity — such determinations must be made by a licensed physician or competent healthcare professional reviewing individualized clinical data. Requires that AI tools base determinations on individual enrollee clinical history rather than solely on group datasets, prohibits discrimination, mandates periodic performance review, restricts patient data use consistent with HIPAA, and requires AI tools to be open to regulatory inspection. Enforced by the Department of Health and the Department of Financial Services through existing regulatory authority.

Enforcement & Penalties
Enforcement Authority
The New York Department of Health enforces provisions under the Public Health Law (§ 4905-a), and the New York Department of Financial Services enforces provisions under the Insurance Law (§ 4905-a). Both departments are granted inspection and audit authority over AI tools used in utilization review. Enforcement is agency-initiated through audit and compliance review. No private right of action is created by the statute.
Penalties
The bill does not specify penalties, damages, or monetary remedies. Enforcement remedies would derive from existing regulatory authority of the Department of Health and Department of Financial Services under the Public Health Law and Insurance Law, respectively.
Who Is Covered
Compliance Obligations 16 obligations · click obligation ID to open requirement page
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(a)-(b)
Plain Language
Utilization review agents using AI tools for medical necessity determinations must ensure those tools base their outputs on the individual enrollee's medical history, the clinical circumstances presented by the requesting provider, and other relevant clinical information from the enrollee's record. The AI tool may not base its determination solely on aggregate or group-level datasets. This requires individualized clinical data inputs for each determination.
Statutory Text
(a) The artificial intelligence, algorithm, or other software tool bases its determination on the following information, as applicable: (i) an enrollee's medical or other clinical history; (ii) individual clinical circumstances as presented by the requesting provider; and (iii) other relevant clinical information contained in the enrollee's medical or other clinical record. (b) The artificial intelligence, algorithm, or other software tool does not base its determination solely on a group dataset.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Pub. Health Law § 4905-a(2)
Plain Language
AI tools are categorically prohibited from denying, delaying, or modifying healthcare services based in whole or in part on medical necessity. Every medical necessity determination must be made by a licensed physician or a licensed healthcare professional who is competent to evaluate the specific clinical issues at hand. That human reviewer must consider the requesting provider's recommendation, the enrollee's medical history, and the enrollee's individual clinical circumstances. This is an absolute prohibition — the AI tool cannot make the final determination regardless of any safeguards applied under subdivision 1.
Statutory Text
Notwithstanding subdivision one of this section, the artificial intelligence, algorithm, or other software tool shall not deny, delay, or modify health care services based, in whole or in part, on medical necessity. A determination of medical necessity shall be made only by a licensed physician or a licensed health care professional competent to evaluate the specific clinical issues involved in the health care services requested by the provider, as provided in this title, by reviewing and considering the requesting provider's recommendation, the enrollee's medical or other clinical history, as applicable, and individual clinical circumstances.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(i)
Plain Language
Utilization review agents must periodically review and revise the performance, use, and outcomes of any AI tool used in utilization review to maximize accuracy and reliability. The statute does not specify a review cadence, but the obligation is ongoing and requires affirmative periodic action — not merely a one-time pre-deployment check.
Statutory Text
The artificial intelligence, algorithm, or other software tool's performance, use, and outcomes are periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(j)
Plain Language
Patient data used by AI tools in utilization review must not be used beyond the intended and stated purpose of the utilization review determination. This obligation is framed as consistent with HIPAA, meaning it reinforces and extends HIPAA purpose-limitation principles to the AI utilization review context specifically.
Statutory Text
Patient data is not used beyond its intended and stated purpose, consistent with this section and the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(g)-(h)
Plain Language
Utilization review agents must ensure their AI tools are open to inspection for audit or compliance reviews by the Department of Health. Additionally, disclosures about the use and oversight of AI tools must be included in the written policies and procedures required under existing Public Health Law § 4902. This creates both a regulatory inspection obligation and a documentation disclosure requirement.
Statutory Text
(g) The artificial intelligence, algorithm, or other software tool is open to inspection for audit or compliance reviews by the department. (h) Disclosures pertaining to the use and oversight of the artificial intelligence, algorithm, or other software tool are contained in the written policies and procedures, as required by section forty-nine hundred two of this title.
H-02 Non-Discrimination & Bias Assessment · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(e)-(f)
Plain Language
Utilization review agents must ensure their AI tools do not discriminate directly or indirectly against enrollees in violation of state or federal law. The tools must also be fairly and equitably applied, including in compliance with any applicable HHS regulations and guidance. While the statute does not prescribe a specific bias testing methodology, the non-discrimination requirement implicitly necessitates monitoring for disparate impact.
Statutory Text
(e) The use of the artificial intelligence, algorithm, or other software tool does not discriminate, directly or indirectly, against enrollees in violation of state or federal law. (f) The artificial intelligence, algorithm, or other software tool is fairly and equitably applied, including in accordance with any applicable regulations and guidance issued by the federal department of health and human services.
Other · Healthcare
Pub. Health Law § 4905-a(1)(d)
Plain Language
Utilization review agents must ensure their AI tools do not supplant healthcare provider decision-making. This is a broader prohibition than the medical necessity restriction in subdivision 2 — it extends beyond denial decisions to any context where the AI tool could displace clinical judgment. The AI may inform or support provider decisions but must not replace them.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not supplant health care provider decision-making.
Other · Healthcare
Pub. Health Law § 4905-a(1)(k)
Plain Language
Utilization review agents must ensure their AI tools do not directly or indirectly cause harm to enrollees. This is a broad, catch-all provision that goes beyond discrimination or specific prohibited outputs — any harm, whether clinical, financial, or otherwise, attributable to the AI tool's operation would constitute a violation.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not directly or indirectly cause harm to the enrollee.
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Ins. Law § 4905-a(1)(a)-(b)
Plain Language
Disability insurers (including specialized health insurers) using AI tools for utilization review or utilization management must ensure those tools base determinations on the individual insured's medical history, the clinical circumstances presented by the requesting provider, and other relevant clinical information from the insured's record. The AI tool may not base its determination solely on aggregate or group-level datasets. This mirrors the parallel obligation on utilization review agents under the Public Health Law.
Statutory Text
(a) The artificial intelligence, algorithm, or other software tool bases its determination on the following information, as applicable: (i) An insured's medical or other clinical history; (ii) Individual clinical circumstances as presented by the requesting provider; and (iii) Other relevant clinical information contained in the insured's medical or other clinical record. (b) The artificial intelligence, algorithm, or other software tool does not base its determination solely on a group dataset.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Ins. Law § 4905-a(2)
Plain Language
AI tools used by disability insurers are categorically prohibited from denying, delaying, or modifying healthcare services based on medical necessity. Every medical necessity determination must be made by a licensed physician or competent licensed healthcare professional who reviews the requesting provider's recommendation, the insured's medical history, and individual clinical circumstances. This mirrors the parallel prohibition applicable to utilization review agents under the Public Health Law.
Statutory Text
Notwithstanding subsection one of this section, the artificial intelligence, algorithm, or other software tool shall not deny, delay, or modify health care services based, in whole or in part, on medical necessity. A determination of medical necessity shall be made only by a licensed physician or licensed health care professional competent to evaluate the specific clinical issues involved in the health care services requested by the provider, as provided in this title, by reviewing and considering the requesting provider's recommendation, the insured's medical or other clinical history, as applicable, and individual clinical circumstances.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
Ins. Law § 4905-a(1)(i)
Plain Language
Disability insurers must periodically review and revise the performance, use, and outcomes of any AI tool used in utilization review or utilization management to maximize accuracy and reliability. This is the Insurance Law parallel to the same obligation on utilization review agents under the Public Health Law.
Statutory Text
The artificial intelligence, algorithm, or other software tool's performance, use, and outcomes are periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Ins. Law § 4905-a(1)(j)
Plain Language
Patient data used by AI tools deployed by disability insurers for utilization review must not be used beyond the intended and stated purpose. This obligation is consistent with HIPAA and state law and mirrors the parallel provision applicable to utilization review agents under the Public Health Law.
Statutory Text
Patient data is not used beyond its intended and stated purpose, consistent with state law and the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Ins. Law § 4905-a(1)(g)-(h)
Plain Language
Disability insurers must ensure their AI tools are open to inspection for audit or compliance reviews by the Department of Financial Services under applicable state and federal law. Disclosures about AI use and oversight must be included in written policies and procedures required under Insurance Law § 4902. This is the Insurance Law parallel to the same obligations on utilization review agents under the Public Health Law.
Statutory Text
(g) The artificial intelligence, algorithm, or other software tool is open to inspection for audit or compliance reviews by the department pursuant to applicable state and federal law. (h) Disclosures pertaining to the use and oversight of the artificial intelligence, algorithm, or other software tool are contained in the written policies and procedures, as required by section forty-nine hundred two of this title.
H-02 Non-Discrimination & Bias Assessment · Deployer · Healthcare
Ins. Law § 4905-a(1)(e)-(f)
Plain Language
Disability insurers must ensure their AI tools do not discriminate directly or indirectly against insureds in violation of state or federal law and are fairly and equitably applied in compliance with applicable HHS regulations and guidance. This mirrors the parallel non-discrimination obligation on utilization review agents under the Public Health Law.
Statutory Text
(e) The use of the artificial intelligence, algorithm, or other software tool does not discriminate, directly or indirectly, against insureds in violation of state or federal law. (f) The artificial intelligence, algorithm, or other software tool is fairly and equitably applied, including in accordance with any applicable regulations and guidance issued by the federal department of health and human services.
Other · Healthcare
Ins. Law § 4905-a(1)(d)
Plain Language
Disability insurers must ensure their AI tools do not supplant healthcare provider decision-making. This extends beyond the specific medical necessity prohibition to any context where the AI tool could displace clinical judgment. The AI may inform or support provider decisions but must not replace them. This is the Insurance Law parallel to the same obligation under the Public Health Law.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not supplant health care provider decision-making.
Other · Healthcare
Ins. Law § 4905-a(1)(k)
Plain Language
Disability insurers must ensure their AI tools do not directly or indirectly cause harm to the insured. This is a broad catch-all provision mirroring the parallel obligation under the Public Health Law, covering any harm attributable to the AI tool's operation.
Statutory Text
The artificial intelligence, algorithm, or other software tool does not directly or indirectly cause harm to the insured.