Laws & Statutes NY NY-S-07896
S-07896
NY · State · USA
NY
USA
● Pending
Proposed Effective Date
2025-08-11
New York Senate Bill 7896 — An Act to amend the public health law and the insurance law, in relation to the use of an artificial intelligence, algorithm, or other software tool for the purpose of utilization review
NY S 7896 regulates the use of AI, algorithms, or other software tools in utilization review and utilization management functions by utilization review agents (under the Public Health Law) and disability insurers including specialized health insurers (under the Insurance Law). The bill requires that such tools base determinations on individualized enrollee clinical data rather than solely on group datasets, prohibits AI tools from making medical necessity determinations (reserving those to licensed physicians or competent health care professionals), requires periodic review of tool performance, mandates that AI tools be open to regulatory inspection, and restricts patient data use to stated purposes consistent with HIPAA. Enforcement rests with the Department of Health and the applicable insurance regulatory department through existing audit and compliance review authority. No private right of action is created.
Passage Likelihood
Low
Chamber No passage
Committee No action
Majority party Yes
Bipartisan No
Prior session None
Legislative History
2025-05-13 committee referral REFERRED TO HEALTH
2026-01-07 committee referral REFERRED TO HEALTH
Mapped Requirements
HC-01 Healthcare AI Decision Restrictions H-02 Non-Discrimination & Bias Assessment
Official Sources
Full Text
Entry Last Reviewed
2026-04-01
AI generated
Summary

NY S 7896 regulates the use of AI, algorithms, or other software tools in utilization review and utilization management functions by utilization review agents (under the Public Health Law) and disability insurers including specialized health insurers (under the Insurance Law). The bill requires that such tools base determinations on individualized enrollee clinical data rather than solely on group datasets, prohibits AI tools from making medical necessity determinations (reserving those to licensed physicians or competent health care professionals), requires periodic review of tool performance, mandates that AI tools be open to regulatory inspection, and restricts patient data use to stated purposes consistent with HIPAA. Enforcement rests with the Department of Health and the applicable insurance regulatory department through existing audit and compliance review authority. No private right of action is created.

Enforcement & Penalties
Enforcement Authority
The New York Department of Health enforces provisions applicable to utilization review agents under the Public Health Law (§ 4905-a PHL). The New York Department of Financial Services (or applicable insurance regulatory department) enforces provisions applicable to disability insurers under the Insurance Law (§ 4905-a Ins. Law). Both departments are granted inspection and audit authority over AI tools used in utilization review. The bill does not create a private right of action. Enforcement is agency-initiated through existing regulatory compliance and audit mechanisms.
Penalties
The bill does not specify monetary penalties, civil penalties, statutory damages, or any private remedy. Remedies would flow from existing enforcement authorities of the Department of Health and the Department of Financial Services under their respective regulatory frameworks for utilization review agents and disability insurers.
Who Is Covered
Compliance Obligations 14 obligations · click obligation ID to open requirement page
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(a)-(b)
Plain Language
Utilization review agents using AI tools for utilization review based on medical necessity must ensure that the AI tool bases its determinations on the individual enrollee's medical history, clinical circumstances presented by the requesting provider, and other relevant clinical information from the enrollee's record. The tool may not base its determination solely on aggregate or group-level datasets. This requires individualized clinical data inputs, not population-level statistical models alone.
Statutory Text
(a) The artificial intelligence, algorithm, or other software tool bases its determination on the following information, as applicable: (i) an enrollee's medical or other clinical history; (ii) individual clinical circumstances as presented by the requesting provider; and (iii) other relevant clinical information contained in the enrollee's medical or other clinical record. (b) The artificial intelligence, algorithm, or other software tool does not base its determination solely on a group dataset.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Pub. Health Law § 4905-a(2)
Plain Language
AI tools may not deny, delay, or modify health care services based on medical necessity — that determination must be made exclusively by a licensed physician or a licensed health care professional competent in the relevant clinical specialty. The human clinician must review and consider the requesting provider's recommendation, the enrollee's medical history, and individual clinical circumstances. This is an absolute prohibition on AI-driven adverse determinations; the AI tool cannot serve as even a partial basis for a medical necessity denial.
Statutory Text
Notwithstanding subdivision one of this section, the artificial intelligence, algorithm, or other software tool shall not deny, delay, or modify health care services based, in whole or in part, on medical necessity. A determination of medical necessity shall be made only by a licensed physician or a licensed health care professional competent to evaluate the specific clinical issues involved in the health care services requested by the provider, as provided in this title, by reviewing and considering the requesting provider's recommendation, the enrollee's medical or other clinical history, as applicable, and individual clinical circumstances.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(i)
Plain Language
Utilization review agents must periodically review and revise the AI tool's performance, use, and outcomes to maximize accuracy and reliability. This is a continuing operational obligation — not a one-time pre-deployment check — requiring ongoing monitoring and refinement of the tool over time.
Statutory Text
(i) The artificial intelligence, algorithm, or other software tool's performance, use, and outcomes are periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(j)
Plain Language
Patient data used by the AI tool in utilization review must not be repurposed beyond the intended and stated purpose. This requirement operates in parallel with HIPAA and reinforces data minimization for AI-specific contexts. Utilization review agents must ensure their AI vendors and contracted entities also comply with this limitation.
Statutory Text
(j) Patient data is not used beyond its intended and stated purpose, consistent with this section and the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(g)-(h)
Plain Language
The AI tool must be open to inspection by the Department of Health for audit or compliance review purposes. In addition, the utilization review agent must include disclosures about the use and oversight of the AI tool in the written policies and procedures already required under Public Health Law § 4902. This effectively requires documenting AI use within existing utilization review policy filings and making the AI system itself accessible for regulatory examination.
Statutory Text
(g) The artificial intelligence, algorithm, or other software tool is open to inspection for audit or compliance reviews by the department. (h) Disclosures pertaining to the use and oversight of the artificial intelligence, algorithm, or other software tool are contained in the written policies and procedures, as required by section forty-nine hundred two of this title.
H-02 Non-Discrimination & Bias Assessment · H-02.1 · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(e)-(f)
Plain Language
Utilization review agents must ensure that the AI tool does not discriminate directly or indirectly against enrollees in violation of state or federal law, and that it is applied fairly and equitably in accordance with applicable HHS regulations and guidance. This imposes both a non-discrimination obligation and an affirmative fairness requirement. The reference to indirect discrimination captures disparate impact, not just intentional discrimination.
Statutory Text
(e) The use of the artificial intelligence, algorithm, or other software tool does not discriminate, directly or indirectly, against enrollees in violation of state or federal law. (f) The artificial intelligence, algorithm, or other software tool is fairly and equitably applied, including in accordance with any applicable regulations and guidance issued by the federal department of health and human services.
Other · Deployer · Healthcare
Pub. Health Law § 4905-a(1)(c)-(d), (k)
Plain Language
Three general safeguard requirements: (1) the AI tool's criteria and guidelines must comply with the Public Health Law utilization review article and all other applicable state and federal law; (2) the AI tool must not supplant health care provider decision-making; and (3) the AI tool must not directly or indirectly cause harm to the enrollee. The 'do not supplant' provision reinforces the medical necessity prohibition in subdivision 2 but applies more broadly to all health care provider decision-making. The 'do no harm' provision is an unusually broad standard that could expose utilization review agents to liability for any adverse patient outcome traceable to the AI tool.
Statutory Text
(c) The artificial intelligence, algorithm, or other software tool's criteria and guidelines complies with this article, including, but not limited to any other applicable state and federal law. (d) The artificial intelligence, algorithm, or other software tool does not supplant health care provider decision-making. (k) The artificial intelligence, algorithm, or other software tool does not directly or indirectly cause harm to the enrollee.
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
Ins. Law § 4905-a(1)(a)-(b)
Plain Language
Disability insurers (including specialized health insurers) using AI tools for utilization review must ensure the tool bases determinations on the individual insured's medical history, clinical circumstances presented by the requesting provider, and other relevant clinical information from the insured's record. The tool may not base its determination solely on aggregate or group-level datasets. This mirrors the Public Health Law requirement but applies to entities regulated under the Insurance Law.
Statutory Text
(a) The artificial intelligence, algorithm, or other software tool bases its determination on the following information, as applicable: (i) An insured's medical or other clinical history; (ii) Individual clinical circumstances as presented by the requesting provider; and (iii) Other relevant clinical information contained in the insured's medical or other clinical record. (b) The artificial intelligence, algorithm, or other software tool does not base its determination solely on a group dataset.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2 · Deployer · Healthcare
Ins. Law § 4905-a(2)
Plain Language
Under the Insurance Law, AI tools used by disability insurers may not deny, delay, or modify health care services based on medical necessity. Only a licensed physician or competent licensed health care professional may make medical necessity determinations, considering the requesting provider's recommendation, the insured's medical history, and individual clinical circumstances. This is an absolute prohibition — the AI cannot serve as even a partial basis for a medical necessity denial, delay, or modification.
Statutory Text
Notwithstanding subsection one of this section, the artificial intelligence, algorithm, or other software tool shall not deny, delay, or modify health care services based, in whole or in part, on medical necessity. A determination of medical necessity shall be made only by a licensed physician or licensed health care professional competent to evaluate the specific clinical issues involved in the health care services requested by the provider, as provided in this title, by reviewing and considering the requesting provider's recommendation, the insured's medical or other clinical history, as applicable, and individual clinical circumstances.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
Ins. Law § 4905-a(1)(i)
Plain Language
Disability insurers must periodically review and revise the AI tool's performance, use, and outcomes to maximize accuracy and reliability. This mirrors the Public Health Law obligation and imposes a continuing operational review requirement on insurers regulated under the Insurance Law.
Statutory Text
(i) The artificial intelligence, algorithm, or other software tool's performance, use, and outcomes are periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
Ins. Law § 4905-a(1)(j)
Plain Language
Disability insurers must ensure patient data used by the AI tool is not repurposed beyond the intended and stated purpose, consistent with state law and HIPAA. This Insurance Law provision mirrors the Public Health Law data purpose limitation and reinforces data minimization principles in the insurer context.
Statutory Text
(j) Patient data is not used beyond its intended and stated purpose, consistent with state law and the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Ins. Law § 4905-a(1)(g)-(h)
Plain Language
The AI tool used by disability insurers must be open to inspection by the Department of Financial Services for audit or compliance review purposes, subject to applicable state and federal law. Insurers must also include disclosures about AI use and oversight in the written utilization review policies and procedures required under Insurance Law § 4902. This mirrors the Public Health Law inspection and disclosure provisions for the insurer context.
Statutory Text
(g) The artificial intelligence, algorithm, or other software tool is open to inspection for audit or compliance reviews by the department pursuant to applicable state and federal law. (h) Disclosures pertaining to the use and oversight of the artificial intelligence, algorithm, or other software tool are contained in the written policies and procedures, as required by section forty-nine hundred two of this title.
H-02 Non-Discrimination & Bias Assessment · H-02.1 · Deployer · Healthcare
Ins. Law § 4905-a(1)(e)-(f)
Plain Language
Disability insurers must ensure that the AI tool does not discriminate directly or indirectly against insureds in violation of state or federal law, and that it is applied fairly and equitably in accordance with applicable HHS regulations and guidance. This Insurance Law parallel mirrors the Public Health Law non-discrimination and fairness requirements.
Statutory Text
(e) The use of the artificial intelligence, algorithm, or other software tool does not discriminate, directly or indirectly, against insureds in violation of state or federal law. (f) The artificial intelligence, algorithm, or other software tool is fairly and equitably applied, including in accordance with any applicable regulations and guidance issued by the federal department of health and human services.
Other · Deployer · Healthcare
Ins. Law § 4905-a(1)(c)-(d), (k)
Plain Language
Three general safeguard requirements for disability insurers mirroring the Public Health Law provisions: (1) the AI tool must comply with the Insurance Law and all applicable state and federal law; (2) the AI tool must not supplant health care provider decision-making; and (3) the AI tool must not directly or indirectly cause harm to the insured. These are broad compliance standards applicable to the insurer regulatory context.
Statutory Text
(c) The artificial intelligence, algorithm, or other software tool's criteria and guidelines complies with this chapter and applicable state and federal law. (d) The artificial intelligence, algorithm, or other software tool does not supplant health care provider decision-making. (k) The artificial intelligence, algorithm, or other software tool does not directly or indirectly cause harm to the insured.