Laws & Statutes OH OH-SB-164
SB-164
OH · State · USA
OH
USA
● Pending
Proposed Effective Date
2025-01-01
Ohio S.B. No. 164 — To amend section 3902.50 and to enact section 3902.80 of the Revised Code to regulate the use of artificial intelligence by health insurers
Ohio SB 164 regulates the use of artificial intelligence by health plan issuers in utilization review and medical necessity determinations. It prohibits health plan issuers from making care decisions — including denials, delays, or modifications based on medical necessity — solely on AI-derived results. Medical necessity determinations must be made by a licensed physician or qualified provider who considers the treating provider's recommendation and the patient's individual clinical history. The bill requires annual reporting to the Superintendent of Insurance on AI algorithm use in utilization review, including algorithm criteria, training data, outcomes, and human reviewer time data. Reports must be published on both the department's and the issuer's websites. The Superintendent may audit AI algorithm use at any time.
Passage Likelihood
Low
Chamber No passage
Committee No action
Majority party Yes
Bipartisan No
Prior session None
Legislative History
2025-04-01 introduced Introduced
2025-04-02 committee referral Referred to committee: Financial Institutions, Insurance and Technology
Mapped Requirements
R-02 Regulatory Disclosure & Submissions HC-01 Healthcare AI Decision Restrictions
Official Sources
Full Text
Entry Last Reviewed
2026-04-01
AI generated
Summary

Ohio SB 164 regulates the use of artificial intelligence by health plan issuers in utilization review and medical necessity determinations. It prohibits health plan issuers from making care decisions — including denials, delays, or modifications based on medical necessity — solely on AI-derived results. Medical necessity determinations must be made by a licensed physician or qualified provider who considers the treating provider's recommendation and the patient's individual clinical history. The bill requires annual reporting to the Superintendent of Insurance on AI algorithm use in utilization review, including algorithm criteria, training data, outcomes, and human reviewer time data. Reports must be published on both the department's and the issuer's websites. The Superintendent may audit AI algorithm use at any time.

Enforcement & Penalties
Enforcement Authority
Superintendent of Insurance has oversight and audit authority. The superintendent may audit a health plan issuer's use of an artificial intelligence-based algorithm at any time and may contract with a third party for conducting such an audit. No private right of action is created by the statute. Enforcement is agency-initiated through the Ohio Department of Insurance.
Penalties
The bill does not specify monetary penalties, civil damages, or other specific remedies. Enforcement is through the Superintendent of Insurance's existing regulatory authority, including audit powers. Remedies would be governed by the superintendent's existing enforcement powers under Ohio insurance law.
Who Is Covered
Compliance Obligations 5 obligations · click obligation ID to open requirement page
R-02 Regulatory Disclosure & Submissions · R-02.1 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(B)(1)-(2)
Plain Language
Health plan issuers must file an annual report with the Superintendent of Insurance by March 1 each year. The report must cover the issuer's provider network, enrolled covered persons, and — critically — whether the issuer uses AI-based algorithms in utilization review. If AI is used, the issuer must disclose the algorithm criteria, training datasets, the algorithm itself, software outcomes, and data on how much time human reviewers spend examining adverse determinations before signing off. An officer must verify the report's contents. This is a proactive, scheduled regulatory submission — issuers cannot wait to be asked.
Statutory Text
(B)(1) Each health plan issuer, annually, on or before the first day of March, shall file a report with the superintendent of insurance covering all of the following information: (a) Each provider in the health plan issuer's network; (b) The number of covered persons enrolled in health benefit plans issued by the health plan issuer in this state in the preceding calendar year; (c) Whether the health plan issuer used, is using, or will use artificial intelligence-based algorithms in utilization review processes for those health benefit plans and, if so, all of the following information: (i) The algorithm criteria; (ii) Data sets used to train the algorithm; (iii) The algorithm itself; (iv) Outcomes of the software in which the algorithm is used; (v) Data on the amount of time a human reviewer spends examining an adverse determination prior to signing off on each such determination. (2) The health plan issuer shall submit the report in a form prescribed by the superintendent. An officer of the health plan issuer shall verify the contents of the report.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(B)(3)
Plain Language
The annual AI utilization review report filed with the Superintendent must also be published on the Department of Insurance's website by the superintendent and on the health plan issuer's own publicly accessible website. This dual-publication requirement ensures both regulatory and public transparency into how health insurers use AI in utilization review. For the issuer, this is an affirmative obligation to post the same report it files with the regulator.
Statutory Text
(3) The superintendent shall publish a copy of the report on the web site of the department of insurance. The health plan issuer shall publish a copy of the report on the health plan issuer's publicly accessible web site.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2HC-01.3 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(C)(1)-(3)
Plain Language
Health plan issuers are prohibited from making care decisions — including denials, delays, or modifications of services on medical necessity grounds — based solely on AI results. Every medical necessity determination must be made by a licensed physician or qualified provider who considers the treating provider's recommendation, the covered person's medical history, and individual clinical circumstances. Physicians participating in utilization review must affirmatively open and review individual clinical records before making a documented decision. This ensures AI is a support tool, not the decision-maker, and that every adverse determination reflects individualized human clinical judgment based on the patient's own records.
Statutory Text
(C)(1) No health plan issuer shall make a decision regarding the care of a covered person, including the decision to deny, delay, or modify health care services based on medical necessity, based solely on results derived from the use or application of artificial intelligence. (2) A determination of medical necessity under a health benefit plan must meet both of the following requirements: (a) The determination is made by a licensed physician or a provider that is qualified to evaluate the specific clinical issues involved in the requested health care services. (b) The determination takes into consideration the requesting provider's recommendation, the covered person's medical or other clinical history, and individual clinical circumstances. (3) Any physician who participates in a determination of medical necessity or a utilization review process on behalf of a health plan issuer shall open and document the review of the individual clinical records or data prior to making an individualized documented decision.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(C)(4)
Plain Language
When a health plan issuer uses an AI-based algorithm in a decision to deny, delay, or modify covered health care services, the issuer must provide a plain language explanation of the rationale behind the decision. This applies to every such adverse determination — not just on request. The explanation must accompany the decision itself, ensuring patients and providers understand the reasoning at the time they receive the adverse action.
Statutory Text
(4) Any decision to deny, delay, or modify health care services covered under a health benefit plan in which an artificial intelligence-based algorithm is used shall be accompanied by a plain language explanation of the rationale used in making the decision.
R-02 Regulatory Disclosure & Submissions · R-02.2 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(D)
Plain Language
The Superintendent of Insurance may audit a health plan issuer's AI algorithm use at any time, including by engaging a third-party auditor. This creates an obligation for health plan issuers to maintain their AI systems, documentation, and records in a form that can be produced for audit at any time — not merely upon annual reporting. Issuers should treat this as a continuing readiness obligation to cooperate with regulatory examinations of their AI utilization review tools.
Statutory Text
(D) The superintendent may audit a health plan issuer's use of an artificial intelligence-based algorithm at any time and may contract with a third party for the purposes of conducting such an audit.