Laws & Statutes OH OH-SB-164
SB-164
OH · State · USA
OH
USA
● Pending
Proposed Effective Date
2025-01-01
Ohio S.B. No. 164 — To amend section 3902.50 and to enact section 3902.80 of the Revised Code to regulate the use of artificial intelligence by health insurers
Ohio SB 164 regulates the use of artificial intelligence by health plan issuers in utilization review and medical necessity determinations. It prohibits health plan issuers from making care decisions — including denials, delays, or modifications based on medical necessity — solely on AI-derived results, requiring that such determinations be made by a licensed physician or qualified provider who considers the requesting provider's recommendation and the covered person's individual clinical circumstances. The bill imposes annual reporting obligations on health plan issuers to the Superintendent of Insurance regarding their use of AI-based algorithms, including disclosure of algorithm criteria, training data sets, outcomes, and human reviewer time spent on adverse determinations. The superintendent may audit AI algorithm use at any time. The law applies to health benefit plans issued, amended, or renewed on or after its effective date.
Passage Likelihood
Low
Chamber No passage
Committee No action
Majority party Yes
Bipartisan No
Prior session None
Legislative History
2025-04-01 introduced Introduced
2025-04-02 committee referral Referred to committee: Financial Institutions, Insurance and Technology
Mapped Requirements
R-02 Regulatory Disclosure & Submissions HC-01 Healthcare AI Decision Restrictions
Official Sources
Full Text
Entry Last Reviewed
2026-03-28
AI generated
Summary

Ohio SB 164 regulates the use of artificial intelligence by health plan issuers in utilization review and medical necessity determinations. It prohibits health plan issuers from making care decisions — including denials, delays, or modifications based on medical necessity — solely on AI-derived results, requiring that such determinations be made by a licensed physician or qualified provider who considers the requesting provider's recommendation and the covered person's individual clinical circumstances. The bill imposes annual reporting obligations on health plan issuers to the Superintendent of Insurance regarding their use of AI-based algorithms, including disclosure of algorithm criteria, training data sets, outcomes, and human reviewer time spent on adverse determinations. The superintendent may audit AI algorithm use at any time. The law applies to health benefit plans issued, amended, or renewed on or after its effective date.

Enforcement & Penalties
Enforcement Authority
Ohio Superintendent of Insurance. Enforcement is agency-initiated; the superintendent may audit a health plan issuer's use of AI-based algorithms at any time and may contract with a third party for audit purposes. No private right of action is created by this section.
Penalties
The bill does not specify monetary penalties, civil penalties, or damages. Enforcement is through the superintendent of insurance's existing regulatory authority, including audit powers. Remedies would flow from the superintendent's general enforcement powers under Ohio insurance law.
Who Is Covered
Compliance Obligations 4 obligations · click obligation ID to open requirement page
R-02 Regulatory Disclosure & Submissions · R-02.1 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(B)(1)-(3)
Plain Language
Each health plan issuer must file an annual report with the Superintendent of Insurance by March 1 covering its provider network, covered person enrollment, and whether it uses AI-based algorithms in utilization review. If AI is used, the report must include detailed information: algorithm criteria, training data sets, the algorithm itself, software outcomes, and data on how much time human reviewers spend examining adverse determinations before signing off. An officer must verify the report. Both the superintendent and the health plan issuer must publish the report on their respective websites, making this both a regulatory filing and a public disclosure obligation.
Statutory Text
(B)(1) Each health plan issuer, annually, on or before the first day of March, shall file a report with the superintendent of insurance covering all of the following information: (a) Each provider in the health plan issuer's network; (b) The number of covered persons enrolled in health benefit plans issued by the health plan issuer in this state in the preceding calendar year; (c) Whether the health plan issuer used, is using, or will use artificial intelligence-based algorithms in utilization review processes for those health benefit plans and, if so, all of the following information: (i) The algorithm criteria; (ii) Data sets used to train the algorithm; (iii) The algorithm itself; (iv) Outcomes of the software in which the algorithm is used; (v) Data on the amount of time a human reviewer spends examining an adverse determination prior to signing off on each such determination. (2) The health plan issuer shall submit the report in a form prescribed by the superintendent. An officer of the health plan issuer shall verify the contents of the report. (3) The superintendent shall publish a copy of the report on the web site of the department of insurance. The health plan issuer shall publish a copy of the report on the health plan issuer's publicly accessible web site.
HC-01 Healthcare AI Decision Restrictions · HC-01.1HC-01.2HC-01.3 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(C)(1)-(3)
Plain Language
Health plan issuers may not base care decisions — including denials, delays, or modifications for medical necessity — solely on AI-derived results. Every medical necessity determination must be made by a licensed physician or a provider qualified to evaluate the specific clinical issues, and must consider the requesting provider's recommendation, the covered person's medical history, and individual clinical circumstances. Physicians participating in medical necessity or utilization review determinations must personally open and review the individual clinical records and document their individualized decision. This effectively requires meaningful human clinical review of every adverse determination — AI may inform but cannot replace the human decision-maker.
Statutory Text
(C)(1) No health plan issuer shall make a decision regarding the care of a covered person, including the decision to deny, delay, or modify health care services based on medical necessity, based solely on results derived from the use or application of artificial intelligence. (2) A determination of medical necessity under a health benefit plan must meet both of the following requirements: (a) The determination is made by a licensed physician or a provider that is qualified to evaluate the specific clinical issues involved in the requested health care services. (b) The determination takes into consideration the requesting provider's recommendation, the covered person's medical or other clinical history, and individual clinical circumstances. (3) Any physician who participates in a determination of medical necessity or a utilization review process on behalf of a health plan issuer shall open and document the review of the individual clinical records or data prior to making an individualized documented decision.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(C)(4)
Plain Language
When an AI-based algorithm is used in a decision to deny, delay, or modify covered health care services, the health plan issuer must provide a plain language explanation of the rationale behind the decision. This applies to every adverse determination involving AI — not only denials, but also delays and modifications. The explanation must accompany the decision, meaning it must be provided to the affected person at or near the time of the determination.
Statutory Text
(4) Any decision to deny, delay, or modify health care services covered under a health benefit plan in which an artificial intelligence-based algorithm is used shall be accompanied by a plain language explanation of the rationale used in making the decision.
HC-01 Healthcare AI Decision Restrictions · HC-01.7 · Deployer · Healthcare
Ohio Rev. Code § 3902.80(D)
Plain Language
The Superintendent of Insurance has standing authority to audit any health plan issuer's use of AI-based algorithms at any time, without requiring a triggering event or specific cause. The superintendent may also engage third-party auditors for this purpose. From a compliance perspective, health plan issuers must maintain their AI systems, documentation, and records in a state of readiness for audit at all times — this is effectively a continuous preparedness obligation.
Statutory Text
(D) The superintendent may audit a health plan issuer's use of an artificial intelligence-based algorithm at any time and may contract with a third party for the purposes of conducting such an audit.