Laws & Statutes PA PA-SB-1113
SB-1113
PA · State · USA
PA
USA
● Pending
Proposed Effective Date
2027-01-09
Pennsylvania SB 1113 — An Act Amending Titles 35 (Health and Safety) and 40 (Insurance) of the Pennsylvania Consolidated Statutes, providing for artificial intelligence in facilities, for artificial intelligence use by insurers and for artificial intelligence use by MA or CHIP managed care plans
PA SB 1113 regulates the use of artificial intelligence in healthcare across three parallel chapters: Chapter 35 covers healthcare facilities using AI for clinical decision making, Chapter 52 covers health insurers using AI in utilization review, and Chapter 53 covers MA/CHIP managed care plans using AI in utilization review. Core obligations include disclosure to patients/covered persons when AI is used, prohibitions on AI superseding clinical judgment, requirements that AI-based determinations use individualized patient data rather than solely group data sets, non-discrimination requirements, periodic performance review, data use limitations, and annual compliance statement filings with the relevant department. Each chapter is enforced by its respective state department through civil penalties up to $5,000 per violation with aggregate annual caps, injunctive relief, and plans of correction. No private right of action is created. The act takes effect one year after enactment.
Passage Likelihood
Medium
Chamber No passage
Committee No action
Majority party No
Bipartisan Yes
Prior session None
Legislative History
2026-01-09 committee referral Referred to Institutional Sustainability & Innovation
Mapped Requirements
HC-01 Healthcare AI Decision Restrictions H-02 Non-Discrimination & Bias Assessment S-01 AI System Safety Program R-02 Regulatory Disclosure & Submissions G-01 AI Governance Program & Documentation
Official Sources
Full Text
Entry Last Reviewed
2026-03-28
AI generated
Summary

PA SB 1113 regulates the use of artificial intelligence in healthcare across three parallel chapters: Chapter 35 covers healthcare facilities using AI for clinical decision making, Chapter 52 covers health insurers using AI in utilization review, and Chapter 53 covers MA/CHIP managed care plans using AI in utilization review. Core obligations include disclosure to patients/covered persons when AI is used, prohibitions on AI superseding clinical judgment, requirements that AI-based determinations use individualized patient data rather than solely group data sets, non-discrimination requirements, periodic performance review, data use limitations, and annual compliance statement filings with the relevant department. Each chapter is enforced by its respective state department through civil penalties up to $5,000 per violation with aggregate annual caps, injunctive relief, and plans of correction. No private right of action is created. The act takes effect one year after enactment.

Enforcement & Penalties
Enforcement Authority
Three separate departments enforce their respective chapters: the Department of Health enforces Chapter 35 (facilities), the Insurance Department enforces Chapter 52 (insurers), and the Department of Human Services enforces Chapter 53 (MA/CHIP managed care plans). Enforcement is agency-initiated. Each department may impose civil penalties, seek injunctive relief, and require plans of correction. For Chapters 52 and 53, violations are deemed violations of the Unfair Insurance Practices Act, and the relevant department may temporarily prohibit enrollment of new members. No private right of action is created. Administrative procedures and appeals are governed by the Commonwealth Agencies practice and procedure provisions.
Penalties
Civil penalties up to $5,000 per violation (each instance of nondisclosure is a separate violation). Aggregate annual caps: $500,000 for facilities, insurers, or MA/CHIP managed care plans; $100,000 for any other person. Injunctive relief available. For insurers and MA/CHIP managed care plans, temporary enrollment freezes may be imposed. Plans of correction may be imposed in lieu of fines. Violations of Chapters 52 and 53 are deemed violations of the Unfair Insurance Practices Act. Remedies are nonexclusive and supplement penalties under the Health Care Facilities Act and other applicable laws.
Who Is Covered
"Facility." A health care setting or institution providing health care services, including: (1) A general, special, psychiatric or rehabilitation hospital. (2) An ambulatory surgical facility. (3) A cancer treatment center. (4) A birth center. (5) An inpatient, outpatient or residential drug and alcohol treatment facility. (6) A facility licensed by the Department of Human Services' Office of Mental Health and Substance Abuse Services. (7) A laboratory, imaging, diagnostic or other outpatient medical service or testing facility. (8) A health care provider office or clinic that is owned by or employs a Commonwealth-licensed physician, physician assistant or nurse practitioner.
"Insurer." As follows: (1) An entity licensed by the department that offers, issues or renews an individual or group health insurance policy that is offered or governed under any of the following: (i) Chapter 61 (relating to hospital plan corporations) or 63 (relating to professional health services plan corporations). (ii) The act of May 17, 1921 (P.L.682, No.284), known as The Insurance Company Law of 1921, including section 630 and Article XXIV thereof. (iii) The act of December 29, 1972 (P.L.1701, No.364), known as the Health Maintenance Organization Act. (2) The term does not include an entity operating as an MA or CHIP managed care plan.
"Medical Assistance or Children's Health Insurance Program managed care plan" or "MA or CHIP managed care plan." As defined under section 2102 of the act of May 17, 1921 (P.L.682, No.284), known as The Insurance Company Law of 1921.
Compliance Obligations 34 obligations · click obligation ID to open requirement page
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
35 Pa.C.S. § 3503(b)(1)
Plain Language
When a facility uses AI algorithms for clinical decision making, the AI must not supersede the health care provider's clinical judgment. The human provider retains final decision-making authority over patient care, including diagnosis and treatment planning. This is an absolute requirement — there is no exception for cases where the AI may have higher measured accuracy.
Statutory Text
(b) Requirements for artificial-intelligence-based algorithms.--For each instance in which a facility uses artificial-intelligence-based algorithms for clinical decision making, the facility shall comply with the following: (1) The artificial-intelligence-based algorithms must not supersede health care provider clinical decision making.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5203(b)(3)
Plain Language
When an insurer uses AI algorithms in utilization review, the AI must not supersede the decision making of the health care provider conducting the review. The human provider retains independent judgment authority over utilization review determinations.
Statutory Text
(3) The artificial-intelligence-based algorithms must not supersede decision making of the health care provider conducting the utilization review.
HC-01 Healthcare AI Decision Restrictions · HC-01.2 · Professional · HealthcareFinancial Services
40 Pa.C.S. § 5205(1)-(3)
Plain Language
Before an insurer denies, reduces, or terminates benefits — including prior authorization denials — the health care provider conducting utilization review must individually review clinical records, document that review, and exercise independent judgment separate from any AI recommendations. This means a human clinical reviewer must affirmatively review the patient's individual records and reach an independent conclusion rather than merely ratifying the AI output.
Statutory Text
Prior to issuing or upholding a decision to deny, reduce or terminate benefits for a health care service, including a decision to deny a prior authorization request, a health care provider who participates in utilization review on behalf of an insurer shall: (1) Review individual clinical records and other relevant information. (2) Document the review under paragraph (1). (3) Based on the review under paragraph (1), exercise judgment independent of any recommendations by the artificial-intelligence-based algorithms.
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5203(b)(1)-(2)
Plain Language
When an insurer uses AI in utilization review, the AI must base its determinations on the individual covered person's medical/clinical history, the circumstances presented by the requesting provider, and other relevant information in the person's clinical record. The AI may not base a determination solely on group-level data. This effectively requires individualized analysis — aggregate data sets can inform the determination but cannot be the sole basis.
Statutory Text
(b) Requirements for artificial-intelligence-based algorithms.--For each instance in which an insurer uses artificial-intelligence-based algorithms in the utilization review process regarding a covered person, the insurer shall comply with the following: (1) The artificial-intelligence-based algorithms must base a determination on all of the following: (i) The medical or other clinical history of the covered person. (ii) Individual clinical or nonclinical circumstances as presented by the requesting health care provider. (iii) Other relevant clinical or nonclinical information contained in the medical or other clinical record of the covered person. (2) The artificial-intelligence-based algorithms must not base a determination solely on a group data set.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
40 Pa.C.S. § 5303(b)(3)
Plain Language
When an MA or CHIP managed care plan uses AI in utilization review, the AI must not supersede the decision making of the health care provider conducting the review. This mirrors the identical requirement imposed on commercial insurers under Chapter 52.
Statutory Text
(3) The artificial-intelligence-based algorithms must not supersede decision making of the health care provider conducting the utilization review.
HC-01 Healthcare AI Decision Restrictions · HC-01.3 · Deployer · Healthcare
40 Pa.C.S. § 5303(b)(1)-(2)
Plain Language
When an MA or CHIP managed care plan uses AI in utilization review, the AI must base its determinations on the individual enrollee's medical/clinical history, circumstances presented by the requesting provider, and other relevant information in the enrollee's clinical record. Determinations may not be based solely on group-level data. This mirrors the identical requirement imposed on commercial insurers under Chapter 52.
Statutory Text
(b) Requirements for artificial-intelligence-based algorithms.--For each instance in which a MA or CHIP managed care plan uses artificial-intelligence-based algorithms in the utilization review process regarding an enrollee, the MA or CHIP managed care plan shall comply with the following: (1) The artificial-intelligence-based algorithms must base a determination on all of the following: (i) The medical or other clinical history of the enrollee. (ii) Individual clinical or nonclinical circumstances as presented by the requesting health care provider. (iii) Other relevant clinical or nonclinical information contained in the medical or other clinical record of the enrollee. (2) The artificial-intelligence-based algorithms must not base a determination solely on a group data set.
HC-01 Healthcare AI Decision Restrictions · HC-01.2 · Professional · Healthcare
40 Pa.C.S. § 5305(1)-(3)
Plain Language
Before an MA or CHIP managed care plan denies, reduces, or terminates benefits — including prior authorization denials — the health care provider conducting utilization review must individually review clinical records, document that review, and exercise independent judgment separate from any AI recommendations. This mirrors the identical requirement for commercial insurers under § 5205.
Statutory Text
Prior to issuing or upholding a decision to deny, reduce or terminate benefits for a health care service, including a decision to deny a prior authorization request, a health care provider who participates in utilization review on behalf of an MA or CHIP managed care plan shall: (1) Review individual clinical records and other relevant information. (2) Document the review under paragraph (1). (3) Based on the review under paragraph (1), exercise judgment independent of any recommendations by the artificial-intelligence-based algorithms.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
35 Pa.C.S. § 3502(a)-(b)
Plain Language
Facilities must disclose to patients when AI algorithms are or will be used for clinical decision making, both in related written communications and on the facility's public website. Additionally, when AI generates written or verbal patient communications about clinical information, the communication must include a clear disclaimer that it was AI-generated and instructions for contacting a human provider. Two exceptions apply: purely administrative communications (scheduling, billing) and communications individually reviewed by a human provider are exempt from the AI-generated disclaimer requirement.
Statutory Text
(a) Artificial-intelligence-based algorithms.--A facility shall disclose to patients of the facility if artificial-intelligence-based algorithms are or will be used for clinical decision making or other similar tasks. The disclosure shall be: (1) Provided in all related written communications. (2) Posted on the publicly accessible Internet website of the facility. (b) Communications.-- (1) A facility that uses artificial intelligence to generate written or verbal patient communications pertaining to patient clinical information shall include: (i) A clear and conspicuous disclaimer that indicates that the communication was generated by artificial intelligence. (ii) Clear instructions on how the patient may contact a human health care provider or relevant employee of the facility with questions. (2) The requirements under paragraph (1) shall not apply to communications that: (i) only pertain to administrative matters, including appointment scheduling, billing or other clerical or business matters; or (ii) have been individually read and reviewed by a human health care provider.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5202(a)-(b)
Plain Language
Insurers must disclose to both participating network providers and all covered persons when AI algorithms are or will be used in the insurer's utilization review process. This disclosure must also be posted on the insurer's public website. The Department of Insurance will determine the specific nature and frequency of disclosures to covered persons.
Statutory Text
(a) Artificial-intelligence-based algorithms.--An insurer shall disclose to a participating network provider and all covered persons if artificial-intelligence-based algorithms are or will be used in the utilization review process of the insurer. (b) Posting.--An insurer shall post the information about the use of artificial-intelligence-based algorithms in the utilization review process of the insurer on the publicly accessible Internet website of the insurer.
HC-01 Healthcare AI Decision Restrictions · HC-01.6 · Deployer · Healthcare
40 Pa.C.S. § 5302(a)-(b)
Plain Language
MA or CHIP managed care plans must disclose to participating network providers and all enrollees when AI algorithms are or will be used in the plan's utilization review process. This disclosure must also be posted on the plan's public website. The Department of Human Services will determine the specific nature and frequency of disclosures to enrollees.
Statutory Text
(a) Artificial-intelligence-based algorithms.--An MA or CHIP managed care plan shall disclose to a participating network provider and all enrollees if artificial-intelligence-based algorithms are or will be used in the utilization review process of the MA or CHIP managed care plan. (b) Posting.--An MA or CHIP managed care plan shall post the information about the use of artificial-intelligence-based algorithms in the utilization review process of the MA or CHIP managed care plan on the publicly accessible Internet website of the MA or CHIP managed care plan.
H-02 Non-Discrimination & Bias Assessment · H-02.1 · Deployer · Healthcare
35 Pa.C.S. § 3503(b)(2)-(3)
Plain Language
Facilities must ensure that both their AI algorithms and training data sets do not directly or indirectly discriminate against patients in violation of federal or state law. Algorithms must also be applied fairly and equitably, consistent with applicable HHS regulations and guidance. This creates both a non-discrimination obligation and an affirmative fair-application requirement, with HHS guidance serving as a reference standard.
Statutory Text
(2) The artificial-intelligence-based algorithms and training data sets must not directly or indirectly discriminate against patients in violation of Federal or State law. (3) The artificial-intelligence-based algorithms must be fairly and equitably applied, including in accordance with any applicable regulations and or guidance issued by the United States Department of Health and Human Services.
H-02 Non-Discrimination & Bias Assessment · H-02.1 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5203(b)(4)-(5)
Plain Language
Insurers must ensure that both their AI algorithms and training data sets do not directly or indirectly discriminate against covered persons in violation of federal or state law. Algorithms must also be fairly and equitably applied consistent with HHS regulations and guidance.
Statutory Text
(4) The artificial-intelligence-based algorithms and training data sets must not directly or indirectly discriminate against covered persons in violation of Federal or State law. (5) The artificial-intelligence-based algorithms must be fairly and equitably applied, including in accordance with any applicable regulations or guidance issued by the United States Department of Health and Human Services.
H-02 Non-Discrimination & Bias Assessment · H-02.1 · Deployer · Healthcare
40 Pa.C.S. § 5303(b)(4)-(5)
Plain Language
MA or CHIP managed care plans must ensure that both their AI algorithms and training data sets do not directly or indirectly discriminate against enrollees in violation of federal or state law. Algorithms must be fairly and equitably applied consistent with HHS regulations and guidance.
Statutory Text
(4) The artificial-intelligence-based algorithms and training data sets must not directly or indirectly discriminate against the enrollees in violation of Federal or State law. (5) The artificial-intelligence-based algorithms must be fairly and equitably applied, including in accordance with any applicable regulations and guidance issued by the United States Department of Health and Human Services.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
35 Pa.C.S. § 3503(b)(5)
Plain Language
Facilities must periodically review and revise the performance, use, and outcomes of their AI algorithms to maximize accuracy and reliability. This is an ongoing operational review requirement — not a one-time pre-deployment check. The specific frequency is not defined in statute and will likely be set by Department of Health regulations.
Statutory Text
(5) The performance, use and outcomes of the artificial-intelligence-based algorithms must be periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5203(b)(7)
Plain Language
Insurers must periodically review and revise the performance, use, and outcomes of their AI algorithms used in utilization review to maximize accuracy and reliability. This is an ongoing operational review obligation.
Statutory Text
(7) The performance, use and outcomes of the artificial-intelligence-based algorithms must be periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.4 · Deployer · Healthcare
40 Pa.C.S. § 5303(b)(7)
Plain Language
MA or CHIP managed care plans must periodically review and revise the performance, use, and outcomes of their AI algorithms used in utilization review to maximize accuracy and reliability.
Statutory Text
(7) The performance, use and outcomes of the artificial-intelligence-based algorithms must be periodically reviewed and revised to maximize accuracy and reliability.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
35 Pa.C.S. § 3503(b)(6)
Plain Language
Patient data used by AI algorithms in facilities must not be used beyond the intended and stated purpose of those algorithms. This purpose limitation is consistent with HIPAA administrative simplification provisions and Pennsylvania law. Facilities must ensure that patient data fed into AI clinical decision-making tools is not repurposed for unrelated uses.
Statutory Text
(6) Patient data must not be used beyond the intended and stated purpose of the artificial-intelligence-based algorithms, consistent with the laws of this Commonwealth and 42 U.S.C. Ch. 7 Subch. XI Part C (relating to administrative simplification), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5203(b)(8)
Plain Language
Covered person data used by AI algorithms in the insurer's utilization review must not be used beyond the intended and stated purpose of those algorithms. This purpose limitation is consistent with HIPAA and Pennsylvania law.
Statutory Text
(8) The data of the covered person must not be used beyond the intended and stated purpose of the artificial-intelligence-based algorithms, consistent with Commonwealth law and 42 U.S.C. Ch. 7, Subch. XI Part C (relating to administrative simplification), as applicable.
HC-01 Healthcare AI Decision Restrictions · HC-01.5 · Deployer · Healthcare
40 Pa.C.S. § 5303(b)(8)
Plain Language
Enrollee data used by AI algorithms in the MA or CHIP managed care plan's utilization review must not be used beyond the intended and stated purpose of those algorithms, consistent with HIPAA and Pennsylvania law.
Statutory Text
(8) The data of the covered person or enrollees must not be used beyond the intended and stated purpose of the artificial-intelligence-based algorithms, consistent with the laws of this Commonwealth and the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191, 110 Stat. 1936), as applicable.
S-01 AI System Safety Program · S-01.1 · Deployer · Healthcare
35 Pa.C.S. § 3503(b)(7)
Plain Language
Facilities must ensure that their AI algorithms used in clinical decision making do not create foreseeable, material risks of harm to patients. This is an affirmative safety obligation — the facility must evaluate and ensure its AI tools do not pose material harm risks, not merely react after harm occurs.
Statutory Text
(7) The artificial-intelligence-based algorithms must not create foreseeable, material risks of harm to the patient.
S-01 AI System Safety Program · S-01.1 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5203(b)(9)
Plain Language
Insurers must ensure that their AI algorithms used in utilization review do not create foreseeable, material risks of harm to covered persons.
Statutory Text
(9) The artificial-intelligence-based algorithms must not create foreseeable, material risks of harm to the covered person.
S-01 AI System Safety Program · S-01.1 · Deployer · Healthcare
40 Pa.C.S. § 5303(b)(9)
Plain Language
MA or CHIP managed care plans must ensure that their AI algorithms used in utilization review do not create foreseeable, material risks of harm to enrollees.
Statutory Text
(9) The artificial-intelligence-based algorithms must not create foreseeable, material risks of harm to the enrollee.
R-02 Regulatory Disclosure & Submissions · R-02.1R-02.4 · Deployer · Healthcare
35 Pa.C.S. § 3504(a)-(b)
Plain Language
Facilities using AI for clinical decision making must annually file an AI compliance statement with the Department of Health. The statement must include: a summary of the AI algorithms' function and scope, a logic or decision tree, a description of each training data set and its source, an attestation of compliance with responsible use requirements with supporting evidence, and a description of the facility's oversight and validation process. The Department prescribes the form and manner of the filing.
Statutory Text
(a) Compliance statement required.--A facility using artificial-intelligence-based algorithms for clinical decision making shall annually file with the department in the form and manner prescribed by the department an artificial intelligence compliance statement. (b) Contents.--A compliance statement must: (1) Summarize the function and scope of artificial-intelligence-based algorithms used for clinical decision making. (2) Provide a logic or decision tree of artificial-intelligence-based algorithms used for clinical decision making. (3) Provide a description of each training data set used by artificial-intelligence-based algorithms for clinical decision making, including the source of the data. (4) Attest that the artificial-intelligence-based algorithms and the training data sets comply with section 3503 (relating to responsible use) and provide evidence of the compliance. (5) Describe the process of the facility for overseeing and validating the performance and compliance of the artificial-intelligence-based algorithms in accordance with section 3503.
R-02 Regulatory Disclosure & Submissions · R-02.1R-02.4 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5204(a)-(b)
Plain Language
Insurers using AI in utilization review must annually file an AI compliance statement with the Insurance Department. Contents mirror the facility requirements: function/scope summary, logic/decision tree, training data descriptions with sources, compliance attestation with evidence, and oversight/validation process description.
Statutory Text
(a) Compliance statement required.--An insurer using artificial-intelligence-based algorithms in the utilization review process shall annually file with the department in the form and manner prescribed by the department an artificial intelligence compliance statement. (b) Contents.--A compliance statement must: (1) Summarize the function and scope of the artificial-intelligence-based algorithms used for utilization review. (2) Provide a logic or decision tree of artificial-intelligence-based algorithms used for utilization review. (3) Provide a description of each training data set used by artificial-intelligence-based algorithms for utilization review, including the source of the data. (4) Attest that the artificial-intelligence-based algorithms and the training data sets comply with section 5203 (relating to responsible use) and provide evidence of the compliance. (5) Describe the process of the insurer for overseeing and validating the performance and compliance of the artificial-intelligence-based algorithms in accordance with section 5203.
R-02 Regulatory Disclosure & Submissions · R-02.1R-02.4 · Deployer · Healthcare
40 Pa.C.S. § 5304(a)-(b)
Plain Language
MA or CHIP managed care plans using AI in utilization review must annually file an AI compliance statement with the Department of Human Services. Contents mirror the facility and insurer requirements.
Statutory Text
(a) Compliance statement required.--An MA or CHIP managed care plan using artificial-intelligence-based algorithms in the utilization review process shall annually file with the department, in the form and manner prescribed by the department, an artificial intelligence compliance statement. (b) Contents.--A compliance statement must: (1) Summarize the function and scope of the artificial-intelligence-based algorithms used for utilization review. (2) Provide a logic or decision tree of artificial-intelligence-based algorithms used for utilization review. (3) Provide a description of each training data set used by artificial-intelligence-based algorithms for utilization review, including the source of the data. (4) Attest that the artificial-intelligence-based algorithms and the training data sets comply with section 5303 (relating to responsible use) and provide evidence of the compliance. (5) Describe the process of the MA or CHIP managed care plan for overseeing and validating the performance and compliance of the artificial-intelligence-based algorithms in accordance with section 5303.
R-02 Regulatory Disclosure & Submissions · R-02.2 · Deployer · Healthcare
35 Pa.C.S. § 3507
Plain Language
The Department of Health may request additional information and evidence from facilities beyond the annual compliance statement regarding disclosure practices, responsible use compliance, and compliance statement contents. Facilities must be prepared to produce supporting documentation upon request.
Statutory Text
The department may request additional information and evidence from a facility regarding the items provided under sections 3502 (relating to disclosure), 3503 (relating to responsible use) and 3504 (relating to artificial intelligence compliance statements) that are necessary to ensure compliance with this chapter.
R-02 Regulatory Disclosure & Submissions · R-02.2 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5208
Plain Language
The Insurance Department may request additional information and evidence from insurers beyond the annual compliance statement. Insurers must be prepared to produce supporting documentation upon request.
Statutory Text
The department may request additional information and evidence from an insurer regarding the items provided under sections 5202 (relating to disclosure), 5203 (relating to responsible use) and 5204 (relating to artificial intelligence compliance statements) that are necessary to ensure compliance with this chapter.
R-02 Regulatory Disclosure & Submissions · R-02.2 · Deployer · Healthcare
40 Pa.C.S. § 5308
Plain Language
The Department of Human Services may request additional information and evidence from MA or CHIP managed care plans beyond the annual compliance statement.
Statutory Text
The department may request additional information and evidence from an MA or CHIP managed care plan regarding the items provided under section 5302 (relating to disclosure), 5303 (relating to responsible use) and 5304 (relating to artificial intelligence compliance statements) that are necessary to ensure compliance with this chapter.
G-01 AI Governance Program & Documentation · G-01.3G-01.4 · Deployer · Healthcare
35 Pa.C.S. § 3506
Plain Language
The Department of Health will establish a record retention policy specifying how long facilities must retain records related to AI algorithms. The specific retention period will be set by the Department, with input from facilities and providers. Facilities should anticipate a retention obligation once the Department acts, and should begin preserving records from the effective date.
Statutory Text
The department shall establish a record retention policy and determine the amount of time a facility shall retain records related to artificial-intelligence algorithms. The department may request input from facilities and health care providers or their representatives in making the determination under this section.
G-01 AI Governance Program & Documentation · G-01.3G-01.4 · Deployer · HealthcareFinancial Services
40 Pa.C.S. § 5207
Plain Language
The Insurance Department will establish a record retention policy specifying how long insurers must retain AI-related records. Insurers should anticipate a retention obligation and begin preserving records from the effective date.
Statutory Text
The department shall establish a record retention policy and determine the amount of time an insurer shall retain records. The department may request input from insurers or their representatives in making this determination.
G-01 AI Governance Program & Documentation · G-01.3G-01.4 · Deployer · Healthcare
40 Pa.C.S. § 5307
Plain Language
The Department of Human Services will establish a record retention policy specifying how long MA or CHIP managed care plans must retain AI-related records.
Statutory Text
The department shall establish a record retention policy and determine the amount of time an MA or CHIP managed care plan shall retain records. The department may request input from an MA or CHIP managed care plan or their representative to make this determination.
Other · Healthcare
35 Pa.C.S. § 3508
Plain Language
Third-party vendors (contractors, subcontractors, or others) that sell, lease, or supply AI algorithms or AI-based services to healthcare facilities are subject to the full Chapter 35 requirements. The Department of Health will develop regulations or guidance further specifying vendor responsibilities. This extends the chapter's compliance obligations to the supply chain — vendors cannot avoid liability by arguing they are not the facility deploying the AI.
Statutory Text
A contractor, subcontractor or other third-party vendor that sells, leases, subscribes or otherwise supplies artificial-intelligence-based algorithms or services based on artificial-intelligence-based algorithms to the facility shall be subject to this chapter. The department shall develop regulations or guidance regarding the responsibility of a contractor, subcontractor or other third-party vendor that sells, leases, subscribes or otherwise supplies artificial-intelligence-based algorithms or services based on artificial-intelligence-based algorithms to the facility. The department may request input from facilities, third-party vendors and health care providers or their representatives in making this determination.
Other · HealthcareFinancial Services
40 Pa.C.S. § 5209
Plain Language
Third-party vendors supplying AI algorithms or AI-based services to insurers are subject to the full Chapter 52 requirements. The Insurance Department will develop regulations further specifying vendor responsibilities.
Statutory Text
A contractor, subcontractor or other third-party vendor that sells, leases, subscribes or otherwise supplies artificial-intelligence-based algorithms or services based on artificial-intelligence-based algorithms to the insurer services shall be subject to this chapter. The department shall develop regulations or guidelines regarding the responsibility of a contractor, subcontractor or other third-party vendor that sells, leases, subscribes or otherwise supplies artificial-intelligence-based algorithms or services based on artificial-intelligence-based algorithms to the insurer. The department may request input from insurers, third-party vendors and health care providers or their representatives in making this determination.
Other · Healthcare
40 Pa.C.S. § 5309
Plain Language
Third-party vendors supplying AI algorithms or AI-based services to MA or CHIP managed care plans are subject to the full Chapter 53 requirements. The Department of Human Services will develop regulations further specifying vendor responsibilities.
Statutory Text
A contractor, subcontractor or other third-party vendor that sells, leases, subscribes or otherwise supplies artificial-intelligence-based algorithms or services based on artificial-intelligence-based algorithms to the MA or CHIP managed care plan shall be subject to this chapter. The department shall develop regulations or guidelines regarding the responsibility of a contractor, subcontractor or other third-party vendor that sells, leases, subscribes or otherwise supplies artificial-intelligence-based algorithms or services based on artificial-intelligence-based algorithms to the insurer or MA or CHIP managed care plan. The department may request input from insurers, third-party vendors and health care providers or their representatives in making this determination.