AI in Healthcare 2025: Navigating New Frontiers in Innovation and Regulation

2024 was a pivotal year for AI in healthcare. Venture investment skyrocketed, partnerships between leading AI startups and health systems took shape, and policymakers across the globe grappled with AI’s implications for consumer safety and algorithmic transparency. Emerging AI technologies drove improvements in clinical outcomes and administrative efficiencies, while developers worked on applications to expand Generative AI in clinical settings, integrate AI to drive value-based care, and incorporate AI into digital therapeutics for mental health and chronic conditions.

This year, we expect AI to play an increasingly critical role in value-based care. The rapid growth in investment and adoption of AI in healthcare in 2024 brings a new wave of legal and regulatory developments. As we kick off 2025, those deploying AI in healthcare must be cognizant of new compliance requirements under federal and state law.

The Big Picture: An Evolving Regulatory Landscape

Federal Actions on AI in Healthcare

Prompted by Executive Order 14110, which established a government-wide effort to guide responsible use of AI development and deployment, federal agencies took action. The Department of Health and Human Services (HHS), through various sub-agencies, published several novel AI rules aimed at ensuring patient safety. For example, the Food and Drug Administration (FDA) issued final Predetermined Change Control Plan (PCCP) guidance and proposed Marketing Submission Guidelines for AI technologies.

Adding to the mix, the Office of the National Coordinator (ONC) and the Office of Civil Rights (OCR) published industry-specific regulations, including the HTI-1 Final Rule and the Section 1557 Final Rule , respectively. Meanwhile, the Federal Trade Commission (FTC) created an agency-wide compliance effort called Operation AI Comply and issued numerous enforcement actions to enhance consumer protection for AI services. Each of the aforementioned final rules and policy decisions will be discussed in the second section below.

State-Level Activity Regulating AI

States also took action. California and Utah opted to directly regulate the use of AI in the healthcare industry, while Colorado opted to regulate high-risk AI systems through the Colorado AI Act. Nearly every state proposed legislation relating to the use of AI in high-risk domains (like healthcare and employment decisions). Organizations should expect another high-volume year of state regulatory efforts as the effects of a new presidential administration remain to be seen on the federal level.

Want to stay up to date on the latest changes in statewide regulatory changes? Subscribe to our Telehealth and Virtual Care newsletter on LinkedIn!

International Frameworks for AI

In the international arena, the European Union (EU) adopted the EU AI Act, a risk-based framework that imposes disclosure and governance obligations on developers of AI systems. The EU AI Act applies to U.S. companies delivering services to EU citizens under its extraterritoriality provisions.

Zooming In: Federal Healthcare Developments

Through the ONC and OCR, HHS finalized two regulatory frameworks to ensure algorithmic transparency and combat algorithmic discrimination.

The ONC adopted the HTI-1 Final Rule, which requires Certified Electronic Health Record Technology (CEHRT) developers that supply certain AI technologies (specifically, “decision support intervention (DSI)” technologies) to implement risk management and disclosure protocols. Additionally, OCR finalized the Section 1557 Final Rule, which prohibits discriminatory practices by AI tools based on race, color, national origin, sex, age, or disability in specified health programs or activities.

The FDA also published guidance relating to Pre-determined Change Control Plans (PCCP) for regulated devices, describing how device manufacturers inform the FDA of changes to AI solutions and how the modifications will be assessed. The FDA also published a Draft Guidance regarding marketing submission guidance for AI technologies. The Draft Guidance comes equipped with best practices for submissions, data stewardship, model performance and training, and a template model card.

Zooming In: State Legislative Activity

Kicking things off, Utah passed the Utah AI Policy Act, which, effective May 1, 2024, requires deployers of AI systems in regulated professions to disclose to consumers that they are interacting with an AI system and a mechanism to opt-out.

Shortly thereafter, Colorado passed the Colorado AI Act, which, effective January 1, 2026, imposes comprehensive governance and disclosure obligations on developers of high-risk AI systems, which would include many AI systems deployed in healthcare settings.

Towards the end of 2024, California passed numerous bills relating specifically to generative AI. Two are noteworthy from a healthcare perspective. Effective January 1, 2025, AB 3030 requires healthcare providers to provide a disclaimer and clear instructions describing how a patient may contact a human healthcare provider when using generative AI to communicate “patient clinical information.” Also effective January 1, 2025, SB 1120 (known as the “Physicians Make Decisions Act”) places limits on how health insurance companies can use AI to review and deny claims.

Key Concepts for 2025: A Roadmap for Healthcare AI Developers and Deployers

Strengthened AI Transparency Requirements

What’s driving it? Federal and state regulatory requirements, public policy, and consumer demand.