The Commonwealth of Pennsylvania has alleged an AI company’s chatbot engaged in the unauthorized practice of medicine. This lawsuit not only signals how state regulators are potentially evaluating AI-driven health interactions, but it could also have sweeping implications for health IT companies and their operational risk.
On January 6, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published significant proposed amendments (proposed rule) to the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Key drivers for the proposed rule include the dramatic increase in cyberattacks, including ransomware, the rapid adoption of cloud computing, mobile devices, and other technologies, and inconsistent compliance with the existing Security Rule identified by the OCR’s investigations.