AI in Healthcare Policy: Laws, Regulations, and Standards

Artificial intelligence is quickly becoming part of healthcare. It is being used in clinical decision support, imaging, documentation, operations, patient communication, research, and other areas of care delivery. As these tools become more common, policymakers, regulators, professional bodies, and health systems are trying to define how they should be developed, evaluated, monitored, and used.

AI in healthcare policy does not refer to one law or one regulatory framework. It is better understood as a growing collection of state laws, federal actions, agency guidance, sector-specific rules, international frameworks, and voluntary standards. These policies often address related concerns, including safety, transparency, privacy, fairness, accountability, documentation, and oversight.

This landscape is fragmented. In the United States, there is no single health AI regulator and no single national law governing all uses of AI in healthcare. Instead, oversight is emerging across many institutions at once. State legislatures may pass laws affecting health plans or clinical settings. Federal agencies may issue guidance for specific sectors. Standards organizations may publish voluntary frameworks. Health systems and developers then have to interpret these signals together when deciding how AI tools should be deployed.

Much of the current policy activity does not directly say which AI tools may or may not be used in clinical care. Instead, many policies focus on the conditions around use. They may require disclosure, documentation, risk management, human oversight, governance processes, or performance monitoring. In practice, this means that healthcare AI policy often shapes the organizational systems around AI before it shapes the clinical use of a specific tool.

This matters for health systems because AI adoption is becoming not only a technical decision, but also a governance and compliance decision. Hospitals and other healthcare organizations may need to know which policies apply to their state, which agencies are active in their area, what standards are becoming influential, and what expectations are emerging around oversight and accountability.

It also matters for developers and vendors. As AI tools move into real-world healthcare settings, developers are increasingly expected to document how systems work, monitor performance, address safety and bias concerns, and align with evolving regulatory and professional expectations. Even when policies are not legally binding, they can still influence procurement decisions, institutional governance, and expectations for responsible deployment.

The Health & AI Policy Index (HAPI) was created to make this landscape easier to navigate. HAPI organizes healthcare AI policies across states, federal agencies, sector-specific regulators, international bodies, and standards organizations. Each policy is structured with consistent metadata, including dates, issuing bodies, impact levels, keyword tags, stakeholder tags, summaries, healthcare implications, and links to source text.

The goal is not to replace legal advice or detailed regulatory interpretation. Rather, HAPI is meant to provide a clearer starting point for understanding how healthcare AI governance is developing, where activity is concentrated, and which policies may be most relevant to health systems, developers, researchers, policymakers, and the public.