On September 28, California Gov. Gavin Newsom signed Senate Bill 1120 Health Care Coverage: Utilization Review into law, amending § 1367.01 of the Health and Safety Code and § 10123.135 of the state’s Insurance Code. Effective January 1, the new law regulates how health care service plans and disability insurers, including specialized health care service plans and specialized health insurers, use artificial intelligence (AI), algorithms, and other software tools to ensure compliance with specified requirements—including fairness and non-discrimination standards—for utilization review and management processes. SB 1120 also applies to vendors contracted with covered health plans for services that include utilization review or utilization management functions. SB 1120 is just one of several wide-ranging AI-related laws California produced this legislative session.
Overview of SB 1120 Health Care Coverage: Utilization Review
SB 1120 aims to address the growing use of AI and machine learning in health care, particularly in reviewing, approving, modifying, or denying requests for covered health care services based on medical necessity in utilization review or management activities. It establishes guidelines for the application of these technologies to ensure that they complement, rather than replace, human clinical decision-making.
Key Provisions of SB 1120
Implications for Health Plans and Insurers
Health care providers and insurers that rely on AI tools for utilization review and management activities need to evaluate their systems carefully to ensure compliance with SB 1120. This may involve updates to AI models, increased transparency in their application, and ensuring that human medical professionals remain the final decision-makers in determinations of medical necessity.
SB 1120 provides important safeguards for patients, ensuring that decisions about their care are made with proper oversight and individualized consideration. The law aims to strike a balance between technological innovation in health care and the need for human judgment in critical medical decisions.
Additionally, the Centers for Medicare & Medicaid Services clarified earlier this year in an FAQ memo that Medicare Advantage Organizations (MAOs) can use an algorithm or AI system in making coverage determinations, but MAOs must ensure that the algorithms comply with existing laws and regulations for how those coverage determinations are made. For determinations of medical necessity, MAOs must remain compliant with the rules of 42 CFR § 422.101(c), including consideration of a patient’s medical history, physician recommendations, and clinical notes. Therefore, AI systems cannot make determinations of medical necessity without considering factors and circumstances specific to each patient.
Next Steps
Health care service plans and insurers should promptly evaluate their utilization review and management practices (as well as those of their vendors that provide such services) that involve AI tools and algorithms, to ensure they meet the requirements set forth in SB 1120, which appear to apply to prospective, retrospective, or concurrent reviews of requests for covered health care services. Given these broad and somewhat vague requirements, it will be important to monitor how the DMHC and DOI will implement the law and issue further guidance. Legal and compliance teams should also prepare for potential audits and ensure that disclosures about AI tool use are readily available and transparent to both patients and regulators.