In an extremely rare event, on May 16, 2023, industry leaders appeared before congress to plead for regulation. Sam Altman, CEO of OpenAI, appeared before the Senate Judiciary Committee seeking to work with the federal government to create parameters for AI creators to ensure the tool would not cause “significant harm to the world.”

Altman reiterated the great advancements and positive impacts that AI could reveal, but also clarified that the technology could have unintended consequences. “We want to be vocal about that,” Altman said. “We want to work with the government to prevent that from happening.” This hearing is being called a “pivotal moment for the AI industry

 

Federal AI Initiatives

Shortly after the hearing, Senator Bill Cassidy actively sought public input to better understand   benefits and potential risks associated with integrating AI into critical infrastructure businesses. This was especially pertinent in the healthcare sector, where the primary concern revolved around potential impacts of artificial intelligence on patient safety. In response to the Request for Information (RFI), CHIME underscored crucial aspects pertaining to patient safety, privacy, security, bias, and innovation, among other concerns.

White House Executive Order on AI

On October 30th, 2023, the White House released a 111-page Executive Order (EO) on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” The goal is to establish a framework that sets guardrails around AI. The EO contains eight guiding principles and priorities in the development of AI regulations:

  1. AI must be safe and secure
  2. Promote responsible innovation, competition, and collaboration
  3. Support American workers
  4. Advance equity and civil rights
  5. Protect the interest of Americans using AI in their daily lives
  6. Protect Americans’ privacy and civil liberties
  7. Manage risks from the Federal Government’s use of AI
  8. Allow the U.S. to lead the way to global societal, economic, and technological progress

The order then breaks down these principles into eleven sections of detailed, actionable steps with target dates ranging from 30 to 365 days from the date of the order. Stanford University has created a tool to track the progress of the order, with sections 4.2 and 4.3 particularly relevant to cybersecurity.

 

NIST AI Risk Management Framework

In parallel, the National Institute of Standards and Technology has been quickly ramping up the NIST AI Risk Management Framework (RMF). This is quickly becoming the go-to document for organizations to implement AI safely and securely, which is especially important for healthcare organizations. This framework lays out four core principles to build on: Govern, Map, Measure, and Manage, with Govern at the center of each principle:

The NIST AI RMF is also accompanied by a playbook to help with suggested actions, references, and related guidance.

 

Blueprint for an AI Bill of Rights

In addition, within healthcare, organizations should strongly consider the patients’ perspective of the use of AI tools. The Blueprint for an AI Bill of Rights was developed in October 2022 and set forth five principles and practices to guide the “design, use, and deployment of automated systems to protect the rights of the American public in the age of artificial intelligence.”

  1. Safe and Effective Systems: Protection from unsafe and ineffective systems, including pre-deployment testing, risk identification and mitigation, and monitoring for safe, effective use.
  2. Algorithmic Discrimination Protections: Systems should be designed and used in an equitable manner, without bias based on race, color, ethnicity, sex, religion, age, national origin, disability, veteran status, genetic information, or other classification.
  3. Data Privacy: Protection from abusive data practices via built-in protections including the right to determine how data is used.
  4. Notice and Explanation: Disclosure when an automated system is used, including an understanding of how and why it contributes to outcomes that may impact an individual.
  5. Human Alternatives, Considerations, and Fallback: Provide the opportunity to opt-out, where appropriate, and have access to a person who can quickly consider and remedy any problems encountered.

Patient rights should be at the forefront of every AI implementation, with a process in place to ensure that these rights are not overlooked.

 

Global AI Initiatives

The World Health Organization (WHO), the International Telecommunication Union (ITU), and the World Intellectual Property Organization (WIPO) partnered to develop the Global Initiative on AI for Health (GI-AI4H), which was launched in July 2023. Its goal is to Enable, Facilitate, and Implement AI in healthcare.

 

This collaboration has produced multiple publications to guide and inform AI for healthcare:

These documents are very helpful in establishing and maintaining a safe, secure, and effective artificial intelligence program.

 

State AI Initiatives

In the absence of clear federal regulations, many states are working quickly to address the need for AI controls at the state level, as was discussed in early August 2024 at the National Conference of State Legislatures’s annual summit.

The conference had at least eight sessions on AI as lawmakers looked to establish guardrails. Colorado may become the first state to roll out comprehensive AI regulation with the hopes that it will boost innovation, not harm it. A dozen or more states could be following with comprehensive legislation introduced in 2025. In fact, state lawmakers have introduced AI bills AI in at least 40 states in 2024.

 

Summary

If you haven’t started your AI journey, the time has come for you to seriously consider this technology advancement, or your organization could be left behind. Take time to understand AI and its potential to enhance your ability to fulfill your mission.

But, as your healthcare organization moves forward with AI initiatives, take time to review the pending legislative efforts on the global, federal, and state levels and align with them throughout the process. AI has been moving very quickly, and so are the regulatory requirements. Leverage them to be sure you are ready to implement AI initiatives safely, securely, and legally.