The American Hospital Association is urging the White House Office of Science and Technology Policy to streamline and align federal regulations for artificial intelligence in healthcare, warning that overlapping policies threaten innovation and increase costs.
In an Oct. 27 letter to OSTP Director Michael Kratsios, submitted in response to a federal request for information on regulatory reform for AI, AHA Senior Vice President of Public Policy Analysis and Development Ashley Thompson said the association’s nearly 5,000 member hospitals and health systems face growing administrative expenses from redundant rules. More than one-quarter of all U.S. healthcare spending — more than $1 trillion annually — goes toward administrative tasks, the group said, with nearly 40% of hospitals operating at negative margins.
The AHA said tools like ambient documentation assistants, chatbots for scheduling and triage, and imaging algorithms are already reducing burdens for clinicians, but regulatory fragmentation continues to slow progress. The association outlined four recommendations to balance innovation with patient safety:
- Synchronize and leverage existing policy frameworks: AI oversight should align with established regulations — such as HIPAA, FDA software requirements, and HHS cybersecurity goals — rather than creating new, duplicative frameworks.
- Remove regulatory barriers: The AHA urged Congress to strengthen HIPAA’s federal preemption to eliminate conflicting state privacy laws and to update or repeal portions of 42 CFR Part 2 that limit data sharing for patients with substance use disorders.
- Ensure safe and effective AI use: The group called for clinicians to remain in the decision loop for algorithms that could affect coverage or care decisions and for third-party AI vendors handling patient data to be held to the same privacy and security standards as covered entities.
- Address organizational and infrastructural challenges: The letter cited inadequate reimbursement, limited broadband access, and digital literacy gaps as barriers to AI adoption, particularly in rural and underserved areas.
The AHA also criticized proposed federal cybersecurity rules that would require hospitals to restore systems within 72 hours of a cyber incident, calling the timeline “not technically feasible” and potentially risky. Instead, the group supports voluntary, consensus-based cybersecurity performance goals.
The association concluded by encouraging cross-agency collaboration among HHS, the Federal Communications Commission, and other departments to improve broadband infrastructure, digital health literacy, and workforce readiness for AI-enabled care.
AHA leaders said aligning and simplifying AI policies could help reduce costs, strengthen cybersecurity, and allow hospitals to safely expand the use of AI in patient care.
