AI Healthcare Regulations in Arkansas (2025 Guide)
Arkansas AI healthcare regulations explained: current law, insurer rules, provider requirements, recent 2025 bills, and who enforces compliance. Updated guide.
Arkansas has no enacted AI-specific healthcare law as of mid-2025. Two relevant bills were withdrawn during the 2025 session. Existing laws, including HIPAA, the Arkansas Medical Records Act, the Arkansas Insurance Code, and professional standards of care, apply to the use of AI. Compliance requires applying these existing laws, maintaining thorough documentation, and monitoring the 2026 legislative session.
Quick Answer: Is AI in Healthcare Regulated in Arkansas?
Arkansas has not passed a dedicated AI healthcare statute. Two bills introduced in the 2025 Regular Session, HB 1816 and HB 1297, were withdrawn by their authors before a committee vote (OpenStates records, last actions 2025-04-14 and 2025-04-01, respectively).
However, providers, insurers, and health tech vendors are not free to deploy AI tools without legal constraints. The following frameworks apply:
- Arkansas Insurance Code (Ark. Code Ann. § 23-76 et seq.): Governs insurer conduct, including claims decisions made or assisted by automated systems.
- Arkansas Medical Records Act (Ark. Code Ann. § 20-9-301 et seq.): AI-generated entries in a medical record carry the same accuracy, retention, and patient-access obligations as any human-authored entry. See also Ark. Code Ann. § 16-46-106 on records admissibility.
- HIPAA Privacy and Security Rules (45 CFR Parts 160 and 164): Any AI tool that touches protected health information (PHI) must operate inside a compliant Business Associate Agreement and be addressed in a security risk analysis.
The compliance posture for 2025 is to treat existing law as fully applicable to AI tools, build documentation habits that would satisfy a future audit, and monitor the Arkansas General Assembly for 2026 session activity.
What the 2025 Bills Would Have Required
Withdrawn bills frequently return in revised form. The sponsors retain the right to reintroduce them, and the legislative intent is on record.
HB 1816: AI in Care Delivery and Medical Records
The title of HB 1816 indicates it would have prohibited healthcare providers and insurers from using AI in care delivery or medical record generation unless specific conditions were met (Arkansas 2025 Regular Session, OpenStates). Inferred from the title, these conditions likely would have included:
- Human oversight: A licensed clinician would be required to review and approve AI-assisted clinical outputs.
- Disclosure: Patients would have a right to know when AI was involved in their care.
- Audit trails: Systems would need to produce logs to reconstruct how an output was generated.
The bill's last recorded action was withdrawal by the author on 2025-04-14 (OpenStates).
HB 1297: AI in Insurance Coverage and Claims Decisions
HB 1297 targeted healthcare insurers, proposing to regulate the use of AI, algorithms, and other automated technologies in coverage and claims decisions (Arkansas 2025 Regular Session, OpenStates). The bill's last recorded action was withdrawal by the author on 2025-04-01.
Why Were They Withdrawn?
The source material does not include official statements from the bill sponsors explaining the withdrawals. Consult the Arkansas Legislative Research Council for official bill history and any sponsor communications. These bills signal legislative interest in the topic, and proactive compliance preparation around human oversight and patient disclosure is advisable before the 2026 session.
Existing Arkansas Laws That Govern AI Healthcare Tools Today
Arkansas Medical Records Act (Ark. Code Ann. § 20-9-301 et seq.)
AI-generated clinical notes, diagnostic summaries, and treatment records are medical records under Arkansas law. The accuracy, retention, and patient-access requirements apply without modification. If an AI tool generates an erroneous entry and a provider adopts it without review, the provider is responsible for that error under the existing standard of care.
Arkansas Insurance Code: Unfair Claims Settlement Practices (Ark. Code Ann. § 23-66-206)
Insurers have a statutory duty of good faith in claims handling. An automated denial generated by an AI system does not satisfy that duty if the denial lacks the factual and clinical basis the statute requires. The Arkansas Insurance Department enforces this provision. Insurers using AI in prior authorization or claims adjudication should document the human review layer between the AI output and the final coverage decision.
Arkansas Deceptive Trade Practices Act
Marketing an AI clinical tool as "clinically validated" or "FDA-cleared" when it is not can trigger liability under Arkansas consumer protection law. This applies to vendors selling into Arkansas health systems and to providers making representations to patients about the tools they use. Consult the Arkansas Attorney General's office for its current enforcement posture.
Standard of Care: Arkansas State Medical Board and Board of Nursing
Delegation to an AI tool does not transfer professional liability. A physician who relies on an AI diagnostic output without independent clinical judgment retains full responsibility. Consult Arkansas State Medical Board Regulation 2 regarding standard of care and delegation. The same principle applies to advanced practice nurses under Arkansas Board of Nursing rules.
Data Breach Notification (Ark. Code Ann. § 4-110-101 et seq.)
The Arkansas Personal Information Protection Act applies when AI systems that process personal health information experience a breach. Vendors operating as business associates under HIPAA are also subject to this statute when Arkansas residents are affected. Notification timelines and covered data categories are defined in the statute. Consult the Arkansas Attorney General's office for current enforcement guidance.
Telemedicine (Ark. Code Ann. § 17-80-117)
AI-assisted telehealth interactions must comply with existing licensure and prescribing standards. The statute does not create an exception for AI-mediated encounters. Verify the current version of § 17-80-117 at the Arkansas General Assembly website (arkleg.state.ar.us).
Federal AI and Healthcare Rules That Apply in Arkansas
These federal frameworks apply to Arkansas providers, insurers, and vendors regardless of state legislative action.
HIPAA Privacy and Security Rules (45 CFR §§ 160, 164)
Any AI tool that accesses, processes, stores, or generates PHI must be governed by a signed Business Associate Agreement (BAA). The covered entity's security risk analysis, required under 45 CFR § 164.308(a)(1), must account for AI system vulnerabilities, including model drift, data poisoning risks, and third-party API dependencies. The absence of a BAA or a risk analysis that addresses the AI component is a compliance failure.
FDA Software as a Medical Device (SaMD)
Clinical decision support tools that meet the FDA's SaMD definition require agency clearance or approval before clinical deployment. The FDA's AI/ML-Based Software as a Medical Device action plan and subsequent guidance describe the agency's oversight framework. Arkansas providers using uncleared tools that meet the SaMD threshold assume product liability exposure. Use the FDA's Digital Health Center of Excellence pre-submission program to determine if a tool requires clearance.
CMS Conditions of Participation (42 CFR § 482)
Hospitals and facilities receiving Medicare or Medicaid must ensure AI-assisted utilization management does not violate patient rights or anti-discrimination requirements in the Conditions of Participation. CMS's final rule on Medicare Advantage (MA) utilization management requires human review of AI-generated prior authorization denials for MA plans. Arkansas MA plans are subject to this requirement.
Section 1557 of the ACA: Non-Discrimination and AI (45 CFR § 92)
HHS's 2024 Section 1557 final rule (89 FR 37522) extended non-discrimination protections to AI clinical tools. AI systems that produce biased outputs based on race, sex, disability, or other protected characteristics may violate federal civil rights law. The HHS Office for Civil Rights (OCR) enforces this provision. Verify current implementation status and guidance with HHS OCR.
FTC Act Section 5
Health tech companies marketing AI tools with unsubstantiated efficacy claims face FTC enforcement. This applies to vendors selling into Arkansas health systems. "AI-powered" is a marketing term; "reduces diagnostic error by 40%" is a clinical claim that requires substantiation.
What Changed Recently: 2025 Legislative Activity
Arkansas Bill Timeline
| Date | Event |
|---|---|
| Early 2025 | HB 1297 introduced (AI in insurer claims and coverage decisions) |
| Early 2025 | HB 1816 introduced (AI in care delivery and medical records) |
| 2025-04-01 | HB 1297 withdrawn by author (OpenStates) |
| 2025-04-14 | HB 1816 withdrawn by author (OpenStates) |
Neither bill failed in committee. Both were withdrawn by their sponsors, preserving the option to reintroduce revised versions. Consult the Arkansas Legislative Research Council to determine if any provisions were incorporated into other legislation before the 2025 session closed.
Where to Monitor
- Arkansas General Assembly bill tracker: arkleg.state.ar.us (search terms: "artificial intelligence," "algorithm," "automated")
- Arkansas Insurance Department bulletins: insurance.arkansas.gov
- Arkansas State Medical Board newsletters: asmb.us
Compliance Requirements Comparison: Providers vs. Insurers vs. Health Tech Vendors
No Arkansas-specific AI permit or filing fee exists as of 2025. This table reflects compliance obligations under existing law.
| Stakeholder Type | Applicable Arkansas Law | Applicable Federal Law | Key AI-Specific Obligation | Enforcement Body |
|---|---|---|---|---|
| Healthcare Providers (hospitals, clinics, physicians) | Medical Records Act (§ 20-9-301 et seq.); AR Board of Medicine Regulation 2 (standard of care) | HIPAA (45 CFR §§ 160, 164); FDA SaMD guidance; Section 1557 (45 CFR § 92) | Maintain human oversight of AI outputs; ensure AI-generated records meet accuracy standards; obtain informed consent where applicable | AR State Medical Board; HHS OCR; FDA |
| Healthcare Insurers (including MA plans) | AR Insurance Code § 23-66-206 (unfair claims settlement practices) | CMS MA utilization management final rule; HIPAA | Human review required for AI-generated prior auth denials; document AI decision logic for audit | AR Insurance Department; CMS |
| Health Tech / AI Vendors (SaaS, clinical decision support) | AR Deceptive Trade Practices Act; Personal Information Protection Act (§ 4-110-101 et seq.) | FDA SaMD guidance; FTC Act § 5; HIPAA BAA requirements | Obtain FDA clearance if SaMD threshold is met; execute BAAs with all covered entity clients; substantiate efficacy claims in marketing | FDA; FTC; AR Attorney General |
Note: Verify the current version and numbering of specific agency rules, such as Arkansas State Medical Board Regulation 2 and Arkansas Insurance Department rules, directly with the relevant agency.
Next Steps and Who to Contact in Arkansas
Healthcare Providers
Contact the Arkansas State Medical Board (asmb.us) to ask whether specific AI tools require patient disclosure or board notification before deployment. Ask specifically if the board has issued any policy statement or guidance on AI-assisted diagnosis or AI-generated records.
Healthcare Insurers
Direct inquiries to the Arkansas Insurance Department Market Conduct Division (insurance.arkansas.gov) regarding AI-driven claims and prior authorization practices. Before deploying an AI-assisted prior authorization system, document the human review layer and retain that documentation for market conduct examinations.
Health Tech Vendors
Use the FDA's Digital Health Center of Excellence pre-submission program (digitalhealth.fda.gov) to determine whether a tool meets the SaMD threshold before deploying it in Arkansas facilities. Execute BAAs with every covered entity client before any PHI is processed by your system.
All Entities: Internal AI Inventory
- List every AI and machine learning tool that touches patient data or influences clinical or coverage decisions.
- Map each tool to the applicable state and federal laws.
- Assign a named compliance owner for each tool.
- Document the human oversight mechanism for each tool.
- Set a calendar reminder to recheck the Arkansas General Assembly bill tracker at the start of the 2026 session.
Industry Associations
The Arkansas Hospital Association and the Arkansas Medical Society track legislative and regulatory developments. Engaging with these organizations can provide early warning on pending rulemaking.
Legal Counsel
Obtain a written legal opinion before deploying high-risk AI tools, specifically diagnostic AI systems and autonomous prior authorization platforms. The combination of withdrawn state bills, active federal rulemaking, and evolving standards of care creates liability exposure that a general compliance review may not fully capture.
Gear & Tools for Arkansas Projects
Affiliate disclosure: some links below are affiliate links (Amazon and partner programs). If you buy through them, we may earn a small commission at no extra cost to you. Product selection is not influenced by commission — see our full disclosure.