AI Healthcare Regulations in Georgia (2025–2026)
Georgia's AI healthcare rules explained: SB 444 insurance AI ban, pending bills, compliance steps, and who to contact. Updated for 2025–2026 legislative session.
Georgia has no comprehensive AI-in-healthcare law in force as of mid-2025. SB 444, which bans insurance coverage decisions based solely on AI, has been sent to the Governor and is the immediate compliance priority for insurers and utilization reviewers. Federal rules, including FDA SaMD guidance, ONC HTI-1, and HIPAA, govern clinical AI.
What Georgia Law Currently Requires for AI in Healthcare
As of April 2026, Georgia has not enacted a comprehensive AI-in-healthcare statute. Federal rules currently bind Georgia providers, payers, and health IT vendors: HIPAA, FDA guidance on AI/ML-based Software as a Medical Device (SaMD), and the ONC HTI-1 Final Rule (45 CFR Part 170).
State-level requirements are imminent. SB 444 (2025-26 session) has cleared the General Assembly and been sent to the Governor. If signed, it will prohibit private review agents from basing insurance coverage decisions solely on an AI system. This is a targeted rule for any entity performing utilization review in Georgia.
Who needs to act on what, right now:
- Insurers, managed care organizations, and third-party utilization reviewers: SB 444 is the immediate priority. Begin a gap analysis before the Governor signs the bill.
- Hospitals and health systems deploying clinical AI: No Georgia-specific rule applies yet. Comply with federal FDA SaMD classification criteria and ONC HTI-1 transparency requirements.
- Health IT and AI vendors: HIPAA Business Associate Agreement (BAA) requirements apply when handling protected health information. Monitor SB 37 and SB 167 for potential future audit obligations.
Georgia's existing private review agent framework is defined in O.C.G.A. § 33-46-1 et seq. SB 444 adds an AI-specific restriction to that structure.
SB 444 Explained: The AI Insurance Coverage Decision Ban
Full title: "Private Review Agents; certain decisions with regard to the provision of insurance coverage for healthcare services shall not be based solely on artificial intelligence systems; provide."
Current status: Senate Sent to Governor (last updated 2026-04-11, per OpenStates record for Georgia SB 444, 2025-26 session). The Governor has not yet signed the bill. Consult the Georgia General Assembly bill tracker and the Office of the Governor for the signature date and effective date in the enrolled bill text.
Core Prohibition
SB 444 prohibits private review agents from basing coverage decisions solely on an AI system. The prohibition hinges on the word "solely." AI may assist the review process, flag cases, generate recommendations, or surface clinical criteria, but it cannot be the exclusive decision-maker for coverage. A qualified human reviewer must be involved in any coverage determination.
Who Is a "Private Review Agent"
The existing definition framework is O.C.G.A. § 33-46-1 et seq., which covers entities that perform utilization review of healthcare services on behalf of insurers or other payers. This includes:
- Health insurance companies conducting prior authorization or concurrent review
- Managed care organizations (O.C.G.A. Title 33, Chapter 20A)
- Third-party utilization review organizations contracted by payers
- Medicaid managed care plans operating as private review agents
Verify whether SB 444's enrolled text adopts the existing O.C.G.A. § 33-46-1 definition verbatim or introduces a modified definition. Consult the Georgia Office of Insurance and Safety Fire Commissioner if the scope is unclear for your entity type.
What "Solely" Means in Practice
A fully automated prior authorization system that issues denials without any human review is the clearest violation. A system where a clinician or reviewer receives an AI-generated recommendation and independently applies clinical judgment before issuing a decision is the intended compliant model. Document the human review step. Workflows that automatically approve AI-flagged cases without human sign-off must be revised.
Penalties and Enforcement
The source material does not specify penalty amounts or a private right of action in SB 444. Consult the enrolled bill text and the Georgia Office of Insurance and Safety Fire Commissioner for enforcement mechanisms. Existing enforcement tools under O.C.G.A. Title 33, including Commissioner orders and license actions, may apply.
Effective Date
The effective date depends on the Governor's signature and any phase-in language in the enrolled bill. Consult the enrolled text directly. Do not assume an immediate effective date without confirming.
Legislative Trajectory: HB 887 to SB 444
HB 887 (2023-24 session) had a similar intent to prohibit AI-only insurance coverage decisions (OpenStates record for Georgia HB 887, 2023-24, last action: House Second Readers, updated 2024-01-12). It did not advance past its second reading. SB 444 addressed the same topic and advanced to the Governor.
What SB 444 Does NOT Cover
SB 444 is scoped to coverage decisions by private review agents. It does not regulate:
- Clinical AI tools used by physicians or hospitals for diagnosis or treatment planning
- Diagnostic algorithms embedded in medical devices
- Provider-side clinical decision support software
- AI used in billing, coding, or administrative functions outside utilization review
Other Active Georgia AI Bills That Could Affect Healthcare Entities
Neither of the following bills has passed. Both were at "Senate Read and Referred" as of the latest OpenStates data. These bills signal future legislative direction and could be reintroduced or advanced in a subsequent session.
SB 37: AI Accountability Act
SB 37 (2025-26 session) would establish a general accountability framework for high-risk AI systems (OpenStates record, Georgia SB 37, 2025-26, last action: Senate Read and Referred, updated 2026-03-18). If the final version defines "high-risk" to include AI systems making consequential decisions about individuals, healthcare applications like clinical decision support and insurance underwriting algorithms could fall within scope.
Potential obligations under SB 37, if enacted, could include impact assessments, documentation requirements, and audit obligations. Consult the Georgia General Assembly bill tracker for SB 37 at openstates.org/ga/bills/2025_26/SB37/.
SB 167: Anti-Discrimination Requirements for AI Systems
SB 167 (2025-26 session) would require private entities using certain AI systems to guard against discrimination caused by those systems (OpenStates record, Georgia SB 167, 2025-26, last action: Senate Read and Referred, updated 2026-03-18). This is relevant to healthcare entities because algorithmic bias in clinical decision support tools, insurance underwriting models, and risk-stratification algorithms is an active regulatory concern.
If SB 167 advances, health IT vendors and payers using AI-driven risk scoring or underwriting tools should expect bias audit or documentation requirements. Consult openstates.org/ga/bills/2025_26/SB167/ for bill text and status.
SR 391: Senate Study Committee on AI and Digital Currency
SR 391 (2025-26 session) passed the Senate by substitute and creates a study committee on Artificial Intelligence and Digital Currency (OpenStates record, Georgia SR 391, 2025-26, updated 2026-03-18). Study committees produce recommendations that frequently become the basis for legislation in the following session. The 2023-24 predecessor, SR 476, created the Senate Study Committee on Artificial Intelligence (OpenStates record, Georgia SR 476, 2023-24, last action: Senate Passed/Adopted By Substitute, updated 2024-03-29). Whether SR 476's committee issued a final report is not confirmed in the source material; consult the Georgia Senate Research Office for any published findings.
SR 391's reporting deadline and any published output should be monitored. Recommendations from this committee could shape 2027 session legislation on AI governance.
Federal AI Healthcare Rules That Apply in Georgia Right Now
With no comprehensive state statute, federal rules set the compliance floor for AI in healthcare in Georgia.
FDA: AI/ML-Based Software as a Medical Device
If a clinical AI tool meets the FDA's definition of a medical device under 21 U.S.C. § 321(h), it requires FDA oversight. The FDA's AI/ML-Based Software as a Medical Device Action Plan outlines the agency's framework. A tool that analyzes patient data to diagnose, treat, or prevent disease may require 510(k) clearance or premarket approval (PMA) depending on its risk classification. Consult the FDA Digital Health Center of Excellence for classification questions. Not every clinical AI tool is a SaMD, but the analysis must be documented.
ONC HTI-1 Final Rule
The ONC Health Data, Technology, and Interoperability (HTI-1) Final Rule (45 CFR Part 170, effective 2024) imposes transparency requirements on certified health IT. The rule requires certified health IT with "predictive decision support interventions" to disclose the intervention's purpose, training data, and performance metrics. Georgia health systems using certified EHR modules with embedded predictive AI are subject to these requirements. Consult ONC's Health IT Certification Program for compliance dates, as different requirements under HTI-1 have staggered effective dates.
HHS OCR: Section 1557 and Algorithmic Discrimination
HHS Office for Civil Rights issued a 2024 final rule under Section 1557 of the Affordable Care Act (45 CFR Part 92) that addressed algorithmic discrimination. The legal status of these provisions is subject to ongoing litigation. Consult HHS OCR directly (hhs.gov/ocr) for current enforcement posture before relying on this rule for compliance planning.
HIPAA and AI Model Training
Training AI models on patient data implicates HIPAA's Privacy Rule. De-identification standards under 45 CFR § 164.514 must be satisfied if using patient data without authorization. If an AI vendor accesses protected health information (PHI) to train or operate a model, a Business Associate Agreement is required under 45 CFR § 164.502(e).
FTC Act Section 5
The FTC has signaled that deceptive or unfair AI practices can constitute violations of 15 U.S.C. § 45. This applies to AI-driven health products marketed to consumers with misleading efficacy claims.
CMS Conditions of Participation
CMS has issued guidance on AI use in Medicare and Medicaid-certified facilities, including AI-driven utilization management. Consult CMS directly for current conditions of participation guidance applicable to your facility type.
What Changed Recently: 2024-2026 Georgia AI Regulatory Activity
| Bill / Rule | Status | Key Date | Expected Impact |
|---|---|---|---|
| HB 887 (2023-24) | Died at House Second Readers | Updated 2024-01-12 | No effect; predecessor to SB 444 |
| SR 476 (2023-24) | Senate Passed/Adopted By Substitute | Updated 2024-03-29 | Study committee; shaped 2025-26 agenda |
| ONC HTI-1 Final Rule | In effect | 2024 (staggered dates) | Algorithm transparency for certified HIT |
| SB 444 (2025-26) | Sent to Governor | Updated 2026-04-11 | No sole-AI coverage decisions; upon enactment |
| SB 37 (2025-26) | Senate Read and Referred | Updated 2026-03-18 | High-risk AI accountability; not yet law |
| SB 167 (2025-26) | Senate Read and Referred | Updated 2026-03-18 | AI anti-discrimination; not yet law |
| SR 391 (2025-26) | Senate Passed/Adopted By Substitute | Updated 2026-03-18 | Study committee; shapes 2027 session |
HB 887 failed in 2024, but the same issue was addressed in SB 444, which reached the Governor in 2026. SB 37 and SB 167 are early-stage bills that represent a broader AI governance push. SR 391 will produce recommendations likely to become legislation in 2027.
Compliance Comparison: Key Requirements by Entity Type
| Entity Type | Applicable Georgia Rule | Applicable Federal Rule | Key Obligation | Effective / Expected Date |
|---|---|---|---|---|
| Private review agents / insurers | SB 444 (pending Governor signature) | HIPAA BAA if using AI vendor | No sole-AI coverage decisions; human reviewer required | Upon enactment (confirm enrolled bill effective date) |
| Hospitals / health systems (clinical AI) | No Georgia-specific rule yet | FDA SaMD if device-classified; ONC HTI-1 (45 CFR Part 170) for certified HIT | Algorithm transparency; clinical decision support disclosure | ONC HTI-1: in effect 2024 (staggered) |
| Health IT / AI vendors | SB 167 if enacted; SB 37 if enacted | HIPAA BAA (45 CFR § 164.502(e)); FTC Act 15 U.S.C. § 45; FDA if SaMD | Bias audit obligations (proposed); data use agreements; BAAs | SB 167 and SB 37 not yet passed |
| Medicaid managed care plans | SB 444 if in scope as private review agent | CMS conditions of participation; Section 1557 (45 CFR Part 92) | Human review of AI-driven denials | Upon SB 444 enactment; Section 1557 status: consult HHS OCR |
Gaps to note: Georgia currently has no required AI audit, registration, or pre-deployment approval process for clinical AI tools used by providers. There is no state-level equivalent to FDA SaMD review. SB 444 compliance timing depends on the Governor's signature and the effective date in the enrolled bill text.
Next Steps and Who to Contact in Georgia
Immediate Actions by Entity Type
Insurers and private review agents:
- Map all utilization review workflows involving AI. Identify any process where a coverage determination is issued without documented human review.
- Conduct a gap analysis against SB 444's requirements before it is signed into law.
- Update vendor contracts to confirm that AI vendors operate as decision-support tools, not autonomous decision-makers.
- Prepare documentation to demonstrate human reviewer involvement for each coverage determination.
Hospitals and health systems:
- Inventory all AI/ML tools in clinical use. For each tool, conduct and document an FDA SaMD classification analysis.
- Confirm that certified EHR modules with predictive decision-support features meet ONC HTI-1 transparency requirements (45 CFR Part 170 Subpart D).
- Review all AI vendor contracts for HIPAA BAA status (45 CFR § 164.502(e)).
- Designate an internal AI governance lead to track regulatory changes.
Health IT and AI vendors selling into Georgia healthcare:
- Confirm BAA execution with every Georgia healthcare customer that shares PHI with your system.
Gear & Tools for Georgia Projects
Affiliate disclosure: some links below are affiliate links (Amazon and partner programs). If you buy through them, we may earn a small commission at no extra cost to you. Product selection is not influenced by commission — see our full disclosure.