StateReg.Reference

AI Healthcare Regulations in Hawaii: 2024 Guide

Understand Hawaii's AI healthcare regulations: applicable state laws, licensing rules, patient data protections, and compliance steps for providers and vendors.

Last updated April 21, 20264 statute sources

Hawaii has no single AI-in-healthcare statute as of mid-2024. Compliance requires layering existing Hawaii health privacy, licensing, and consumer protection laws on top of federal FDA, HIPAA, and FTC requirements.

Quick Answer: Is AI in Healthcare Regulated in Hawaii?

Yes, but not through a dedicated AI law. As of mid-2024, Hawaii has not enacted a standalone statute governing artificial intelligence in healthcare. Instead, Hawaii regulates AI in healthcare through existing laws covering health data, professional licensing, and consumer protection. These laws apply to AI tools that process patient data, inform clinical decisions, or make health-related claims.

Key state laws include:

Health data privacy. Provisions in Hawaii Revised Statutes (HRS) Chapter 323C relate to health information privacy. Any AI system processing patient records may be subject to its requirements.

Professional licensing. HRS Chapter 453 (Medicine and Surgery) and HRS Chapter 457 (Nursing) define the scope of clinical practice. An AI tool providing a diagnosis without clinician oversight may create liability for the unlicensed practice of medicine.

Consumer protection. HRS Chapter 480 prohibits unfair or deceptive trade practices. Marketing claims about an AI health product's efficacy or accuracy fall within this statute's scope.

Federal frameworks like HIPAA (45 CFR Parts 160 and 164), FDA guidance on Software as a Medical Device (SaMD), and FTC enforcement authority apply concurrently. State law may impose different or stricter obligations than the federal baseline. Compliance requires satisfying both sets of rules.

The sections below break this down by topic:

  • State laws that directly affect AI tools: see the next section.
  • Patient data and AI model training: see the privacy section.
  • Who is liable when AI makes a clinical call: see the licensing and liability section.
  • What changed in 2023 and 2024: see the recent activity section.
  • Side-by-side vendor vs. provider obligations: see the comparison table.
  • Action checklist and agency contacts: see the final section.

Hawaii State Laws That Directly Affect AI Healthcare Tools

HRS Chapter 323C: Health Care Information Privacy

HRS §§ 323C-1 through 323C-32 establish Hawaii's Health Care Information Privacy framework. This chapter contains definitions and rules for the use and disclosure of "health care information." AI systems that process patient data may be subject to these provisions. Any AI vendor receiving identifiable patient data from a Hawaii-licensed provider should consult the statute for specific definitions and consent requirements.

HRS Chapter 453: Physician Oversight and the Practice of Medicine

HRS Chapter 453 governs the practice of medicine. Its provisions, including the definition of medical practice in HRS § 453-1 and rules on unlicensed practice in HRS § 453-2, are relevant to AI tools that generate diagnoses or treatment recommendations. To mitigate the risk of the unauthorized practice of medicine, vendors should ensure a licensed physician reviews and approves the tool's output, making the final clinical judgment.

HRS Chapter 457 and Other Licensing Chapters

HRS Chapter 457 governs nursing practice in Hawaii. AI clinical decision support tools used by nurses, pharmacists, or other licensed clinicians must operate within the scope of practice defined in the relevant licensing chapters. A tool directing a clinician to perform an act outside their licensed scope could create liability for the clinician and the vendor.

HRS § 431:10A-116.3: Telehealth Insurance Coverage

HRS § 431:10A-116.3 contains provisions related to insurance coverage for telehealth. The statute does not explicitly mention AI. Whether an AI-augmented remote service qualifies for reimbursement depends on interpretation by payers and regulators. Providers deploying AI tools in remote care settings should confirm coverage with payers and may consult the Hawaii Insurance Division for guidance.

HRS Chapter 480: Consumer Protection

HRS Chapter 480 addresses unfair or deceptive trade practices. Marketing claims about an AI tool's efficacy, accuracy, or clinical validation may be subject to this chapter. The Hawaii Office of Consumer Protection enforces these provisions and has authority to seek restitution, civil penalties, and injunctive relief.

Algorithmic Accountability: Current Gap

A review of selected bills from recent legislative sessions found no enacted laws creating a specific algorithmic accountability framework for healthcare in Hawaii. The legislative bills reviewed in preparing this page, SB 1390 (broadband infrastructure), HB 406 (economic development internship program), and SB 365 (film production tax credit), address unrelated subjects and contain no provisions affecting health AI. Consult the Hawaii State Legislature bill tracker for the most current session activity.

Patient Data Privacy Requirements for AI Systems in Hawaii

How HRS Chapter 323C Interacts with HIPAA

HIPAA establishes a federal minimum for privacy. State laws like HRS Chapter 323C may impose different or more stringent requirements. Where a state law is more protective of privacy, it is generally not preempted by HIPAA. Organizations must comply with both federal and state law. When reviewing data flows against HRS Chapter 323C, counsel should pay particular attention to the definitions of "health care information" and "health care provider," the specific conditions for disclosure, and any patient rights that may differ from HIPAA.

Using identifiable patient data to train, fine-tune, or validate an AI model may require specific patient authorization under state law, separate from general consent for treatment. Consult HRS Chapter 323C for specific requirements, as they may differ from the permissions granted under HIPAA's definition of "health care operations." Before a provider or vendor uses Hawaii patient records for AI model development, they must ensure they have a valid legal basis, which may require explicit patient authorization unless the data is properly de-identified.

De-Identification Standards

Hawaii law does not establish a separate state-specific standard for de-identification. The HIPAA Privacy Rule provides two methods at 45 CFR § 164.514: Safe Harbor and Expert Determination. Organizations using de-identified data for AI model training should rigorously document their methodology to demonstrate that the data falls outside the scope of state and federal privacy rules.

Breach Notification: HRS § 487N-2

HRS § 487N-2 contains Hawaii's requirements for notifying individuals of a security breach involving personal information, which includes health data. Consult the statute for specific triggers, timelines, and notification content. These requirements operate alongside HIPAA breach notification rules. The timeline for notification is the most expedient time possible. Verify the current statutory language before relying on a specific day count in a breach response plan. The Hawaii Office of Consumer Protection is the relevant state agency for compliance questions.

Data Residency and Transfer Restrictions

Hawaii does not have a generally applicable data residency law requiring health data to be stored within the state. Cross-border data transfers are governed by HIPAA Business Associate Agreement terms and applicable state disclosure restrictions, not a separate residency mandate.

Business Associate and Vendor Obligations

An AI vendor receiving protected health information from a Hawaii-licensed covered entity must execute a HIPAA-compliant Business Associate Agreement (BAA). That agreement must also be consistent with any applicable obligations under HRS Chapter 323C. Vendors should ensure their BAA templates are reviewed for consistency with Hawaii-specific requirements, not just the federal HIPAA minimums.

Licensing, Liability, and Scope-of-Practice Rules for AI-Assisted Care

Hawaii Medical Board Position on AI

A review of the Hawaii Medical Board's public materials indicates that, as of mid-2024, it has not issued guidance specifically addressing AI clinical decision support tools. The Board operates under Hawaii Administrative Rules (HAR) Title 16, Chapter 85. In the absence of specific guidance, compliance defaults to the statutes governing medical practice, primarily HRS Chapter 453.

Unlicensed Practice Risk

HRS § 453-2 contains prohibitions on the unlicensed practice of medicine. A vendor whose AI tool generates clinical recommendations that are acted upon without physician review risks allegations that the tool is practicing medicine. The distinction between clinical decision support (CDS) and autonomous diagnosis is critical. A CDS tool presenting a differential diagnosis list or suggesting relevant literature for a physician's review generally falls short of practicing medicine. A tool outputting a definitive diagnosis and treatment plan with no required clinical validation step moves into a higher-risk category. Vendors can mitigate risk by building physician oversight into the product workflow and ensuring the licensed clinician is the decision-maker of record.

Malpractice Liability Framework

Hawaii's medical malpractice framework is established in statutes including HRS Chapter 671. The standard of care, as defined in HRS § 671-3, is a key element in any malpractice claim. When an AI tool contributes to a clinical error, liability may be allocated between the clinician and the vendor based on factors like the tool's marketing, its use by the clinician, and the exercise of independent medical judgment. Hawaii's Medical Claims Conciliation Panel process (HRS §§ 671-11 through 671-16) is a mandatory pre-litigation step for medical tort claims, including those involving AI-assisted care.

Hawaii's informed consent framework requires providers to disclose information a reasonable patient would find material to a treatment decision. Whether the use of an AI tool is material information that must be disclosed to patients is not settled by Hawaii statute or case law. Factors that might weigh in favor of disclosure include the novelty of the AI, the degree to which the AI's output is the primary basis for a high-stakes clinical decision, and whether the patient has alternatives. Providers should consult health law counsel and consider proactive disclosure as a risk-management practice.

Hawaii DOH Registration for Health Software

The Hawaii Department of Health (DOH) has authority over health facilities under HRS Chapter 321. The DOH has not codified separate registration or approval requirements for health software as a standalone category. AI tools embedded in licensed health facilities fall under the facility's existing DOH oversight. Consult the DOH Office of Health Care Assurance (OHCA) for facility-specific requirements.

What Changed Recently: Hawaii AI & Health Regulatory Activity (2023–2024)

Hawaii Legislative Sessions: No AI Health Bills Enacted

A review of selected bills from the 2023 and 2024 Hawaii Regular Sessions found no enacted legislation specifically addressing AI in healthcare, algorithmic accountability in clinical settings, or automated decision-making by health systems. The bills reviewed for

Gear & Tools for Hawaii Projects

Affiliate disclosure: some links below are affiliate links (Amazon and partner programs). If you buy through them, we may earn a small commission at no extra cost to you. Product selection is not influenced by commission — see our full disclosure.