AI Healthcare Regulations in Massachusetts (2025–2026)

Massachusetts has no single enacted AI healthcare law as of mid-2026. Federal rules, including HIPAA, FDA's SaMD framework, and the FTC Act, provide the enforceable floor. Several state bills, led by S 2632, have cleared committee and are in Ways and Means, making enactment plausible before the 194th Legislature closes. Organizations should begin gap assessments against these pending bills.

Quick Answer: Where Massachusetts AI Healthcare Law Stands

No comprehensive Massachusetts statute specifically governing AI in healthcare is in force. Compliance obligations are defined by existing state laws that apply to AI systems by implication and a cluster of pending bills.

Currently enforceable in Massachusetts:

• Federal HIPAA Security Rule (45 CFR Parts 160 and 164) governs AI systems that handle protected health information.
• FDA's Software as a Medical Device (SaMD) framework applies to AI tools meeting the definition of a medical device.
• FTC Act Section 5 (15 U.S.C. § 45) covers deceptive or unfair AI health claims.
• M.G.L. c. 93H and 201 CMR 17.00 impose data security obligations on AI vendors handling Massachusetts resident data.
• M.G.L. c. 176O constrains automated utilization review by health insurers.

Pending, not yet law:

• S 2632 (194th General Court): AI in healthcare decision-making; committee recommended "ought to pass" and referred to Senate Ways and Means as of April 2, 2026.
• H 4616 (194th General Court): Prior authorization reform; reporting deadline extended to June 15, 2026.
• H 77 / S 35 (194th General Court): A general AI responsibility framework reported favorably to respective Ways and Means committees in March 2026.
• S 49 (194th General Court): Cybersecurity and AI obligations; reported favorably to Senate Ways and Means in March 2026.

Bills in Ways and Means can move to floor votes with limited notice. Organizations should treat S 2632 and H 77/S 35 as near-term obligations and conduct gap assessments.

What Massachusetts Bills Would Actually Require: S 2632 and Related Legislation

S 2632: AI in Healthcare Decision-Making

S 2632 (194th General Court), "An Act relative to the use of artificial intelligence and other software tools in healthcare decision-making," is the most significant pending bill for healthcare AI in Massachusetts.

The bill's likely scope includes transparency requirements for AI-assisted clinical and coverage decisions, human override rights for adverse determinations, and disclosure obligations to patients when AI was a material factor in a decision. Verify the exact substantive provisions, covered entity definitions, and enforcement mechanisms against the full bill text at malegislature.gov. The source material for this page confirms procedural status only, not bill text specifics.

Covered entities would likely include health insurers, utilization review organizations, hospitals, and physician groups using AI tools. Health technology vendors contracting with Massachusetts-regulated entities should assume they fall within scope through contractual obligations.

H 4616 and H 1136: Prior Authorization Reform

H 1136 (194th General Court) was superseded by a new draft, H 4616 (194th General Court), "An Act improving the health insurance prior authorization process." The reporting deadline for H 4616 was extended to June 15, 2026.

Prior authorization reform bills often target automated denial systems by requiring human clinical review before adverse determinations, mandating turnaround time limits, and requiring payers to disclose the criteria used in automated decisions. Consult the Massachusetts Legislature website (malegislature.gov) for H 4616's exact text and any amendments.

S 1403: Reducing Administrative Burden

S 1403 (194th General Court), "An Act relative to reducing administrative burden," was reported favorably and referred to Senate Ways and Means in March 2026. Such legislation frequently intersects with AI-driven workflows in prior authorization and claims processing. Verify the bill text at malegislature.gov to determine whether it imposes affirmative obligations on AI systems.

H 1210 / H 5066: AI Health Communications and Informed Patient Consent

H 1210 (194th General Court), "An Act relative to AI health communications and informed patient consent," was accompanied by a study order, H 5066 (194th General Court). A study order directs a formal examination of an issue before legislation is drafted. Patient consent requirements for AI-generated health communications are being studied for future legislation. Consult malegislature.gov for the scope of the H 5066 study order.

S 49: Cybersecurity and Artificial Intelligence

S 49 (194th General Court), "An Act relative to cybersecurity and artificial intelligence," was reported favorably and referred to Senate Ways and Means in March 2026. Healthcare entities handling protected health information would likely fall within its scope. Verify the exact security standards, audit requirements, and enforcement mechanisms in the bill text at malegislature.gov.

H 77 / S 35: The FAIR Act

H 77 and S 35 (194th General Court), both titled "An Act fostering artificial intelligence responsibility," are a general AI accountability framework. Both were reported favorably to their respective Ways and Means committees in March 2026. This type of framework typically imposes impact assessment, transparency, and anti-discrimination obligations on AI deployers and developers. Whether it explicitly covers healthcare AI or defers to sector-specific bills like S 2632 requires verification against the full bill text. If it applies broadly, healthcare entities would face layered compliance obligations.

Enforcement note: Specific enforcement mechanisms, including fine amounts and private rights of action, are not confirmed from the available source material. Verify per bill text at malegislature.gov.

Existing Massachusetts Law That Already Applies to Healthcare AI

M.G.L. c. 93H: Data Security

Massachusetts General Laws chapter 93H requires any entity that owns or licenses personal information about Massachusetts residents to provide notice following a security breach. AI systems that process personal information fall within this statute's reach.

201 CMR 17.00: Written Information Security Program

The Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00) require covered entities to maintain a written information security program (WISP). AI vendors handling Massachusetts resident data must comply. The regulation is technology-neutral. Consult the Massachusetts Office of Consumer Affairs and Business Regulation for any updated guidance.

M.G.L. c. 176O: Health Insurance Consumer Protections

Chapter 176O, sections 10 through 12, governs utilization review by Massachusetts health insurers. The provisions require that adverse benefit determinations be made by or in consultation with a licensed clinician and establish appeal rights. An automated prior authorization denial system that does not satisfy these requirements is potentially unlawful today. Health insurers using AI in utilization review should audit their workflows against c. 176O.

M.G.L. c. 111: Public Health and Clinical Licensure

Chapter 111 governs licensed healthcare facilities. AI tools used in clinical settings may implicate existing standard-of-care obligations and facility licensure requirements. The Massachusetts Department of Public Health (DPH) has authority over licensed facilities; consult DPH if deploying AI in a clinical setting subject to facility licensure.

M.G.L. c. 93A: Consumer Protection

The Massachusetts Consumer Protection Act (M.G.L. c. 93A, § 2) prohibits unfair or deceptive acts or practices. The Attorney General has enforcement authority, and private plaintiffs can sue for up to treble damages. AI-driven practices that mislead patients about diagnostic accuracy, coverage, or treatment options are actionable under c. 93A.

Board of Registration in Medicine

Consult the Massachusetts Board of Registration in Medicine for any formal guidance on AI and clinical decision support tools. The source material available does not confirm whether the Board has issued formal guidance. Contact information is at mass.gov/orgs/board-of-registration-in-medicine.

What Changed Recently: 2025–2026 Legislative Activity

The 194th Legislature has advanced several AI healthcare bills to committee.

• April 2, 2026: S 2632 recommended "ought to pass" by committee and referred to Senate Ways and Means.
• March 2026: H 77 (FAIR Act) reported favorably, referred to House Ways and Means.
• March 2026: S 35 (FAIR Act, Senate companion) reported favorably, referred to Senate Ways and Means.
• March 2026: S 49 (cybersecurity and AI) reported favorably, referred to Senate Ways and Means.
• March 2026: S 1403 (reducing administrative burden) reported favorably, referred to Senate Ways and Means.
• March 19, 2026: H 4616 (prior authorization) reporting deadline extended to June 15, 2026.
• Study order: H 1210 was accompanied by the H 5066 study order, indicating future legislative interest in patient consent for AI health communications.
• April 16, 2026: HD 6046 (global investment, talent, and innovation act) was updated. The source material does not confirm whether this bill contains healthcare AI provisions. Verify the bill text at malegislature.gov.

The concentration of bills in Ways and Means raises the possibility of consolidation into an omnibus AI bill. Floor votes can follow Ways and Means referral quickly.

Compliance Requirements Comparison: Key Bills Side by Side

All bills are pending. Obligations, covered entities, and enforcement details are subject to amendment. Verify current bill text at malegislature.gov before relying on this table for legal advice.

Federal preemption note: Where federal law sets a floor, including HIPAA's security standards and FDA's SaMD clearance requirements, Massachusetts bills may add requirements but cannot reduce federal protections. A Massachusetts-based health AI vendor must satisfy both layers simultaneously once state bills are enacted.

Federal Overlay: FDA, HIPAA, and FTC Rules That Apply in Massachusetts

FDA Software as a Medical Device

AI and ML tools that meet the FDA's definition of a medical device require either 510(k) clearance or premarket approval (PMA) before commercial distribution. The FDA's 2021 AI/ML-Based Software as a Medical Device Action Plan established a framework for iterative algorithm changes. If your AI tool supports clinical diagnosis or treatment selection, consult FDA's SaMD guidance.

HIPAA Security Rule

The HIPAA Security Rule (45 CFR Parts 160 and 164) requires covered entities and business associates to conduct security risk analyses that account for all systems handling electronic protected health information (ePHI). An AI system that processes ePHI is subject to HIPAA. Business associate agreements (BAAs) must be executed with AI vendors meeting the business associate definition. The security risk analysis must account for AI-specific vulnerabilities like model poisoning, inference attacks, and data leakage.

FTC Act Section 5

The FTC Act Section 5 (15 U.S.C. § 45) prohibits unfair or deceptive acts or practices in commerce. The FTC has stated that AI health claims, including misrepresentation of diagnostic accuracy, efficacy, or FDA clearance status, are within its enforcement scope.

CMS Interoperability and Prior Authorization Rule

CMS-0057-F, the CMS Interoperability and Prior Authorization Final Rule, imposes transparency and interoperability requirements on Medicare Advantage, Medicaid managed care, and CHIP plans, with phased effective dates beginning in 2026. Massachusetts Medicaid managed care plans subject to this rule must align their AI-driven prior authorization workflows with its requirements. Consult CMS for the specific effective date applicable to your plan type.

ONC HTI-1 Rule

The ONC HTI-1 Final Rule (45 CFR Part 170) addresses information blocking and imposes transparency requirements on certain clinical decision support tools. If an AI system qualifies as a clinical decision support tool under ONC's definitions, the HTI-1 rule's requirements apply.

How Massachusetts Bills Layer on Top

Once enacted, S 2632 will likely add state-level disclosure and human override rights that exceed federal minimums. The FAIR Act (H 77/S 35) may add impact assessment obligations not required under HIPAA or FDA rules. The result is a compliance stack: satisfy federal requirements first, then layer state obligations on top.

Next Steps and Who to Contact in Massachusetts

Five Compliance Steps to Take Now

Step 1: Inventory your AI tools. Catalog every AI and ML tool used in clinical decision-making, prior authorization, utilization review, patient communications, and administrative workflows, including vendor-supplied tools.

Step 2: Map against pending bill obligations. Run each inventoried tool against the draft obligations in S 2632 and H 77/S 35. Identify gaps in transparency documentation, human override capabilities, and adverse decision disclosure processes.

Step 3: Audit vendor contracts. Review existing vendor agreements for AI transparency provisions, audit rights, BAA coverage, and indemnification for regulatory non-compliance.

Step 4: Assign a legislative monitor. Designate someone to check malegislature.gov weekly for S 2632, H 4616, H 77, S 35, and S 49.

Step 5: Engage qualified legal counsel. Retain counsel with fluency in both Massachusetts health law (M.G.L. c. 176O, c. 93H) and federal SaMD and HIPAA requirements.

Key Agency Contacts

Massachusetts Division of Insurance (DOI) Regulates health insurer AI and prior authorization practices. Consult mass.gov/orgs/division-of-insurance for any bulletins or guidance.

Massachusetts Department of Public Health (DPH) Oversees clinical AI in licensed healthcare facilities. Contact DPH for guidance on AI deployment in licensed settings: mass.gov/orgs/department-of-public-health.

Massachusetts Attorney General's Office Enforces consumer protection under M.G.L. c. 93A. File complaints or request guidance at mass.gov/orgs/office-of-attorney-general.

Massachusetts Board of Registration in Medicine Provides guidance on AI in clinical practice. Consult the Board directly for any formal advisory opinions: mass.gov/orgs/board-of-registration-in-medicine.

Legislative Tracking and Industry Resources

• Bill tracking: malegislature.gov, search S 2632, H 4616, H 77, S 35, S 49, H 1210
• OpenStates tracking: openstates.org/ma/bills/194th/
• Massachusetts Health and Hospital Association (MHA): Member guidance on legislative developments.
• Massachusetts Medical Society: Member guidance on AI in clinical practice.