THE URGENT NEED FOR REGULATION OF

ARTIFICIAL INTELLIGENCE (AI) PROCESSED

HEALTHCARE INSURANCE CLAIMS

Sarah Varney1

INTRODUCTION………………………………………………………………………………1

I. REGULATORY COMPLIANCE ISSUES.................................................................... 11

A. REGULATORY FRAMEWORKS THAT APPLY TO AI.…………………...11
B. COMPLIANCE CHALLENGES WITH USING AI……………….….…....…12
C. POTENTIAL CONSEQUENCES OF NON-COMPLIANCE…………………14

II. THE NEED FOR REGULATORY REFORM……………………………………. ….15

A. CURRENT REGULATORY FRAMEWORKS ARE NOT SUFFICIENT…...16
B. POTENTIAL FOR AI TO HARM CONSUMERS……….………………...…16
C. PROPOSED REFORMS TO ADDRESS COMPLIANCE CHALLENGES… 17

CONCLUSION…………………………………………………………………………...…... 19

INTRODUCTION

From the nation’s inception, regulating healthcare has been an important way for the federal

government to ensure the safety of its citizens. During the great depression, Franklin D.

Roosevelt (FDR) was asked to enact a variety of laws to try and expand the federal government’s

role in regulating citizens’ rights as seen with the Public Health Service and the Social Security

Act. Between the presidency of Franklin D. Roosevelt (FDR) and the present time, several

significant health-related regulations and acts have been enacted. Two prominent ones are

ERISA and HIPAA, but there are others as well:2

1. ERISA (Employee Retirement Income Security Act) - Enacted in 1974, ERISA is a

federal law that sets minimum standards for most private-sector employee benefit plans,

including health plans, to protect the interests of participants and beneficiaries. ERISA

1
J.D Candidate, University of South Dakota, Knudson School of Law, 2025. Special thanks to Professor
Marilyn Trefz, whose commitment to Health Law and Independent Research inspired this Note, and to Dr.
Josh Brower DDS for his ongoing support and guidance.
2
CMS.gov, https://www.cms.gov/cciio/resources/fact-sheets-and-faqs/aca_implementation_faqs17
 establishes rules regarding reporting, disclosure, fiduciary responsibilities, and the

administration of these plans. It also provides guidelines for handling claims and appeals

related to benefits.

2. HIPAA (Health Insurance Portability and Accountability Act) - Enacted in 1996, HIPAA

is a comprehensive federal law that has several components related to health information

privacy, security, and data breach notification. HIPAA's Privacy Rule regulates the use

and disclosure of protected health information (PHI) by covered entities, such as

healthcare providers and health plans. The Security Rule establishes security standards to

protect electronic health information. HIPAA also includes provisions for ensuring the

portability of health insurance coverage and administrative simplification of healthcare

transactions.

3. Affordable Care Act (ACA) - Also known as Obamacare, the ACA was signed into law

in 2010. It aimed to expand access to affordable health insurance for Americans and

introduced various provisions to achieve this goal. Some key provisions of the ACA

include the establishment of health insurance marketplaces, expansion of Medicaid

eligibility, the individual mandate (which required most Americans to have health

insurance), coverage for pre-existing conditions, and the provision that allowed young

adults to stay on their parents' health insurance plans until age 26.

4. Medicare and Medicaid - While these programs were initiated during the Johnson

administration in the 1960s, they have undergone significant changes and expansions

since then. Medicare provides health coverage for seniors and some people with

disabilities, while Medicaid offers coverage for low-income individuals and families.

2
 Over the years, both programs have seen adjustments to eligibility criteria, benefits, and

funding.

5. Mental Health Parity and Addiction Equity Act (MHPAEA) - Enacted in 2008,

MHPAEA requires health insurance plans that offer mental health and substance use

disorder benefits to provide those benefits at parity with medical and surgical benefits.

This means that plans cannot impose more restrictive financial requirements or treatment

limitations for mental health or substance use services than they do for medical and

surgical services.

These are just a few examples of health-related regulations and acts that have been enacted

between FDR's presidency and the present time. Over the years, there have been numerous other

laws and regulations aimed at addressing various aspects of healthcare and health insurance in

the United States. It is time the federal government once again took a large role in advancing

healthcare reform at a national level by regulating AI in the healthcare industry.

Artificial intelligence (AI) is rapidly transforming the healthcare insurance industry.3 The use

of AI in processing insurance claims has several potential benefits.4 These benefits include

improved efficiency as AI systems can help to improve the efficiency of claim processing.5 This

can lead to faster processing times, lower costs, and a better customer experience.6 Another

benefit is improved accuracy since AI systems can help to improve the accuracy of claim

processing.7 This should help to reduce errors, to prevent fraud, and to ensure that consumers

receive the benefits that they are entitled to.8 Benefits could also be seen as it related to fairness
3
Select Committee On Artificial Intelligence of the National Science And Technology Council, National
Artificial Intelligence Research And Development Strategic Plan 2023 Update, May 2023,
https://www.whitehouse.gov/wp-content/uploads/2023/05/National-Artificial-Intelligence-Research-and-
Development-Strategic-Plan-2023-Update.pdf
4
Id.
5
Id.
6
Id.
7
Id.
8
Id.

3
seeing that AI systems can help to ensure that claims are processed fairly.9 This should help to

prevent discrimination and to ensure that all consumers are treated equally.10

However, there are also some potential risks associated with the use of AI in processing

insurance claims.11 These risks include discrimination since AI systems could be used to

discriminate against certain groups of people.12 For example, an AI system could be used to deny

claims more often to people of color or to people with disabilities.13 Another risk is bias given

that AI systems could be programed to be biased.14 This could happen if the data that is used to

train the AI system is biased.15 For example, if the data is mostly from white males, the AI

system could be more likely to deny claims to women or people of color.16 An additional risk

centers around privacy seeing that the data that is used to train AI systems could be subject to

privacy laws.17 If this data is not properly protected, consumers could have their privacy

violated.18

The use of AI in insurance also raises important regulatory compliance issues. Insurance

claims are governed by a complex web of laws and regulations.19 These laws and regulations are

designed to protect consumers, ensure fairness, and prevent fraud.20 Now, the federal government

must take a closer look at AI laws and regulations in the wake of new changes proposed by the

European Union (EU) and Biden administration regarding an AI Bill of Rights.21

9
Id.
10
Id.
11
Id.
12
Id.
13
Id.
14
Id.
15
Id.
16
Id.
17
Id.
18
Id.
19
Id.
20
Id.
21
Id.

4
 The current lack of regulatory compliance could have serious consequences for both

consumers and insurers.22 Consumers are having their insurance claims denied after being

reviewed by AI only without the patients being aware that their claims were not reviewed by a

human.23 It has been found that AI claims are batched under a margin loss search and the claims

are then denied before ever being opened for review.24 Insurers have been subject to fines and

other penalties for these practices.25 For these reasons, it is essential that AI systems used to

process insurance claims be compliant and consistent with all applicable laws and regulations.

This Note will discuss the regulatory compliance issues that arise from the use of AI in insurance

claims, arguing that the current regulatory frameworks are not sufficient to protect consumers

and ensure fairness in claims processing.

Further, this Note reviews the critical reasons for regulating artificial intelligence and

explains the issues that have arisen because no regulations have been set forth by the federal

government to this point. Additionally, this paper will propose specific reforms that would

address the identified compliance challenges. These recommended reforms include increased

transparency and accountability for AI systems that are used to process insurance claims in

addition to stronger data protection laws to protect the privacy of consumers. The creation is

proposed for new laws and regulations that will address the specific risks of AI in insurance

claims. This Note will conclude by calling for the development of comprehensive regulations for

AI systems that are used to process insurance claims. These regulations should be designed to

protect consumers, prevent discrimination, and mitigate the risks of fraud and other harm.

22
Id.
23
Id.
24
Id.
25
Id.

5
 BACKGROUND

The history of AI in the healthcare industry in the United States can be traced back to the

early 1970s, when the first AI-powered applications were developed to streamline biomedical

operations.26 One of the most notable early examples was MYCIN, an AI program that helped

identify blood infections treatments.27

As the 1980s unfolded, AI research in healthcare continued to grow, leading to the

development of innovative applications that transformed the landscape.28 Expert systems

emerged, offering valuable advice and recommendations to healthcare professionals, as well as

decision support systems, which could help with complex clinical decisions.29 However, the early

years of AI in healthcare were marked by some challenges. Limited access to comprehensive

datasets and limited computing power hindered the full potential of AI.30

In the 1990s, AI research in healthcare began to accelerate, gaining significant momentum.

Advancements in technology, including the increasing availability of large datasets and the

development of more powerful computers resulted in the development of a multitude of new AI-

powered applications.31 An emergence of sophisticated systems developed, including

applications for image analysis, natural language processing, and drug discovery.32

26
Bohr A, Memarzadeh K. The rise of artificial intelligence in healthcare applications. Artificial Intelligence
in Healthcare. 2020:25–60. doi: 10.1016/B978-0-12-818438-7.00002-2. Epub 2020 Jun 26. PMCID:
PMC7325854.
27
Sandeep Reddy, Use of Artificial Intelligence in Healthcare Delivery, October 27th, 2017,
https://www.intechopen.com/chapters/60562
28
Kulikowski CA. Beginnings of Artificial Intelligence in Medicine (AIM): Computational Artifice Assisting
Scientific Inquiry and Clinical Art - with Reflections on Present AIM Challenges. Yearb Med Inform. 2019
Aug;28(1):249-256. doi: 10.1055/s-0039-1677895. Epub 2019 Apr 25. PMID: 31022744; PMCID:
PMC6697545.
29
Id.
30
Id.
31
Id.
32
Id.

6
 The 2000s saw the continued growth trajectory of AI in healthcare, driven by a several

factors. The increasing availability of electronic health records (EHRs) 33 provided a wealth of

data for AI systems to leverage. Additionally, the growth of mobile healthcare, and the

increasing investments in AI by healthcare organizations further fueled the increase of its use.

During the early 2000s, healthcare insurers began using AI primarily for tasks such as claims

processing and fraud detection. 34 AI algorithms automated and expedited the processing of

insurance claims, making the process faster and more accurate. Similarly, AI-based fraud

detection systems were implemented to identify and flag potentially fraudulent claims, helping

insurers mitigate financial losses due to fraudulent activities.35

While the adoption of AI in healthcare insurance was in its infancy during the early 2000s, it

laid the foundation for more significant advancements in subsequent years. As technology

continued to progress, healthcare insurers began exploring more sophisticated AI applications,

such as predictive analytics for risk assessment, improved disease management, and personalized

insurance products.36

The 2010s saw the emergence of AI as a disruptive force in the healthcare industry. AI-

powered applications are now being used in a wide range of healthcare settings, including

hospitals, clinics, and doctor's offices and revolutionizing various administrative tasks.37

In recent years, with the availability of vast amounts of data, increased computational power,

and advancements in machine learning and natural language processing, AI’s integration in the

healthcare insurance industry has become more pervasive. Today, AI is extensively utilized for a
33
Id.
34
Id.
35
Id.
36
Id.
37
Id.

7
wide range of tasks, including underwriting, customer service, population health management,

and compliance.38

The first lawsuit involving AI used for healthcare claims processing, occurred soon after AI

was utilized for the purpose of underwriting.39 The case, Suzanne Kisting-Leung and Ayesha

Smiley v. Cigna Corporation, Cigna Health and Life Insurance Company involved Suzanne

Kisting-Leung and Ayesha Smiley, individually and on behalf of all other similarly situated,

Plaintiffs, vs. Cigna Corporation, Cigna Health and Life Insurance Company.40 This case was a

class action complaint alleging breach of the implied covenant of good faith and fair dealing,

violation of California unfair competition law, business & professions code section 17200, et

seq., intentional interference with contractual relations, and unjust enrichment all brought on

behalf of Cigna’s insured since there were no regulations in place for the regulating the use of

AI.41

The health insurance company Cigna is facing a class-action lawsuit for allegedly using an

algorithm called PxDx to rapidly reject hundreds of thousands of patients' claims, with each

claim being assessed in just 1.2 seconds.42 The lawsuit contends that this practice violates

California state law, which mandates a thorough and fair investigation into each patient’s claim.43

Cigna's CEO and president, David Cordani, is among the best-paid healthcare executives in the

country.44 The lawsuit claims that the algorithm automatically denies claims on medical grounds

38
Id.
39
Forbes, Richard Nieva, Cigna Sued Over Algorithm Allegedly Used to Deny Coverage To Hundreds Of
Thousands Of Patients, Jul 24, 2023,03:01pm,
https://www.forbes.com/sites/richardnieva/2023/07/24/cigna-sued-over-algorithm-allegedly-used-to-deny-
coverage-to-hundreds-of-thousands-of-patients/?sh=584dca044b14
40
Id.
41
Id.
42
Id.
43
Id.
44
Id.

8
without doctors ever reviewing patient files, resulting in thousands of patients being left without

coverage and facing unexpected bills.45 The scope of the problem is said to be massive, with over

300,000 payment requests denied using this method in just two months.46 The suit includes

individual cases where patients' claims for medically necessary procedures were denied, leaving

them responsible for the costs.47

The plaintiffs seek damages and an injunction to halt Cigna's alleged improper and unlawful

claim handling practices.48 The case was brought by the Clarkson Law Firm, which has

previously sued Google's parent company, Alphabet, over its use of AI and data collection.49 This

lawsuit comes after a ProPublica investigation exposed Cigna's use of the database to deny

claims.50 Cigna reportedly added procedures to the algorithm specifically for automatic denials,

saving the company millions of dollars in medical costs.51 Cigna has defended its use of the

algorithm, stating that it employs technology to verify codes for certain procedures based on

their coverage policies, which helps expedite physician reimbursement.52 The company denies

that the algorithm results in denials of care.53

Overall, the lawsuit raises questions about the use of algorithms and artificial intelligence in

the healthcare industry to determine medical necessity and claims decisions. It highlights

45
Id.
46
Id.
47
Id.
48
Fierce Healthcare, Cigna hit with class action alleging it used an algorithm to reject claims, Paige
MinemyerJul 25, 2023 03:41pm, https://www.fiercehealthcare.com/payers/cigna-hit-class-action-alleging-
it-used-algorithm-reject-claims
49
Id.
50
Id.
51
Id.
52
Id.
53
Id.

9
concerns about whether these practices comply with legal requirements and protect patients'

rights.54

Despite its many potential benefits, there arises a critical need for regulatory compliance to

ensure the ethical and secure use of AI technology, especially as it relates to claims processing.

By adhering to these regulatory requirements, health insurance companies can harness the power

of AI while safeguarding patient privacy akin to the way the Health Insurance Portability and

Accountability Act of 1996 (HIPPA) and Occupational Safety and Health Administration

(OSHA) regulations currently function, to ensure fairness, safety, and maintain ethical practices.

Like HIPAA regulations, which were enacted due to changes in technological advancements to

healthcare companies, the need for AI regulations is equally critical.

Looking to HIPAA regulations as a model

In 1996, the enactment of HIPAA regulations served as a response to pressing concerns in

the healthcare industry, particularly with the shift towards electronic record keeping.55 As the use

of electronic health records (EHRs) became more prevalent, the potential for unauthorized access

to patient data became a growing concern, prompting the need for robust safeguards.56 President

Bill Clinton signed the bill into law on August 21, 1996.57

HIPAA stands on four main goals:58

54
Id.
55
The HIPPA Journal, Steve Alder, What is the Purpose of HIPAA?, Feb 1, 2023,
https://www.hipaajournal.com/purpose-of-hipaa/#:~:text=So%2C%20in%20summary%2C%20what
%20is,breaches%20of%20their%20health%20data
56
Id.
57
Id.
58
The HIPPA Journal, Steve Alder, What is the Purpose of HIPAA?, Feb 1, 2023,
https://www.hipaajournal.com/purpose-of-hipaa/#:~:text=So%2C%20in%20summary%2C%20what
%20is,breaches%20of%20their%20health%20data

10
 1.To improve the efficiency and effectiveness of the health care system.

2. To protect the privacy of patient health information.

3. To facilitate the portability of health insurance.

4. To enforce standards for electronic health care transactions and code sets.

Over the years, HIPAA has been credited with improving the security of patient health

information and making it easier for patients to access their health records. To achieve its

objectives, several key provisions were put in place:

1. The Privacy Rule: With a primary focus on protecting patient health information, this

provision mandates that health care providers obtain patient consent before sharing their health

information and take steps to protect the security of patient health records.

2. The Security Rule: This rule requires health care providers to implement a range of

safeguards to protect the security of patient health information. These safeguards include

physical, technical, and administrative measures.

3. The Breach Notification Rule: To ensure transparency and accountability, this rule

requires health care providers to notify patients in the event of a breach of their health

information.

4. The Enforcement Rule: This pivotal rule establishes the enforcement mechanisms for

HIPAA. It allows the U.S. Department of Health and Human Services (HHS) to impose civil

penalties on health care providers who violate the law.

11
 HIPAA has proven to be an indispensable framework, fortifying patient privacy and

empowering individuals in their healthcare needs, while establishing essential guidelines for

healthcare to meet ethical practices to maintain the integrity of sensitive and personal identifiable

data. Yet, despite its significance in the realm of healthcare, there remains a critical void when it

comes to a finalized regulatory framework for AI. (cite) As such, this Note delves deeper into the

imperative goals required to attain regulatory compliance with AI. It analyzes current plans

presented, and highlights the adjustments needed to achieve proper compliance in the insurance

healthcare industry.

I. REGULATORY COMPLIANCE ISSUES

A. Different Regulatory Frameworks That Apply To AI-Processed Insurance Claims

In the United States, the exploration, evaluation, and possible regulation of AI

implementation have found a stalwart advocate in the National Association of Insurance

Commissioners (NAIC).59 As a distinguished association comprising insurance regulators from

all fifty U.S. states, including DC and the territories, the NAIC has taken proactive steps in this

realm. Establishing a dedicated committee and working groups, the NAIC has undertaken the

vital task of assessing the use of big data and AI in the insurance industry while scrutinizing

existing regulatory frameworks.60 The consequential findings and recommendations stemming

from their efforts hold the potential to shape the development and continuous refinement of laws,

regulations, handbooks, and regulatory proposals.61

59
Paul P. Chen Yuliya Feldman Vikram Sidhu, US Insurance Regulators’ Perspectives on Artificial
Intelligence, October 13, 2022,
https://www.mayerbrown.com/en/perspectives-events/publications/2022/10/us-insurance-regulators-
perspectives-on-artificial-intelligence.
60
Id.
61
Id.

12
 Additionally in the U.S some state insurance regulators, as seen in New York, California, and

Connecticut, have taken the initiative to evaluate the potential regulatory options regarding the

use of AI in the insurance industry.62 These state insurance regulators have additionally

circulated letters and bulletins spelling out their concerns with the use of AI in insurance.63

Colorado has led the way and by passing a statue that mandates its insurance commissioner to

enact rules prohibiting insurers from using algorithms and predictive models in a way that is

harmful to consumers.64

In 2022, the NAIC committed to evaluate AI advancements to analyze if current state laws

and regulatory tools are adequately protecting consumers.65 This work is being done inside the

NAIC’s Innovation, Cybersecurity, and Technology (H) Committee, known as the “ICT

Committee”. 66 One of the ICT Committee’s most important working groups is the Data and

Artificial Intelligence (H) Working Group known as the “BD/AI Working Group”. 67 The BD/AI

Working Group met at the Summer 2022 NAIC National Meeting and explored risk management

approaches to AI and AI model explainability as it related to transparency.68

B. Specific Compliance Challenges That Arise from The Use Of AI

With the continuous advancements of AI technology, the widespread integration of AI in

insurance claims is anticipated to escalate.69 As AI’s role expands in this domain, the need for

regulatory compliance will increase to avoid cases of fraud and misuse.70

62
Id.
63
Id.
64
Id.
65
Id.
66
Id.
67
Id.
68
Id.
69
Id.
70
Id.

13
 There are several specific regulatory compliance considerations that apply to the use of AI in

health insurance claims. These considerations include transparency to ensure that insurers must

be transparent about how they use AI in insurance claims.71 This includes disclosing the data that

is used to train AI systems, the algorithms that are used to make decisions, and the criteria that

are used to determine whether claims are approved or denied.72 Another consideration is for

Accountability so that insurers must be made accountable for the decisions that are made by AI

systems.73 This means that insurers must be able to explain how AI systems make decisions and

to justify those decisions.74 Auditability is also a consideration given the conviction that insurers

must be able to audit the use of AI in insurance claims.75 This means that insurers must be able to

track the data that is used to train AI systems, the algorithms that are used to make decisions, and

the decisions that are made by AI systems.76

Within the realm of health insurance, cases have emerged, highlighting the challenges faced

due to the misuse of AI in claims processing. In Suzanne Kisting-Leung and Ayesha Smiley v.

Cigna Corporation, Cigna Health and Life Insurance Company, the first lawsuit was filed by two

California residents, who alleged that Cigna had denied their claims for medical care because an

AI algorithm had determined that the medical care, they sought was not medically necessary. 77

The plaintiffs alleged that Cigna's use of AI violated California law, which requires insurance

companies to provide a "fair and reasonable review" of medical claims.78 The lawsuit also

alleged that Cigna's use of AI was discriminatory, as it disproportionately affected women and
71
Id.
72
Id.
73
Id.
74
Id.
75
Id.
76
77
CBS News Sacramento, Cigna health giant accused of improperly rejecting thousands of patient claims
using an algorithm, July 25, 2023 / 7:14 PM, https://www.cbsnews.com/sacramento/news/cigna-health-
giant-accused-of-improperly-rejecting-thousands-of-patient-claims-using-an-algorithm-3/
78
Id.

14
people of color.79 The lawsuit was settled in 2022, with Cigna agreeing to pay $9,500,000 to

Plaintiffs and to change its policies on the use of AI in processing healthcare claims.80 In Strawn

v. Farmers Insurance Company of Oregon, the Oregon Supreme Court upheld a jury award of

$8,750,000 in compensatory and punitive damages to a class of policyholders who challenged

their insurer’s use of a licensed “cost containment software program” to process medical

claims.81 In Byorth v. USAA Casualty Insurance Company, Byorth and McKean filed a

complaint against USAA alleging breach of fiduciary duties, breach of contract, and violations of

the Unfair Trade Practices Act, § 33-1201. Plaintiffs argued USAA's practice of sending medical

claims to AIS was "an improper cost containment scheme designed to wrongfully deprive

Montana consumers of their first-party medical pay benefits." Plaintiffs sought to recover actual

and punitive damages and to enjoin USAA from submitting future claims to AIS for review.

Finally, additional to the specific challenges mentioned above, there are also some general

compliance challenges that apply to the use of AI in insurance claims. These challenges include

keeping up with the pace of technological change given that AI technology is constantly

evolving.82 This means that insurers must constantly be updating their compliance programs to

ensure that they are compliant with the latest regulatory requirements.83 Challenges also arise as

it pertains to managing the risk of bias.84 As mentioned above, AI systems can be biased if the

79
Id.
80
Id.
81
Artificial Intelligence (AI), Breanna Jones, AI Update: What Happens When a Computer Denies Your
Insurance Coverage Claim?
March 19, 2019, https://www.insidetechmedia.com/2019/03/19/ai-update-what-happens-when-a-
computer-denies-your-insurance-coverage-claim/

82
ARTIFICIAL INTELLIGENCE (AI), Yaron Dori, Andrew Longhi & Jorge Ortiz, White House Announces
New Efforts to Advance Responsible AI Practices, May 25, 2023,
https://www.insidetechmedia.com/2023/05/25/white-house-announces-new-efforts-to-advance-
responsible-ai-practices.
83
Id.
84
Id.

15
data that they are trained on is biased. This is a complex challenge to manage, and insurers must

take steps to mitigate the risk of bias in their AI systems.85 Compliance challenges also exist

when ensuring the accuracy of AI systems as AI systems can make mistakes.86 This can lead to

the denial of legitimate claims or the approval of fraudulent claims.87 Insurers must take steps to

ensure that their AI systems are accurate and that claims are processed fairly.

C. The Potential Consequences of Non-Compliance as set forth by case law.

In looking at these cases and the specific compliance challenges that arise from the use of AI

we next need to explore the potential legal consequences of non-compliance. In the Cigna case,

the potential consequences of non-compliance with regulatory requirements for the use of AI in

insurance claims are significant. The two Cigna insured members filed a class action lawsuit

against the company, alleging that Cigna used an algorithm called PXDX to improperly deny

scores of patient claims. PXDX allows Cigna to reject claims "in batches of hundreds or

thousands at a time" without ever opening the patient’s claims. The plaintiffs in the lawsuit say

that their claims were denied through this system, one for an ultrasound and the other for a

vitamin D test. The plaintiffs allege that Cigna's use of PXDX violates California law, which

requires that insurers conduct a "thorough, fair and objective" investigation into each patient’s

claim. The plaintiffs also allege that Cigna's use of PXDX is a breach of fiduciary duty, as it

serves Cigna's own economic interests at the expense of its insured. The lawsuit raises important

questions about the use of algorithms in healthcare and the potential for these algorithms to be

used to deny patients' claims.

85
Id.
86
Id.
87
Id.

16
 In Strawn v. Farmers Ins. Co., the insurance company used cost-containment software to

evaluate their insureds' medical expenses.88 The software compared the charges submitted by an

insured's provider to other bills for the same procedure in a given region. 89 If Farmers

determined that the charge submitted by the provider exceeded a certain percentage of the range

of the charges in those other bills, Farmers refused to pay the excess on the ground that it was

"unreasonable."90 The plaintiff is the representative of a class of insureds who allege that

Farmers' review process set an arbitrarily low percentage, initially, 80 percent, that resulted in

the denial of claims for reasonable medical expenses.91 The plaintiff alleges that this practice

increased Farmers' profits at the expense of claimants and medical providers. 92 In other words,

Farmers used a software to set a threshold for what it considered to be "reasonable" medical

expenses.93 If a provider's charge exceeded this threshold, Farmers would deny the claim.94 The

plaintiff alleges that this threshold was set too low, and that it resulted in the denial of legitimate

claims.95

In the Byorth v. USAA Casualty Insurance Company case, the Montana Supreme Court held

that an insurer’s mere act of sending medical claims to a third-party contractor which allegedly

“applied computer algorithms to review the files for any possible means to deny the claims” was

“precisely the type of superficial question that fails to demonstrate a common injury.” Rather, to

satisfy commonality, the plaintiffs needed to “identify the allegedly unlawful, systematic

program … that causes the denials [of claims.]”

88
Justia US Law, Strawn v. Farmers Ins. Co., May 20, 2009, https://law.justia.com/cases/oregon/court-of-
appeals/2009/a131605.html
89
Id.
90
Id.
91
Id.
92
Id.
93
Id.
94
Id.
95
Id.

17
 II. THE NEED FOR REGULATORY REFORM

A. Current Regulatory Frameworks Are Not Sufficient

The current regulatory frameworks may not be sufficient to protect consumers and ensure

fairness in the processing of AI-processed insurance claims. Current regulatory frameworks were

not designed to specifically address the risks and challenges of AI. For example, regulatory

frameworks, such as the Health Insurance Portability and Accountability Act (HIPAA). The

HIPPA regulatory laws were designed to protect consumers' privacy and financial information,

but they do not specifically address the use of AI.

However, thought not specifically written as AI regulations, the Federal Trade Commission

(FTC) has decades of experience enforcing three laws important to developers and users of AI:96

1.Section 5 of the FTC Act. The FTC Act prohibits unfair or deceptive practices. That would

include the sale or use of – for example – racially biased algorithms.

2. Fair Credit Reporting Act. The FCRA comes into play in certain circumstances where an

algorithm is used to deny people employment, housing, credit, insurance, or other benefits.

3. Equal Credit Opportunity Act. The ECOA makes it illegal for a company to use a biased

algorithm that results in credit discrimination based on race, color, religion, national

origin, sex, marital status, age, or because a person receives public assistance.

B. Potential for AI to Harm Consumers

96
Federal Trade Commission, Elisa Jillson, Aiming for truth, fairness, and equity in your company’s use of
AI, April 19, 2021 https://www.ftc.gov/business-guidance/blog/2021/04/aiming-truth-fairness-equity-your-
companys-use-ai

18
 AI systems are not perfect. They can make mistakes, just like humans.97 These mistakes

can have a significant impact on consumers, especially when it comes to insurance claims. For

example, an AI system could make a mistake in the assessment of a claim, leading to the denial

of a legitimate claim.98 This could have a significant financial impact on the consumer, as they

may be denied the benefits they are entitled to. In addition, AI systems can be biased.99 This

means that they are more likely to make mistakes for certain groups of people. For example, an

AI system that is trained on data that is biased against women may be more likely to deny claims

made by women.100

C. Proposed Reforms to Address Compliance Challenges

Government-based and industry-based reforms are essential in tackling the prevailing

compliance challenges arising from AI processed insurance claims. There are specific reforms

that could be considered such as requiring insurers to obtain consent from consumers before

using AI to process their claims. This would allow consumers to have a say in how their data is

used and to opt out of AI-based decision-making. Additionally, reforms could include

establishing a regulatory body to oversee the use of AI in insurance claims. This body could be

responsible for developing and enforcing regulations, and for providing guidance to insurers on

how to use AI in a compliant manner. It could also be considered to require insurers to conduct

regular audits of their AI systems to ensure that they are working properly and that they are not

biased. This would help to identify and address any problems with AI systems before they cause

harm to consumers.

97
Ajitesh Kumar, Healthcare Claims Processing AI Use Cases, November 12, 2022,
https://vitalflux.com/healthcare-claims-processing-ai-use-cases
98
Id
99
Id.
100
Id.

19
 The Blueprint for an AI Bill of Rights was proposed by the White House’s Office of

Science and Technology Policy in 2022 and lays out five core protections to which the American

public should be entitled: 101

1) Safe and Effective Systems: You should be protected from unsafe or ineffective

systems.

2) Algorithmic Discrimination Protections: You should not face discrimination by

algorithms and systems should be used and designed in an equitable way.

3) Data Privacy: You should be protected from abusive data practices via built-in

protections, and you should have an agency over how data about you is used.

4) Notice and Explanation: You should know that an automated system is being used and

understand how and why it contributes to outcomes that impact you.

5) Human Alternatives, Consideration, and Fallback: You should be able to opt out,

where appropriate, and have access to a person who can quickly consider and remedy

problems you encounter.

European Commission, TTC Joint Roadmap for Trustworthy AI and Risk Management, 01 December
101

2022, https://digital-strategy.ec.europa.eu/en/library/ttc-joint-roadmap-trustworthy-ai-and-risk-
management.

20
 The Blueprint for an AI Bill of Rights and its set of five principles and associated practices

were designed to help guide the design, use, and deployment of automated systems and to protect

the rights of the American public in the age of artificial intelligence.102 This Bill of Rights was

developed through a consultation with the public, and these principles are a blueprint for

building and deploying automated systems that are aligned with human rights and democratic

values.103 The Blueprint for an AI Bill of Rights gives steps that can be taken by many

organizations from governments at all levels to companies of all sizes—to uphold these values,

to protect the civil rights of Americans, and ensure technology is working for the American

people, and to move these principles into practice.104

This Blueprint for an AI Bill of Rights Blueprint also includes concrete steps which

governments, companies, communities, and others can take in order to build these key

protections into policy, practice, or technological design to ensure automated systems work in

ways that protect human rights and democratic values.105 The Blueprint for an AI Bill of Rights

is focused on protecting human rights and democratic values, so the systems defined as in scope

are based on impact as opposed to the underlying technical choices made in any system, since

such choices can and do change with the speed of technological innovation.106 Specifically, the

Blueprint should be applied with respect to all automated systems that have the potential to

meaningfully impact individuals’ or communities’ rights, opportunities, or access.107

In addition to abiding by the AI Bill of Rights and other government-based reforms,

insurance companies need to take on the responsibility of self-regulating to develop insurance-

102
Id.
103
Id.
104
Id.
105
Id.
106
Id.
107
Id.

21
based reforms and a code of conduct for the use of AI.108 The specific reforms that would address

the identified compliance challenges centered around AI processed insurance claims for the

consumer include requiring AI systems to be transparent about how they make decisions.109 This

would allow consumers to understand how AI systems are affecting them and to challenge

decisions that they believe are unfair and additionally would require AI systems to be

accountable for their actions.110 This could be done by requiring AI systems to be equipped with

mechanisms for detecting and correcting errors.111 Creating new regulatory frameworks that

specifically address the use of AI in insurance claims is also needed.112 These frameworks would

need to be designed to protect consumers' privacy, prevent discrimination, and ensure the

accuracy and accountability of AI systems. 113 To implement AI, insurance companies will also

need to create an AI strategy document.114

CONCLUSION

The use of AI in insurance claims is rapidly evolving due to a lack of regulation. This

means that the potential risks and benefits of AI will become even more complex. This also

means that the need for regulatory compliance will become even more important. Insurers that

use AI in insurance claims must ensure that their AI systems are accurate, fair, and transparent.

They must also have a robust compliance program in place to ensure that their AI systems are

used in a compliant manner that does not currently exist. Currently there is no government

oversight or compliance program for health insurance claims processed by AI, and the need to

protect the consumer has reached a breaking point as the speed of technological advancement
108
Id.
109
Id.
110
Id.
111
Id.
112
Id.
113
Id.
114
Id.

22
continues. By taking these steps now, the federal government can help to protect consumers from

the risks of AI and ensure that AI is used in a safe and ethical manner by health insurance

companies when processing claims.

23