Taction Software Releases Governance Guide as States Move to Require Human Review of AI Care Decisions
New state laws mandate human oversight of AI-driven coverage and clinical decisions. Most healthcare organizations lack the technical governance to comply.
The law now says a human must review AI decisions. Meeting that mandate is an engineering problem before it is a policy one.”
CHICAGO, IL, UNITED STATES, July 17, 2026 /EINPresswire.com/ -- A wave of new state legislation is rewriting the rules for artificial intelligence in healthcare, and it is exposing a readiness gap that few provider and payer organizations are prepared to close. The requirements are no longer theoretical or federal proposals waiting on Congress. They are state laws with effective dates that have already passed or are weeks away, and they carry reporting obligations and liability that reach directly into how healthcare software is designed.— Arinder Singh Suri, Chief Executive Officer
As of 2026, 37 states have enacted or introduced legislation governing the use of AI in healthcare. The fastest moving cluster targets coverage and clinical decisions. The common requirement, that a qualified human must own any medical necessity denial, now appears in roughly a dozen states. The direction of travel is unmistakable, and organizations that treated AI governance as a future concern are finding that the future arrived on the statute books.
The most comprehensive example took effect this summer. Washington's Senate Bill 5395, effective June 11, 2026, provides that only a licensed physician or health professional may deny a prior authorization based on medical necessity, and bars insurers from relying solely on AI to make such determinations. Under the law, a human reviewer must evaluate the requesting provider's recommendation, the enrollee's medical history, and the enrollee's individual clinical circumstances, and AI review criteria must reflect the individual patient rather than group data alone.
Other states are layering on transparency and reporting duties. Maryland's HB 1563, effective June 1, 2026, requires health insurers to report quarterly to the Insurance Commissioner the number of adverse decisions issued, the type of service involved, and whether AI was used in making the decision. The law also gives the commissioner authority to investigate insurers that show significant increases in adverse determinations, particularly denials for emergency department services. Georgia's SB 444, effective January 1, 2027, permits insurers to use AI in prior authorization but provides that AI may not issue an adverse determination until a qualified human conducts a utilization review in which a clinical peer participates.
In response to this shift, Taction Software, a Chicago based healthcare IT and custom software development firm, has released a practical guide to responsible AI governance for healthcare organizations. Rather than restating the ethical case for oversight, the guide translates the new legal requirements into the technical architecture they demand. It covers human in the loop review workflows, decision traceability, HIPAA aligned audit logging, model documentation, bias monitoring, and vendor oversight, and it maps each of these to the obligations that state laws are now beginning to impose.
The timing reflects a documented gap between how quickly AI has been adopted and how slowly governance has kept pace. A January 2026 study in Health Affairs by Stanford researchers, led by Michelle Mello, examined the rush to deploy AI in insurance utilization review. The researchers found that many insurers lack robust governance processes through which they could monitor the accuracy and potential biases of the AI tools they have adopted. That gap exists despite dramatic uptake. A 2024 survey of 93 large health insurers found that 84 percent were already using AI for some operational purpose. Public confidence has not kept up with adoption. Two thirds of US adults have little trust that AI will be used responsibly in healthcare, and consumers rate health insurers among the least trusted sectors of the system.
The stakes are not limited to regulatory compliance. Litigation is testing whether automated decisions meet the individualized review that insurance contracts promise. Humana is being sued in Kentucky over its use of the nH Predict tool, with patients arguing that rigid AI criteria ignored their specific clinical circumstances. For any organization building AI into clinical or coverage workflows, the ability to demonstrate how a decision was reached is becoming both a legal requirement and a legal defense.
"The law now says a human must review AI decisions. What almost no one is explaining is what that actually requires under the hood," said Arinder Singh Suri, CEO of Taction Software. "A compliance checkbox is not the same as an audit trail a clinician can act on. If a reviewer cannot see what the model saw, what data it weighed, and why it reached its recommendation, then the human in the loop is a signature, not a safeguard. Meeting these mandates is an engineering problem before it is a policy one, and that is the gap we wrote this guide to close."
The guide breaks the requirement for human oversight into the components that make it real in software. Decision traceability means capturing the inputs, model version, and reasoning behind each recommendation so a reviewer and, later, an auditor can reconstruct it. Audit logging must be tamper evident and retained in line with HIPAA and state record keeping rules. Bias monitoring has to run continuously rather than at a single point of validation, because model performance drifts as populations and data change. Vendor oversight matters because many organizations do not build their AI tools in house, and the new laws hold the deploying organization accountable regardless of who wrote the model. Each of these is a design decision that is far cheaper to build in from the start than to retrofit under a regulator's deadline.
The guide is aimed at hospital systems, digital health companies, and payers that are building or buying AI into clinical and coverage workflows. It is written for the technical and compliance leaders who have to turn a legal mandate into a working system, and it is deliberately vendor neutral in its recommendations, focusing on the architecture rather than any single product.
Taction Software brings direct experience building compliant healthcare platforms to the subject. The company has delivered EHR and EMR integration work for Voyant Health, built a behavioral health platform for CHIPSS, and developed an FDA Class 1 application for Revive Ease. This work has required the same disciplines the new laws now demand, including secure data handling, defensible record keeping, and systems designed to keep clinicians in control of clinical decisions.
"Every serious healthcare project we take on already lives inside HIPAA and FDA constraints, so building for traceability and human oversight is not new territory for us," Suri added. "What is new is that these practices are moving from best practice to legal baseline. Organizations that treated governance as optional are about to discover it was load bearing."
Taction Software is making the guide available at no cost to healthcare organizations evaluating their exposure to the new requirements. To access the guide, visit https://www.tactionsoft.com/healthcare-app-development/
About Taction Software
Taction Software is a Chicago based healthcare IT and custom software development company founded in 2013. The firm builds HIPAA aligned digital health platforms, EHR and EMR integration, telemedicine and remote patient monitoring systems, and custom healthcare software for organizations across the United States. Led by CEO Arinder Singh Suri, who brings more than 20 years of personal experience in software and healthcare technology, Taction focuses on secure, compliant, and scalable healthcare solutions. More information is available at https://www.tactionsoft.com/
arinder singh suri
Taction Software LLC
+1 512-508-8008
email us here
Visit us on social media:
LinkedIn
Instagram
Facebook
YouTube
X
Other
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

