Contact Us

More and More U.S. Lawmakers Considering AI Regulations in Health Decisions

Written by Jeremy Werner

Jeremy is an experienced journalist, skilled communicator, and constant learner with a passion for storytelling and a track record of crafting compelling narratives. He has a diverse background in broadcast journalism, AI, public relations, data science, and social media management.
Posted on 04/03/2024
In Blog

UPDATE – FEBRUARY 2026:

Colorado continues expanding its leadership in regulating artificial intelligence and algorithmic decision-making in insurance. The Colorado Division of Insurance (DOI) has advanced draft rulemaking to extend Regulation 10-1-1-style governance, risk management, and fairness requirements. These requirements now go beyond life insurance to include auto and health insurers.

The proposed rules would require insurers to implement formal AI governance programs and maintain detailed documentation on algorithm design and testing. In addition, insurers must conduct impact assessments to identify and mitigate potential discriminatory outcomes before deploying predictive models in underwriting, pricing, or claims processing.

The DOI has also indicated that insurers may soon need to perform structured model impact assessments. They must demonstrate compliance with fairness and transparency requirements as part of regulatory oversight. While final adoption is expected after public consultation and review, insurers are already being encouraged to align internal governance, testing, and documentation practices with these anticipated standards.

Colorado’s regulatory framework continues to influence national discussions. Several states—including California and Connecticut—have initiated consultations and working groups focused on insurance AI governance. These groups frequently reference Colorado’s approach as a model.

At the national level, the National Association of Insurance Commissioners (NAIC) has also updated its AI guidance. The new guidance reflects governance, accountability, and risk-management principles similar to those established under Colorado law.

These developments reinforce Colorado’s role as a national leader in regulating AI use in insurance. They also signal a broader shift toward formal governance, fairness testing, and regulatory oversight of algorithmic decision-making across the industry.

ORIGINAL BLOG POST:

More and More U.S. Lawmakers Considering AI Regulations in Health Decisions

While several U.S. states are considering safeguards for AI use in elections, a growing number are also examining regulations aimed at AI systems used by insurance companies. States including New York, California, Connecticut, and New Jersey have issued warnings or begun exploring legislation targeting insurance algorithms.

Many policymakers are studying Colorado’s approach. Colorado became the first state to adopt formal regulations addressing artificial intelligence in insurance.

Senate Bill 21-169

Colorado’s regulatory effort began in 2021 when lawmakers passed Senate Bill 21-169, titled “Concerning Protecting Consumers from Unfair Discrimination in Insurance Practices.”

The law prohibits unfair discrimination based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression in insurance practices.

The legislation also acknowledges that insurers increasingly rely on external consumer data and information sources (ECDIS), algorithms, and predictive models in underwriting, pricing, claims processing, and other operations.

While these tools can streamline decision-making, lawmakers recognized that poorly designed models could negatively affect insurance availability, affordability, or access for protected classes.

To prevent discriminatory outcomes, the law prohibits the use of ECDIS, algorithms, or predictive models that produce unfair discrimination against protected groups.

Role of the Insurance Commissioner

The law directs the Colorado Insurance Commissioner to lead a stakeholder process and develop rules for each type of insurance product.

Under these rules, insurers must:

  • Disclose their data sources
  • Explain how external data and predictive models are used
  • Establish governance and risk management frameworks
  • Conduct impact assessments and address discriminatory outcomes

Insurers must also cooperate with regulatory investigations. Documents obtained during these reviews are treated as confidential.

The law does not require insurers to collect sensitive demographic data from applicants. It does not override existing underwriting practices unless external data and predictive models create a risk of unfair discrimination.

Regulation 10-1-1: Turning Principles Into Practice

In 2023, Colorado adopted Regulation 10-1-1, which established a governance and risk management framework for life insurers using external consumer data. The regulation emphasizes transparency, accountability, and fairness in algorithmic decision-making.

Senior Management Oversight

Insurers must implement governance frameworks approved and overseen by their boards of directors. Senior leadership is responsible for defining strategy, assigning roles, and reviewing risks associated with algorithms and data use.

Cross-Functional Governance Groups

Each insurer must establish a documented governance group including representatives from legal, compliance, risk, product, actuarial, underwriting, marketing, data science, and customer service teams. This structure ensures decisions consider a full range of organizational risks.

Ongoing Monitoring and Documentation

Insurers must maintain policies for designing, testing, deploying, and monitoring algorithms. Regular reviews must assess model drift, system performance, and governance effectiveness.

Third-Party Vendor Accountability

Even when external vendors provide algorithms or datasets, insurers remain fully responsible for compliance. Companies must document vendor selection processes and oversight practices to ensure regulatory expectations are met.

Reporting and Compliance

Insurers are required to submit narrative reports outlining their progress toward regulatory compliance. These reports describe challenges, timelines, and areas still under development.

Annual reports must be signed by a senior officer and confirm full compliance with regulatory requirements.

Organizations that do not use algorithms or external consumer data must still submit an annual attestation confirming non-use.

The Big Picture

If Colorado’s regulatory model proves effective, additional states may adopt similar frameworks. This is especially true for auto, health, and other insurance sectors that rely heavily on predictive models.

The state’s combination of legislation and regulatory guidance offers an early blueprint for oversight of AI-driven decision-making in the insurance industry.

Need Help?

If these two bills prove to be successful in the long-term, it wouldn’t be surprising to see more and more states considering AI regulations on a variety of insurance industries. For assistance in navigating compliance, don’t hesitate to contact BABL AI. Hence, one of their audit experts can offer valuable guidance and support.

What’s New?

Stay up to date with the latest updates.

Global Reactions to DeepSeek: A Comprehensive Overview

Global Reactions to DeepSeek: A Comprehensive Overview

02.18.2025
Navigating the New Frontier: How the EU AI Act Will Impact the Environmental Monitoring Industry

Navigating the New Frontier: How the EU AI Act Will Impact the Environmental Monitoring Industry

02.04.2025
The Future of AI Governance: Trends and Predictions

The Future of AI Governance: Trends and Predictions

01.31.2025

Subscribe to our Newsletter

Keep up with the latest on BABL AI, AI Auditing and
AI Governance News by subscribing to our news letter
By subscribing, you agree with our privacy policy and our terms of service.