- within Insurance topic(s)
Focus On
NEW AI GUIDANCE FOR HOSPITALS AND HEALTH SYSTEMS FROM THE JOINT COMMISSION AND THE COALITION FOR HEALTH AI
On September 17, 2025, Joint Commission ("JC") and Coalition for Health AI ("CHAI") jointly released Guidance on the Responsible Use of AI in Healthcare (the "Guidance"). JC is the oldest and largest standards-setting and accrediting body in health care in the United States. CHAI is a coalition of nearly 3,000 organizations, including health systems, patient advocacy groups, and a wide range of industry leaders and start-ups across the health care and technology ecosystems. CHAI's stated mission is to be the trusted source of guidelines for responsible use of artificial intelligence ("AI") in health that serves all, and it aims to ensure high-quality care, foster trust among users, and meet growing health care needs. The Guidance is instructive for hospitals and health care systems considering implementation of AI in various settings, including operations, finance, and administration. As hospitals pursue AI-driven efficiencies and cost savings, the Guidance provides a critical framework for ensuring that the drive for operational improvements does not compromise patient safety or data security.
The Guidance makes recommendations to health care organizations regarding use and deployment of AI. The JC developed the Guidance based on surveys of its accredited hospitals and health systems to address their specific needs in implementing AI responsibly. The Guidance's focus on recommendations for health care provider organizations sets it apart from many other AI standards and requirements, which have primarily focused on AI technology developers and health insurers. The Guidance addresses the full spectrum of organizational responsibilities, from establishing governance structures and data security protocols to monitoring AI performance, assessing bias, and training staff on appropriate use.
Guidance Overview
The Guidance states that JC and CHAI developed the Guidance based on industry standards for development, deployment, and use of AI and communications with industry stakeholders. The Guidance addresses the entire life cycle of an AI tool, from initial procurement and validation to ongoing monitoring and staff training. This holistic approach establishes a comprehensive framework for managing the technology's risks and benefits. The Guidance is structured around the following seven foundational elements that JC and CHAI say they have designed to create a comprehensive framework for responsible use of AI in health care:
- AI Policies and Governance Structures. Health care organizations should have formal oversight of AI across the health care organization with clear accountability, risk-based review, life cyclemanagement, and regular reporting to their governing bodies.
- Patient Privacy and Transparency. Health care organizations should define how data are accessed and used, notify patients when AI directly influences care, and educate patients and staff on AI's role and
- Data Security and Data Use Protections. When deploying AI, health care organizations should ensure that all information is used and disclosed in accordance with applicable health care privacy laws, including the Health Insurance Portability and Accountability Act ("HIPAA"). Organizations should also implement security measures for data used in AI, such as encrypting data in transit and at rest, applying strict access controls, and performing regular vulnerability Agreements governing use and disclosure of data should support these controls and principles. The Guidance also recommends that organizations consider adopting the JC's Responsible Use of Health Data framework.
- Ongoing Quality Monitoring. Health care organizations should establish processes to monitor and to evaluate routinely the safe performance of AI-enabled clinical tools. Organizations should validate the tools pre- deployment and monitor their performance post- deployment based on risk and context. Organizations should also use existing quality and safety structures, define responsibilities with vendors, and maintain feedback loops for model updates and issues.
- Voluntary,BlindedSafetyReporting. There should be a process for confidential, blinded reporting of AI- related safety events to monitor and to evaluate regularly the safe performance of AI tools. The Guidance suggests that reporting findings both within and outside the organization may be useful.
- Risk and Bias Assessment. Health care organizations should have a process to identify and to document risks and biases in AI tools. According to the Guidance, CHAI's Applied Model Card may be a helpful way to collect relevant information and ensure ongoing assessment of risks and biases.
- Education and Training. Health care organizations should provide role-specific training on AI tools and organization-wide AI They should emphasize safe use of AI, intended use cases and limits of specific tools being used, and pathways for reporting issues.
The Guidance indicates that, in the coming months, the JC and CHAI intend to release a series of Responsible Use of AI Playbooks to build on and to operationalize the Guidance, and the JC intends to develop a voluntary Responsible Use of AI certification.
Comparison to Other Health AI Requirements and Guidance The Guidance joins myriad other requirements and
guidance regarding the use of AI in health care. For example, the Food and Drug Administration ("FDA") regulates AI in medical devices (including certain software products it considers medical devices). Health information technology ("health IT") certification under the Health IT Certification Program of the Office of the National Coordinator for Health IT within the U.S. Department of Health and Human Services requires disclosures of certain source attributes specified in federal health IT certification criteria, and developers must adopt certain risk management practices to assess, mitigate, and oversee risk presented by AI tools. The Centers for Medicare & Medicaid Services ("CMS") has issued guidance on the use of AI tools by Medicare Advantage plans. And some states have passed laws regulating the use of AI in health care. For example, Cal. Health & Safety Code § 1339.75 (known as the Artificial Intelligence in Health Care Services Bill) requires health care facilities, clinics, and physician offices to disclose when generative AI is used to
communicate clinical information to patients. Texas's Responsible Artificial Intelligence Governance Act, effective January 2026, is a comprehensive AI regulation that applies across multiple sectors, including health care. For health care providers specifically, the law mandates disclosure to patients when AI is used in diagnosis or treatment and requires licensed practitioners to review all AI-generated records and retain ultimate responsibility for clinical decisions. Utah requires regulated occupations, including licensed health care
professionals, to prominently disclose when AI is used in "high- risk" interactions involving health information or medical advice. These state laws emphasize transparency, human oversight, and accountability in clinical AI deployment.
The Guidance provides a different perspective than many of the pre-existing sources by recommending a comprehensive framework for use of AI tools in health care, with a focus on hospitals and health systems. The involvement of the JC, which accredits the majority of U.S. hospitals and sets widely recognized standards for health care quality and safety, gives the Guidance additional gravitas.
Looking Ahead
The Guidance on the Responsible Use of AI in Healthcare arrives at a pivotal moment for health AI. AI is rapidly transforming health care, from automated image analysis and predictive analytics to intelligent chatbots that support patient communication. According to the JC, nearly half of U.S. health care organizations have implemented some form of generative AI, and that share is expected to grow. The global AI in health care market, valued at $26.6 billion in 2024, is projected to reach $187.7 billion by 2030. To date, the proliferation of AI in health care has occurred largely in a fragmented regulatory environment, creating uncertainty for health care organizations seeking to deploy AI responsibly.
The Guidance seeks to address this gap by providing a unified and comprehensive health care focused framework. It represents an important step in creating a shared understanding for responsible use of AI in health care, establishing a baseline that can evolve as technologies mature and the health care community learns from real-world AI implementation. This framework is particularly timely as hospitals and health systems navigating financial constraints and staffing challenges turn to AI for compelling opportunities to improve efficiencies, streamline workflows, and better allocate limited resources. However, realizing these benefits requires thoughtful implementation.
The Guidance emphasizes AI's transformative potential (e.g., improved diagnostics, personalized care, operational efficiency) while also highlighting corresponding risks (e.g., patient harm, algorithmic bias, privacy breaches, security threats, and opacity of decision-making). By offering clear framework principles, the Guidance signals that responsibility in deployment and use of AI tools in health care is increasingly an expectation of health care organizations. As hospitals and health systems pursue these operational improvements and cost savings, establishing AI governance structures and developing comprehensive policies for AI implementation and use in accordance with the Guidance's framework can help ensure these benefits are realized while maintaining patient safety, equity, and trust.
Docket Updates
1. Favorable Decision in DSH Part C Days Litigation
On September 30, 2025, the U.S, District Court for the District of Columbia recently granted summary judgment for the Plaintiff-hospital in Montefiore Medical Center v. Kennedy, No. 24- cv-1810 (D.D.C. 2024), the lead case challenging CMS's June 2023 retroactive rule requiring the inclusion of Medicare Part C days as Part A-entitled days in the Medicare Part A disproportionate share hospital ("DSH") calculation for periods prior to October 1, 2013.
The court held that the June 2023 rule retroactively adopting this policy is unlawful, as CMS did not satisfy either of the conditions for exercising its limited retroactive rulemaking authority under the Medicare statute. The court rejected the government's arguments that the retroactive rule was necessary to make DSH payments and that failing to apply the 2023 rule retroactively would be contrary to public interest. The court reasoned that finding these conditions met here would "turn a statutory limitation [on retroactive rulemaking] into a floodgate favoring retroactivity." In addition, the court concluded that the rule was arbitrary and capricious because the agency failed to reasonably address the significant financial impact of its rule.
The court has ordered the parties to brief the appropriate remedy for the agency's unlawful action. Given the federal government shutdown, the schedule for that briefing is not yet set.
2. D.C. Circuit Upholds PRRB Jurisdictional Finding That SSI Fractions Not Appealable Final Determinations
On August 22, 2025, in a significant ruling regarding jurisdiction of the Provider Reimbursement Review Board ("PRRB"), the D.C. Circuit held in Battle Creek Health System v. Kennedy, 151 F.4th 464 (D.C. Cir. 2025) that the PRRB properly found that it lacked jurisdiction to hear the plaintiff hospitals' challenges to the calculation of the supplemental security income ("SSI") fraction of the DSH payment adjustment calculation prior to receiving their Notices of Program Reimbursements ("NPRs"). Reversing the district court, the D.C. Circuit concluded that CMS's publication of hospital-specific SSI fractions does not constitute a "final determination of the Secretary as to the amount of the payment" under 42 U.S.C. § 1395oo(a)(1)(A)(ii) and, as such, the PRRB correctly determined that it "lacked jurisdiction over the hospitals' appeal."
Battle Creek concerned whether hospitals can appeal directly from CMS's published SSI fractions of the Medicare DSH calculation, before the agency applies the SSI fractions in a hospital's NPR. The government appealed an October 31, 2023, ruling by the U.S. District Court for the District of Columbia, holding that the PRRB had jurisdiction over the plaintiff hospitals' appeals of CMS's 2009 publication of SSI fractions for Federal Fiscal Year ("FFY") 2007. The district court found that CMS's publication of the SSI fractions at issue constituted a "final determination" within the meaning of 42 U.S.C. § 1395oo of the Medicare statute, explaining that "section 1395oo permits providers to prospectively appeal what they will, in the future, receive as a result of services provided to eligible patients" and "eliminates the requirement that [a provider] file a cost report prior to appeal." The district court vacated the PRRB's jurisdictional decision and remanded the case to the PRRB to address the merits of the dispute.
On appeal, the D.C. Circuit held that the PRRB lacked jurisdiction, as CMS's publication of the hospital specific SSI fractions was not a "final determination of the Secretary as to the amount of the payment" within the meaning of 42 U.S.C. § 1395oo(a)(1)(A)(ii). The court drew a distinction between prospectively fixed prospective payment system ("PPS") components—such as the federal rate or other prospectively finalized adjustments—that can be challenged pre NPR, and retrospective, hospital specific adjustments like the DSH adjustment, which depend on year end cost reports, audit adjustments, and interpretive determinations, and thus are only finalized in an NPR (42 U.S.C. § 1395ww(d); 42 C.F.R. § 412.106). Distinguishing its prior decision in Washington Hospital Center v. Bowen, 795 F.2d 139 (D.C. Cir. 1986), the court explained that pre NPR appeals are permissible only when "the only variable factor" in the per patient PPS amount has been firmly established. Here, the court found, the Medicaid fraction, audit adjustments, and DSH eligibility and payment amount had not been settled. The court rejected the hospitals' argument that there was no need to wait for an NPR because they could "do the math themselves" upon publication of the SSI fraction, concluding that § 1395oo vests the "final determination" in the Secretary, not providers, and because unresolved interpretive issues remain within agency purview until the issuance of an NPR.
3. OralArgumentHeld inCaseChallenging 2024Rule Excluding Uncompensated Care Pool Waiver Days from DSH Calculation
In September, the Fifth Circuit held oral argument in Baylor All Saints Medical Center v. Kennedy, No. 24-10934 (5th Cir.). The case concerns a challenge to a provision of the FFY 2024 IPPS rule (effective October 1, 2023) that excluded patients whose care is provided through uncompensated care pools under a Section 1115 Waiver from the count of Medicaid-eligible days used to determine the Medicare DSH payment. In an August 15, 2024 decision, the U.S. District Court for the Northern District of Texas granted a preliminary injunction and struck down this provision of the 2024 IPPS rule. The government appealed to the Fifth Circuit, arguing that the Secretary had discretion to determine whether to include patients covered by a Section 1115 waiver and that the court lacked jurisdiction because the plaintiffs have not received a "final determination," and thus have not satisfied the channeling requirements to challenge the rule. The rule remains vacated pending appeal, and a decision is expected in the coming months.
4. Post Advocate Christ Litigation on SSI Fraction
The landscape of litigation concerning the meaning of entitlement for SSI benefits for purposes of the DSH adjustment continues to come into clearer focus in the wake of the Supreme Court's decision in Advocate Christ Medical Center v. Kennedy, 605 U.S. 1 (2025). A number of cases concerning entitlement for SSI benefits that had been stayed pending resolution of Advocate Christ have now been voluntarily dismissed, in whole or in large part after the Supreme Court's April 29, 2025 decision in Advocate Christ. See, e.g., Anderson Hosp. v. Kennedy, No. 1:25-cv- 1118 (D.D.C. 2025); Cmty. Hosp. East v. Azar, No. 20-cv-891 (D.D.C. 2025); Ascension Saint Thomas Highlands Hosp. v. Becerra, No. 21-cv-2453 (D.D.C. 2025).
The Supreme Court's April 2025 decision in Advocate Christ upheld the agency's interpretation of the phrase "entitled to supplementary security income [SSI] benefits" in the DSH provisions of the Medicare statute to mean that a patient is "entitled to SSI benefits" for purposes of the SSI fraction used to calculate the DSH payment adjustment only if the patient is eligible to receive an SSI cash payment during the month of hospitalization. See July 2025 Docket Updates for more on the Supreme Court's decision in Advocate Christ.
The Supreme Court in Advocate Christ declined to address the separate issue of whether the use of only three particular Social Security Administration ("SSA") status codes to identify patient days attributable to SSI-entitled individuals was reasonable.
However, notably, the U.S. District Court for the District of Columbia recently dismissed a consolidated action (that had consolidated two cases) challenging the reasonableness of CMS's limited use of status codes. See HMH Hosps. Corp. v. Kennedy, Nos. 24-cv-1901 & 24-cv-3261 (D.D.C. 2025). The court dismissed the action on jurisdictional grounds, concluding that it lacked subject matter jurisdiction over the plaintiff hospitals' substantive claims challenging the alleged undercounting of their SSI fractions, due to the hospitals' failure to exhaust their administrative remedies. The court rejected the plaintiffs' argument that they could appeal in one case from a denial of a request for expedited judicial review, concluding that the denial was not a final determination. The court also declined to permit the plaintiffs in both cases to avoid the exhaustion requirement on the grounds that continuing their PRRB proceedings would be futile. Because the court's ruling was on jurisdictional grounds, it did not reach the merits of the challenge to the agency's use of status codes.
The impact of Advocate Christ on DSH-related cases remains an area to monitor.
To read this article in full, please click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
