|
THE SENATE |
S.B. NO. |
2953 |
|
THIRTY-THIRD LEGISLATURE, 2026 |
|
|
|
STATE OF HAWAII |
|
|
|
|
|
|
|
|
||
|
|
||
A BILL FOR AN ACT
Relating to INSURANCE.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
The legislature further finds that health insurance, unlike many other lines of insurance, operates as a managed care platform that directly affects access to clinical services and treatment outcomes, and therefore requires heightened guardrails when artificial intelligence systems are used to support medical necessity determinations and utilization management decisions. Stakeholders have raised concerns that adverse coverage determinations may be made or supported by artificial intelligence in ways that are not meaningfully reviewable by providers or patients, and that guardrails should exist at the point of initial denial, rather than only during appeals. Therefore, the legislature finds that denials of health insurance coverage tied to medical necessity should be subject to review by appropriately qualified, licensed clinicians.
The legislature also finds that property insurers increasingly use aerial images, including images analyzed by machine learning and similar tools, to support underwriting decisions, including nonrenewals, and that consumers may be unaware of the images used or may be unable to rebut errors or remedy identified conditions. National legislative work has emphasized reasonable standards requiring the provision of date‑stamped images, clear notice, and a meaningful opportunity to cure or rebut the identified issue before nonrenewal when aerial imagery is used as the sole basis for an adverse action.
Accordingly, the purpose of this Act is to:
(1) Establish a tool-neutral governance and accountability framework for insurers' use of artificial intelligence systems that is consistent with widely adopted regulatory expectations emphasizing transparency, fairness, accountability, and compliance with existing unfair trade practices and unfair discrimination standards;
(2) Require licensed clinician review for specified adverse determinations when artificial intelligence systems are used to make or support medical necessity decisions; and
(3) Establish consumer protections against the use of aerial images and artificial intelligence systems as the sole basis for specific adverse underwriting actions in residential property insurance, including rebuttal and cure procedures; disclosure, image access, and renewal-after-cure requirements; and limits on cross-insurer sharing of imagery-derived data.
SECTION 2. Chapter 431, Hawaii Revised Statutes, is amended by adding a new part to article 13 to be appropriately designated and to read as follows:
"Part
. ARTIFICIAL intelligence systems
in insurance
A. General Provisions
§431:13-A Definitions. As used in this part:
"Artificial intelligence system" means a machine-based system that, for a given set of objectives, generates outputs such as predictions, recommendations, content, classifications, scores, or similar outputs that influence decisions in real or virtual environments, and that operates with varying levels of autonomy.
"Artificial intelligence system governance program" or "program" means the written governance, risk management, and internal control program required pursuant to section 431:13-D.
"Commissioner" means the insurance commissioner of the State.
"Consumer" means an applicant, policyholder, insured individual, covered person, claimant, beneficiary, or other natural person who is the subject of an insurance practice.
"Insurance practice" means underwriting, rating, marketing, sales, policy administration, utilization management, claims handling, fraud detection, or any other practice in the business of insurance that may impact consumers, as determined by the commissioner by rule.
"Insurer" has the same meaning as defined in section 431:1‑202. "Insurer" includes any person or entity subject to the jurisdiction of the commissioner under this chapter, to the extent that the person or entity uses an artificial intelligence system in an insurance practice that may impact consumers.
"Vendor" means a third party that provides, develops, licenses, procures, maintains, or materially modifies an artificial intelligence system used by an insurer in an insurance practice.
§431:13-B Violations; enforcement; no private right of action. (a) Any violation of this part shall constitute an unfair method of competition or unfair or deceptive trade act or practice in the business of insurance in violation of section 431:13-102.
(b) This part shall be enforced exclusively by the commissioner. Nothing in this part shall be construed to create or imply a private right of action.
§431:13-C Rules. The commissioner shall adopt rules pursuant to chapter 91 to implement this part, including rules establishing:
(1) Additional definitions and clarifications of scope;
(2) Standards for recordkeeping, documentation, notices, and disclosures;
(3) Minimum testing, monitoring, and auditing expectations for artificial intelligence systems proportionate to consumer risk; and
(4) Procedures for the submission and protection of confidential and proprietary information.
B. Artificial Intelligence Governance Requirements Applicable To All Insurers
§431:13-D Artificial intelligence system governance
program. (a) Any insurer using an artificial intelligence
system in any insurance practice that may impact consumers shall develop,
implement, and maintain an artificial intelligence system governance program
pursuant to the requirements of this section.
(b) An artificial intelligence system governance program shall be risk-based and proportionate to the nature of the decisions supported by the artificial intelligence system and the degree of potential harm to consumers. The program shall include:
(1) Board or senior management accountability for artificial intelligence system strategy, oversight, and compliance;
(2) Documented policies and procedures addressing procurement, development, use, monitoring, and retirement of artificial intelligence systems;
(3) Data governance controls, including data quality, relevance, limitations, and documented data lineage to the extent practicable;
(4) Model validation and testing protocols, including processes to identify material errors, bias, and model drift;
(5) Controls addressing risks relating to third-party artificial intelligence systems and vendors, including contractual requirements for cooperation with regulatory inquiries and audits; and
(6) Recordkeeping requirements sufficient to demonstrate compliance with this part.
(c) Nothing in this section shall be construed to require public disclosure of proprietary source code or trade secrets; provided that an insurer shall maintain sufficient documentation to demonstrate compliance with the requirements of this subpart to the commissioner upon request.
§431:13-E Testing; monitoring; auditing. (a) An insurer shall conduct and document pre-deployment testing and continuous monitoring for each artificial intelligence system used in an insurance practice that may impact consumers.
(b) Testing and monitoring conducted pursuant to this section shall be reasonably designed to detect:
(1) Material errors or performance degradation;
(2) Unfair discrimination or disparate consumer impacts inconsistent with applicable law;
(3) Model drift and data shifts; and
(4) Cybersecurity and data integrity risks that materially affect the reliability of outputs.
(c) The commissioner may adopt rules pursuant to section 431:13-C to establish minimum testing requirements and audit elements for classes of artificial intelligence system use cases based on consumer risk.
§431:13-F Submission of records; examination; confidentiality. (a) Upon request of the commissioner, an insurer shall provide its records of any artificial intelligence system used in an insurance practice that may impact consumers, including documentation regarding governance, validation, testing, monitoring, auditing, and vendor arrangements.
(b) Any records and information submitted to the commissioner pursuant to this section that is a trade secret or confidential commercial or financial information shall be treated as confidential to the extent permitted by law.
C. Artificial Intelligence Systems In Health Insurance
§431:13-G Definitions. As used in this subpart:
"Adverse determination" has the same meaning as defined in section 432E-1.
"Health benefit" means those health care services to which a consumer is entitled under the terms of a health benefit plan.
"Health benefit plan" has the same meaning as defined in section 431:26-101.
"Health care services" has the same meaning as defined in section 431:26-101.
"Health insurer" means any insurer, nonprofit health service plan, mutual benefit society, health maintenance organization, or other entity authorized to issue, deliver, or renew a health benefit plan in the State, as determined by the commissioner by rule.
"Medical necessity determination" means a decision regarding whether a health care service, treatment, procedure, medication, device, or setting is medically necessary or otherwise covered under the terms of a health benefit plan.
§431:13-H Adverse medical necessity determinations; licensed clinician review requirements. (a) No health insurer shall use an artificial intelligence system as the sole basis for making an adverse determination for a medical necessity determination.
(b) Whenever an artificial intelligence system is used to make or support a medical necessity determination that results in an adverse determination, the health insurer shall verify the final adverse determination; provided that verification shall require that the adverse determination is reviewed and affirmed by:
(1) A physician or other appropriately licensed health care professional authorized to make the relevant clinical determination within the scope of the professional's license; and
(2) A reviewer with training and experience in the same or similar specialty that typically manages the condition, service, or treatment at issue, as determined by the commissioner by rule.
(c) Each health insurer shall maintain documentation sufficient to demonstrate its compliance with this section, including the identity and credentials of the reviewing clinicians and the basis for each determination; provided that the documentation may be protected as confidential when submitted to the commissioner pursuant to section 431:13-F.
§431:13-I Transparency to providers and consumers; notice requirement. (a) Whenever an artificial intelligence system is used to make or support an adverse determination, the health insurer shall provide to the consumer and, when applicable, the requesting provider, the following:
(1) Notice of the use of an artificial intelligence system;
(2) A description of the primary factors that materially contributed to the adverse determination; and
(3) Clear instructions describing how to submit additional clinical information, seek reconsideration, or pursue any available internal or external appeal rights;
provided that the disclosures shall be made in plain language and in the manner prescribed by the commissioner by rule.
(b) The notice required pursuant to subsection (a) shall not require disclosure of proprietary source code or trade secrets; provided that the notice shall be sufficient for a reasonable person to understand the basis for the adverse determination and how to contest or supplement the record.
§431:13-J Health insurance oversight metrics; requirements. (a) Any health insurer that uses an artificial intelligence system to make or support medical necessity determinations, prior authorization decisions, or other utilization management decisions shall conduct and document continuous monitoring of the artificial intelligence system. The monitoring shall include:
(1) Pre-deployment testing; and
(2) Post-deployment surveillance for errors, bias, and drift.
(b) At minimum, the health insurer shall track and retain, by service category and as feasible by clinically relevant cohort, the following performance and oversight metrics for examination:
(1) Denial rate and approval rate;
(2) Average time-to-decision;
(3) Appeal rate and overturn rate;
(4) Rate of clinician overrides of artificial intelligence system-supported recommendations;
(5) Material error rates identified through audits or quality assurance reviews; and
(6) Disparity indicators designed to detect differential impacts on protected classes or other groups, as determined by the commissioner by rule.
(c) The commissioner may require submission of aggregated metrics collected pursuant to this section in a form and frequency determined by rule; provided that the commissioner shall maintain the confidentiality of trade secrets and commercial information to the extent permitted by law.
D. Artificial Intelligence Systems And Aerial Images In Residential Property Insurance
§431:13-K Definitions. As used in this subpart:
"Adverse underwriting action" or "action" means a cancellation, nonrenewal, refusal to renew, reduction in coverage, or other adverse action affecting the availability or terms of insurance coverage, as determined by the commissioner by rule. "Adverse underwriting action" includes any nonrenewal of insurance coverage for which an aerial image is used as the sole basis for the nonrenewal.
"Aerial image" means an image or set of images of an insured property captured from an airborne platform, including a manned aircraft, satellite, or unmanned aerial vehicle.
"Aerial-image-derived output" means a score, classification, recommendation, or other output generated by an artificial intelligence system, machine learning model, or analytics process that is materially based on an aerial image.
"Residential property insurance" means any homeowners or property insurance policy issued for a residential property in the State, as determined by the commissioner by rule. "Residential property insurance" includes personal lines insurance.
§431:13-L Adverse underwriting action based solely on aerial images; limitations; notice requirement. (a) Except as provided in this subpart, no insurer shall take an adverse underwriting action on a residential property insurance policy using an aerial image or aerial-image-derived output as the sole basis for the action.
(b) An insurer may use an aerial image or aerial‑image‑derived output as the sole basis for the nonrenewal of a residential property insurance policy; provided that the insurer shall include with the written notice of nonrenewal:
(1) The date-stamped aerial image or images used to justify the action, with clear identification of the specific condition or characteristic the insurer asserts is out of compliance with the insurer's underwriting guidelines;
(2) Disclosure of the use of an artificial intelligence system or similar analytics process;
(3) A plain-language explanation of the specific underwriting issue; and
(4) Clear instructions describing how the consumer may rebut the asserted issue or certify completion of corrective action sufficient to cure the issue pursuant to section 431:13-M.
(c) Following the issuance of the notice required pursuant to subsection (b) and upon request of the consumer, the insurer shall provide to the consumer a copy of the relevant aerial‑image-derived output in a form understandable to a reasonable person; provided that the insurer shall not be required to disclose proprietary source code or trade secrets in fulfilling the disclosure requirement under this subsection.
(d) No insurer shall utilize an aerial image older than twelve months at the time the insurer initiates a nonrenewal notice as the basis for that nonrenewal; provided that an insurer may utilize an older aerial image if the insurer demonstrates to the commissioner that a longer period is reasonably necessary due to documented limitations in imagery availability for the relevant geography.
(e) The commissioner may adopt rules pursuant to section 431:13-C to:
(1) Establish a maximum aerial image or aerial‑image‑derived output utilization period; provided that the established period shall not exceed twenty-four months; and
(2) Ensure disclosures pursuant to subsections (b) and (c) balance transparency and consumer comprehension with protection of proprietary information.
§431:13-M Point of contact; rebuttal; cure period. (a) Each insurer shall designate a point of contact to receive communications from consumers regarding a nonrenewal based solely on an aerial image or aerial-image-derived output. The insurer shall include a contact method for the designated point of contact in the notice required pursuant to section 431:13‑(L)(b).
(b) The consumer shall have a cure period of not less than sixty days from the date the insurer transmits the notice required pursuant to section 431:13-L(b) to address the adverse underwriting action. During the cure period, the consumer may:
(1) Submit documentation disputing the insurer's interpretation of the aerial image, including photographs, inspection reports, contractor statements, or similar evidence; or
(2) Certify completion of corrective action addressing the identified condition.
(c) The insurer shall review any information submitted pursuant to subsection (b) in good faith and shall provide a written determination of its review to the consumer within a timeframe established by the commissioner by rule.
§431:13-N Renewal after cure; limitation on repeated nonrenewal for same condition. (a) If the consumer timely cures the identified condition or successfully rebuts the asserted underwriting issue to the satisfaction of the insurer, the insurer shall offer a renewal on substantially similar terms; provided that nothing in this subsection shall prohibit nonrenewal for reasons unrelated to the condition identified through the aerial image or aerial-image-derived output.
(b) The commissioner may adopt rules pursuant to section 431:13-C to prevent repeated nonrenewals based on substantially the same alleged condition without meaningful consideration of rebuttal or cure documentation submitted by a consumer.
§431:13-O Cross-insurer sharing of aerial image information without consent; prohibited. No insurer shall sell, transfer, or otherwise share with another insurer any aerial image, aerial-image-derived output, or underwriting determination derived from an aerial image that is reasonably linkable to an identified consumer or insured property without having obtained the written consent of the consumer in the manner prescribed by the commissioner by rule."
SECTION 3. If any provision of this Act, or the application thereof to any person or circumstance, is held invalid, the invalidity does not affect other provisions or applications of the Act that can be given effect without the invalid provision or application, and to this end the provisions of this Act are severable.
SECTION 4. This Act shall take effect on July 1, 2026.
|
INTRODUCED BY: |
_____________________________ |
|
|
|
Report Title:
Insurance Commissioner; Artificial Intelligence Systems; Health Benefit Determinations; Aerial Images; Residential Property Insurance; Consumer Protections; Rules
Description:
Establishes consumer protections and insurer governance requirements for the use of artificial intelligence systems in certain insurance practices, including health insurance benefit determinations and residential property underwriting decisions. Establishes review, monitoring, recordkeeping, disclosure, rebuttal, and cure requirements for the use of artificial intelligence systems in certain insurance practices. Requires the Insurance Commissioner to adopt rules.
The summary description
of legislation appearing on this page is for informational purposes only and is
not legislation or evidence of legislative intent.