Health Care

State of play.

• Enforcement has moved from policy to litigation. A state AG has filed the first major enforcement action targeting a chatbot that impersonated a physician in a clinical setting, treating deceptive AI conduct as consumer fraud . Class actions against Sutter Health and MemorialCare over ambient AI scribe deployments follow a November 2025 case against Sharp HealthCare, establishing a pattern of wiretapping and consent-based claims against health systems — not vendors .
• The federal preemption play is live but unresolved. The White House's March 2026 National Policy Framework proposes legislation to preempt state AI laws imposing "undue burdens," distributing oversight across FDA, CMS, HHS, OCR, FTC, and DOJ — but no preemptive statute has passed, and over 177 state bills remain active across 31 states .
• Genetic data from M&A is the next class action frontier. Tempus AI faces multi-state class actions alleging it transferred genetic data from over one million Ambry Genetics patients — without consent — to train AI models and license to more than 70 pharma and biotech partners under agreements valued above $1.1 billion .
• The Second Circuit has narrowed insurer fraud defenses in no-fault reimbursement. The panel held that anti-kickback violations do not automatically disqualify providers from no-fault eligibility under New York law, certifying the core question to the New York Court of Appeals — affecting hundreds of pending cases and more than $1 billion in annual reimbursements .
• For counsel advising health systems, digital health platforms, or life sciences companies, the practical baseline is simultaneous exposure across three vectors: AI deployment consent failures generating wiretapping and HIPAA-adjacent liability, acquisition-triggered genetic data claims, and a federal preemption framework that may or may not arrive before state enforcement accelerates further.

Where things stand.

• AI scribe consent litigation is a pattern, not an isolated case. The Sutter Health/MemorialCare class action alleges CMIA, CIPA, and Federal Wiretap Act violations, with plaintiffs pointing to false chart documentation of consent — and Abridge, the vendor, is not named as a defendant, placing institutional liability squarely on the health system . The Sharp HealthCare case filed November 2025 established the template.
• State AG enforcement is treating deceptive AI conduct as consumer fraud. The first enforcement action against a chatbot impersonating a physician signals that regulators will not wait for AI-specific statutes — existing consumer protection authority is the vehicle .
• Federal AI governance is distributed, not centralized. The March 2026 National Policy Framework routes oversight through existing agencies rather than a new body; the Department of Commerce would evaluate conflicting state laws; compliance sandboxes are proposed but not yet operative .
• Genetic data de-identification is contested doctrine. Tempus AI's defense that transferred Ambry data was de-identified faces the plaintiffs' argument that genetic information is inherently identifiable — a question courts have not yet resolved under state genetic privacy statutes .
• AI drug discovery is compressing timelines and creating IP gaps. A Nature Reviews Drug Discovery review by Pun et al. documents AI embedding patentability and competitor analysis into target selection; the FDA fast-tracked 12 AI-identified oncology drugs in 2024; premature patents on unvalidated candidates and inventorship gaps under EPC Article 81 and U.S. law remain unresolved .
• Consumer-facing AI health platforms are proliferating without a settled regulatory framework. Microsoft Copilot Health, launched March 2026, aggregates EHR, lab, and wearable data for roughly 50,000 U.S. hospital-connected organizations; Microsoft's commitment not to use Copilot Health data for model training is positioned as a voluntary benchmark, not a legal requirement .
• The FTC under reconstituted Republican leadership has signaled enforcement focus on hidden fees, dark patterns, and subscription traps across healthcare and digital platforms. Following the 2025 dismissals of Democratic commissioners, Chairman Ferguson has outlined a shift toward fraud redress over structural antitrust .
• No-fault reimbursement enforcement authority has shifted toward state regulators. The Second Circuit's March 2026 decision constrains insurers' unilateral denial of claims based on provider misconduct, leaving GEICO's fraud and RICO theories for further proceedings pending New York Court of Appeals resolution .

Latest developments.

• State AG files first enforcement action against AI chatbot impersonating a physician in a clinical setting, framing the conduct as consumer fraud .
• Class action against Sutter Health and MemorialCare alleges CIPA, CMIA, and Federal Wiretap Act violations over Abridge ambient scribe deployment without patient consent; false chart documentation of consent alleged .
• Tempus AI faces multi-state class actions alleging unconsented transfer of genetic data from over one million Ambry Genetics patients for AI model training and pharma licensing .
• White House National Policy Framework for AI proposes federal preemption of state AI laws; no preemptive statute has passed; 177 state bills remain active .
• Second Circuit vacates GEICO summary judgment in no-fault kickback case, holding anti-kickback violations do not automatically disqualify providers from reimbursement eligibility; question certified to New York Court of Appeals .
• Microsoft launches Copilot Health, aggregating EHR, lab, and wearable data; commits not to use data for model training; competes directly with OpenAI ChatGPT Health and Anthropic Claude for Healthcare .
• Senate Commerce Committee holds first FTC oversight hearing in nearly six years; Chairman Ferguson outlines enforcement priorities including healthcare dark patterns and subscription traps .
• Nature Reviews Drug Discovery review documents AI embedding patentability analysis into drug target selection; USPTO extends AI Search Automated Pilot through June 2026 .
• McKinsey 2025 survey finds 50 percent of healthcare organizations have implemented generative AI; agentic AI emerging as next deployment wave .

Active questions and open splits.

• Whether health systems or vendors bear liability for AI scribe consent failures. The Sutter/MemorialCare complaint names only the health systems, not Abridge — but vendor agreements, indemnification provisions, and BAA structures will determine ultimate allocation; courts have not yet resolved the institutional-vs.-vendor responsibility split .
• Whether genetic data can be meaningfully de-identified under state genetic privacy statutes. Tempus AI's de-identification defense is untested at the class action level; the outcome will govern how every healthcare platform structures post-acquisition data integration and downstream licensing .
• Whether the federal AI preemption framework displaces state enforcement before state litigation matures. With 177 state bills active and no federal statute enacted, the window for state-law claims is open; if preemption legislation advances, retroactive effect on pending suits is unsettled .
• What consent standard satisfies CIPA and the Federal Wiretap Act for ambient AI documentation. Boilerplate chart language stating patients "were advised" has been directly challenged as fabricated; whether any disclosure-at-intake mechanism satisfies all-party consent in California remains unresolved .
• Whether AI chatbot impersonation of clinicians triggers consumer fraud liability independent of harm. The state AG enforcement action frames deception as the violation — not a specific patient injury — which, if sustained, sets a low threshold for future enforcement across clinical AI deployments .
• Inventorship and patentability gaps in AI-generated drug candidates. With AI now embedding patentability analysis into target selection, premature filing on unvalidated candidates and inventorship attribution under EPC Article 81 and U.S. law remain open — and the USPTO's AI Search Automated Pilot does not resolve the underlying inventorship question .
• Whether the Second Circuit's no-fault ruling shifts enforcement leverage from insurers to state regulators. The New York Court of Appeals certification will determine whether anti-kickback violations can ever serve as a reimbursement-eligibility defense — with hundreds of pending cases in the balance .

What to watch.

• New York Court of Appeals resolution of the certified no-fault eligibility question — outcome reshapes insurer fraud-defense strategy across the $1 billion-plus annual no-fault market .
• Early motions practice in the Sutter Health/MemorialCare AI scribe case — particularly whether courts treat vendor-deployed ambient recording as categorically different from provider-initiated recording under CIPA .
• Whether additional state AGs file consumer fraud actions against AI health tools following the chatbot-impersonation enforcement template .
• Congressional movement on the White House AI preemption framework — any committee action will signal whether federal standards will arrive before state litigation produces binding precedent .
• Tempus AI's de-identification defense in the Northern District of Illinois — the court's treatment of genetic data anonymization will set the M&A data-integration standard for life sciences transactions .
• USPTO expiration of the AI Search Automated Pilot on June 1, 2026 — whether it is extended or replaced will affect prosecution strategy for AI-identified drug candidates .