28 Oct Health IT End-Users Alliance Responds to OSTP RFI on Regulatory Reform for AI
Michael Kratsios
Director
White House Office of Science and Technology Policy
1650 Pennsylvania Avenue NW
Washington, DC 20504
Submitted electronically to www.regulations.gov
RE: Notice of Request for Information; Regulatory Reform on Artificial Intelligence; OSTP-TECH-2025-0067
Dear Director Kratsios:
The Health IT End-Users Alliance (the Alliance) appreciates the opportunity to provide input on the Office of Science and Technology Policy (OSTP) Regulatory Reform on Artificial Intelligence Request for Information (OSTP-TECH-2025-0067), as published in the September 26, 2025, Federal Register.
The Alliance brings together health information professionals, physicians, hospitals, and other front-line healthcare providers and organizations that use health information technology (IT) to ensure that policy and standards development activities reflect the complex web of clinical and operational challenges facing those who use such technologies today. By working collaboratively, the Alliance is focused on priorities for how technology can best support clinical care and operations.
The Alliance appreciates OSTP’s interest in creating a policy and regulatory environment that is optimal to realizing the benefits of AI. AI is rapidly transforming healthcare, with developments and innovations producing promising non-clinical and clinical benefits in various settings and specialties. Concerns remain related to how AI models are developed, trained, used, and monitored, and the significant impact AI has on healthcare operations, patient care delivery, and health outcomes. Due to those concerns, widespread adoption of AI in healthcare requires thoughtful oversight and governance frameworks to minimize risks and ensure the appropriate, safe, and ethical use of AI to ensure patient safety continues to be prioritized. Health IT end-users are at the forefront of AI use in healthcare and are well-equipped to collaborate on common principles to ensure the proper balance between innovation and use of AI with appropriate guardrails.
The Alliance published a consensus statement in April 2025 reflecting on the current state of AI in healthcare including principles intended to guide policymakers as they work to ensure appropriate oversight of AI tools without hampering innovation. As end-users are often brought into the development cycle for technology during implementation, the Alliance’s consensus statement highlights the need for end-users to be engaged throughout the entire AI development lifecycle. The Alliance recommends OSTP prioritize policymaking activities that bring developers, policymakers, and end-users to the table from a project’s outset to ensure AI tools are built in ways that fit organizations’ unique needs, integrate with existing workflows, promote trust and confidence in the use of such tools, and inform organization-specific governance frameworks for end-users.
As OSTP reviews policies and regulations to determine the appropriate methods and areas for AI governance and oversight, the Alliance urges OSTP to consider preserving policies that assist the industry in fostering innovation in AI while maintaining the protection of health data, lowering administrative burden, and improving health outcomes. Recommendations on specific areas of policy and regulatory oversight include:
Regulation and oversight of AI. AI tools should augment, not replace, end-users’ expertise, and policy must ensure these tools supplement cognitive and administrative tasks while preserving human judgment. Healthcare AI requires a risk-based approach to oversight where the level of scrutiny and validation should be proportionally accounted for in policymaking to minimize the disparate harm and consequences the AI tool might introduce. The Alliance urges OSTP to partner with the US Department of Health and Human Services (HHS), including the Office for Civil Rights (OCR), Centers for Medicare and Medicaid Services (CMS), the Assistant Secretary for Technology Policy/ Office of the National Coordinator for Health IT (ASTP/ONC), and other relevant agencies to ensure policies are aligned across the federal government to avoid competing and confusing standards that could lead to non-compliance and increased burden. This includes ensuring HIPAA regulatory frameworks incorporate data handling practices by AI tools to protect patient privacy and prohibit data/information exchange beyond minimum necessary, secondary use of data without consent, or data handling practices that may enable unintended or unauthorized data reidentification.
Safety and transparency. Transparency on the development of AI tools and what data are used in decision-making, governance, and ongoing testing and maintenance plans is critical. AI developers should provide clear, understandable information describing how the AI solution makes predictions, tailored in a way to best suit the needs of end-users. Such transparency requirements should provide a conceptual model on the importance of data used for AI tool inferences and how data is used. That transparency includes ensuring patients and healthcare organizations can confidently trust companies will maintain confidentiality of data.
For trust to be maintained, AI developers should disclose how data from patients and end-users is collected, stored, used, and shared. To address these needs, the Alliance urges OSTP to preserve the decision support intervention (DSI) transparency requirements within the Health IT Certification Program. Any reduction in DSI transparency requirements of AI technologies reduces end-user trustworthiness in the algorithms used and the technologies themselves and is counterintuitive to the aim of increasing AI adoption.
Liability. The Alliance encourages OSTP to work with HHS to ensure AI companies dealing with health data are held to the same standards as HIPAA-covered entities are today. OSTP and HHS should work together to determine the appropriate balance of accountability that considers the role of AI developers in the creation, maintenance, and use of clinical and non-clinical tools and the role of end-users in the use of these tools. Providers should not be held liable for an AI tool’s performance if they have completed good faith evaluations and taken steps to mitigate quality or safety concerns. Policies must reflect that developers are often best positioned to prevent harm due to their knowledge of the development, function, and intended use of these tools.
Cybersecurity. As AI systems become deeply integrated into clinical and operational environments, their exposure to sophisticated cyber threats presents an escalating risk to patient safety and organizational integrity. End-users depend on AI tools that are secure by design, yet they often lack visibility into the system’s vulnerabilities or control over its defenses. AI developers, not end-users, are best positioned to mitigate and respond to cyberattacks given their direct access to system architecture, code, and infrastructure. The Alliance recommends OSTP strengthen, not weaken, regulatory guardrails to ensure that developers bear primary responsibility for securing AI systems against intrusions, data exfiltration, and model manipulation. Holding end-users liable for breaches or system failures they cannot control would undermine trust and deter adoption. Robust, enforceable cybersecurity requirements for developers, aligned with federal health data protections, are essential to protect patients, sustain trust in AI, and accelerate responsible innovation in healthcare.
Real-world testing. Consistent with the Alliance’s Real-world Testing Consensus Statement, it is critical to conduct real-world testing of AI tools across a variety of clinical settings to confirm these technologies are operating as expected without adverse patient consequences. Real-world testing and documentation of any identified issues, including implicit biases, are of critical importance to end-users in order to achieve the goal of increasing AI adoption in healthcare. End-users are often included at the end of the policymaking and technology development process, not the beginning, which leads to technologies and policies that do not meet their intended goals. It is crucial for OSTP to prioritize policies that include end-users throughout the policymaking and technology development processes to ensure regulatory and technology innovation goals, as well as the needs of end-users, are met.
The Alliance is actively working with the National Institute of Standards and Technology (NIST) on its AI Standards Zero Drafts Pilot Project, an initiative to broaden stakeholder participation in the creation of AI standards. We applaud NIST’s commitment to working with stakeholders on this effort to implement directives within the Trump Administration AI Action Plan. Thus far, the Alliance has provided feedback on the four initial topic areas identified by NIST for draft standards documents and the first outline on testing, evaluation, verification, and validation, and we have also held a listening session with NIST to provide more
detailed feedback. We encourage OSTP to coordinate with NIST as the appropriate entity to create nationwide AI standards and ensure any AI policy frameworks interact well and are harmonized with such standards.
The Health IT End-Users Alliance thanks OSTP for the opportunity to provide input on this request for information. We are committed to being a partner in identifying unnecessary barriers to AI innovation, development, and implementation while ensuring patient safety and improving the healthcare experience for all stakeholders involved.