For defense teams and claims professionals, this creates both opportunity and serious exposure. According to the NAIC's 2025 health AI/ML survey, 84% of health insurers now use AI or machine learning — with 71% applying it to utilization management and 43% to claims adjudication. Adoption has moved well past the pilot stage.
But adoption without governance has already produced class action lawsuits, regulatory enforcement actions, and a fast-moving patchwork of state and federal rules that most claims organizations are still catching up to.
This article covers how AI is being applied in claims review today, where it's creating legal and regulatory risk, what federal and state frameworks require, and what best practices defense-side professionals should follow.
TL;DR: Key Takeaways
- 84% of health insurers use AI or ML — claims adjudication, utilization management, and prior authorization are all affected
- AI-driven bulk denials lacking individualized review have triggered class action lawsuits against UnitedHealthcare, Humana, and Cigna
- Federal rules (ERISA, Medicare Advantage regulations) set a baseline but leave significant AI-specific gaps
- 25 jurisdictions have adopted NAIC model bulletin guidance; California and Colorado have enacted binding AI laws
- Defense teams using purpose-built claims AI close the technology gap with plaintiff firms, provided human oversight remains part of the process
How AI Is Transforming the Claims Review Process
From Manual to Machine-Assisted
Traditional claims review was linear and labor-intensive. Each file required a line-by-line audit — medical records, police reports, demand packages, witness statements — consuming hours or days per review cycle. For adjusters already managing active caseloads, this created a constant capacity ceiling.
AI changes that calculus. The technologies now deployed in claims include:
- Machine learning for pattern recognition, anomaly detection, and outcome prediction
- Predictive analytics applied to coverage determinations and reserve-setting
- Generative AI for document summarization, medical chronologies, and appeal letter drafting
- Natural language processing to extract structured data from unstructured documents
An Accenture pilot reported a 74% reduction in claims settlement time — from 11.5 minutes to 3 minutes — using AI-assisted processing.
Rules-Based Automation vs. Adaptive AI
These two categories get conflated, but the operational difference is significant.
Rules-based automation follows predefined decision trees. It works for simple, structured claims with predictable parameters. It breaks down immediately when documents are unstructured: handwritten notes, ER records with non-standard formatting, or multi-provider medical files with inconsistent terminology.
Adaptive AI uses machine learning and natural language processing to analyze those messy, real-world documents. It can extract facts from scanned PDFs, identify treatment gaps in a medical record, or flag contradictions across a claim file without requiring manual data entry or standardized formatting.
For complex claims (bodily injury, workers' compensation, professional liability), the adaptive category is where the operational value is concentrated.
AI as a Multi-Sided Dynamic
AI adoption now extends to every party in the claims cycle. Insurers and TPAs use it to triage and process at volume. Providers use it to optimize revenue cycle management and submit stronger, better-documented claims. Patients are increasingly using AI tools to draft appeals.
Every participant is gaining capability simultaneously. That convergence makes closing the technology gap on the defense side more consequential, not less.
The Risks and Controversies Around AI in Claims Review
The Lawsuit Landscape
Three class action lawsuits — against UnitedHealthcare, Humana, and Cigna — put the risks of AI-assisted denials in sharp relief.
In the Cigna case, ProPublica reported that Cigna's PxDx algorithm was used to deny more than 300,000 claims in two months, with an average physician review time of 1.2 seconds per claim. The plaintiffs allege those claims were denied without individualized physician review.
In the UnitedHealthcare and Humana cases, plaintiffs allege that the nH Predict algorithm was used to deny Medicare Advantage post-acute care coverage, with complaints alleging that over 90% of those denials were reversed through internal appeal or ALJ proceedings. That figure is alleged, not adjudicated — but it prompted CMS scrutiny, congressional inquiries, and a wave of copycat litigation.
The core legal problem across all three cases is the same:
- Automated bulk denials bypass individualized medical necessity review required by state insurance laws and federal Medicare regulations
- AI-generated denials without human review may be facially invalid
- These denials are particularly vulnerable on appeal — a structural weakness plaintiffs have been quick to exploit
Algorithmic Bias and Discrimination Liability
The litigation risk isn't limited to volume-denial claims. Research published in Science by Obermeyer et al. found that a widely used health-risk algorithm — which used healthcare costs as a proxy for health needs — systematically underestimated the needs of Black patients. Correcting that bias would have increased the share of Black patients selected for additional care from 17.7% to 46.5%.
For insurers and claims organizations, this matters beyond abstract ethics. Algorithmic outputs that produce racially disparate outcomes create discrimination liability exposure — particularly as state laws require AI tools to be applied "fairly and equitably."
The HIPAA Gap
HIPAA protections apply to covered entities — health plans, providers, clearinghouses — and their business associates. Third-party technology companies developing or operating AI tools can qualify as business associates when they perform claims processing or utilization review involving protected health information.
Where an organization directs data to a third-party app not acting on behalf of a covered entity, HIPAA protections may not follow. Patient data fed into AI systems may lack strong legal privacy protections depending on how the vendor relationship is structured — creating liability exposure for organizations that deploy these tools without proper business associate agreements and access controls.
The Transparency Problem
When AI algorithms aren't disclosed or auditable, claimants and providers can't effectively challenge AI-driven decisions. Courts are still working through what "full and fair review" means when AI is involved, and the answer isn't settled. That ambiguity fuels litigation and makes it harder for claims organizations to defend their processes.
The Federal Regulatory Landscape
ERISA
ERISA's full and fair review standard — codified at 29 CFR 2560.503-1 — requires reasonable claims procedures, appeal rights, access to relevant documents, and consultation with an appropriately trained healthcare professional for appeals involving medical judgment. What this means specifically for AI-assisted claims decisions hasn't been addressed through binding DOL guidance or rulemaking. That's a significant gray area.
What isn't gray: the DOL sued UMR Inc. (a UnitedHealth subsidiary) for denying emergency room claims based on diagnosis codes and denying urinary drug screening claims without individual medical necessity review. That case settled for $20.25 million in 2025. The lesson doesn't require AI involvement to apply — bulk-automated denials will draw federal scrutiny regardless of the technology.
Medicare Advantage
CMS's 2023 Medicare Advantage final rule established a clear floor: algorithms or software tools may assist in coverage decisions, but cannot be the sole basis for denying or terminating coverage. Decisions must involve individual clinical circumstances reviewed by a licensed healthcare professional.
CMS proposed additional AI-specific guardrails and equity provisions in the proposed CY2026 rule, but those provisions were not finalized by the Trump administration and may be addressed in future rulemaking.
Medicaid
42 CFR 438.210 requires that authorization decisions involve a healthcare professional with appropriate clinical expertise. The regulation doesn't explicitly address AI, leaving enforcement to state managed care contracts and CMS oversight. That gap is widening as AI adoption in Medicaid managed care accelerates with limited federal specificity to guide it.
The Trump Administration's AI Framework
The White House's approach to AI governance emphasizes expanding deployment and limiting federal restrictions to industry-led standards. For claims professionals, two competing pressures are worth tracking:
- Federal preemption risk: The administration has proposed that Congress preempt state AI laws it characterizes as "cumbersome," which could displace some state-level protections currently in effect.
- State enforcement authority: Consumer protection laws governing fraud and discrimination remain a state enforcement domain — unaffected by the proposed federal framework.
For claims organizations operating across multiple jurisdictions, neither track has resolved. State laws remain operative now; the preemption question is one to monitor as legislative proposals develop.
State-Level AI Regulations: What Claims Professionals Need to Know
The NAIC Model Bulletin and Its Reach
As of April 1, 2026, 25 jurisdictions (including Washington D.C.) have adopted the NAIC's 2023 model bulletin on AI use by insurers. Four additional jurisdictions have issued their own insurance-specific AI regulations or guidance. The model bulletin isn't binding legislation, but adoption puts insurers on notice that regulators expect:
- AI governance and risk management documentation
- Validation and testing of AI tools
- Third-party vendor oversight
- Compliance with unfair trade practice prohibitions and anti-discrimination rules
- Audit rights and reporting on AI outcomes
States can examine an insurer's AI systems as part of market conduct reviews.
Binding State Laws
Beyond the model bulletin, two states have enacted binding legislation that goes further:
- California SB 1120 (effective 2024) prohibits health plans from using AI to deny, delay, or modify healthcare services based solely on AI output. Licensed healthcare provider judgment is required.
- Colorado SB24-205 requires reasonable care against algorithmic discrimination and gives consumers appeal rights connected to adverse consequential AI decisions.
New York's Department of Financial Services has proposed an insurance circular letter addressing AI use, governance, and unfair discrimination — though it hasn't been finalized as of mid-2025.
The ERISA Preemption Gap
The core structural limitation of state-level AI protections is straightforward: most of them apply only to state-regulated insurance products. KFF's 2025 Employer Health Benefits Survey reports that approximately 63% of covered workers are in self-funded employer plans — which are governed by ERISA and generally exempt from state insurance laws under the Supreme Court's ruling in FMC Corp. v. Holliday.
That means the majority of the privately insured workforce falls outside state AI consumer protection requirements entirely. For defense counsel and claims professionals, this gap directly shapes which AI-related challenges are likely to surface in litigation versus those that remain unaddressed by regulation.
The Defense Advantage: Why AI Is a Strategic Necessity for Claims Teams
The Technology Gap Is Real
Plaintiff law firms have been early, aggressive adopters of AI for case evaluation, damages modeling, and litigation strategy. Defense teams have historically relied on manual, document-heavy processes. That gap translates directly into longer timelines, higher exposure, and worse outcomes — and it shows up every time plaintiff counsel evaluates a claim and builds a litigation strategy while defense teams are still manually reviewing file documents.
What Purpose-Built Claims AI Can Do
General-purpose AI tools — ChatGPT, Gemini, and similar platforms — weren't built for claims defense. They don't know how to read a medical record in the context of a bodily injury claim, identify treatment gaps that affect causation, or benchmark a case against similar verdicts in a specific jurisdiction.
Purpose-built claims AI does those things specifically. For defense lawyers and claims managers, that means:
- Automatically structuring and classifying large document sets across an entire claim file
- Surfacing critical facts — contradictions, treatment inconsistencies, causation gaps — before they become reserve surprises
- Generating case evaluations that include liability assessment, damages exposure, reserve recommendations, and settlement ranges
- Benchmarking current claims against historical case patterns by jurisdiction, plaintiff counsel, judge, and fact pattern
- Delivering litigation-ready work product — medical chronologies, deposition outlines, motion drafts — that attorneys review, edit, and finalize
OraClaim is built specifically for this workflow. Co-founders Mark Tepper and Andy Anderson came from the defense side — litigating claims, managing risk, and analyzing high-exposure cases — and recognized firsthand that defense teams were losing ground to plaintiff firms moving faster with technology.
The platform's closed, access-restricted architecture preserves attorney-client privilege and work-product protection. AI-generated outputs are structured as first drafts for attorney review, never as final legal advice, so human oversight is built into the process by design. OraClaim also integrates with existing practice management systems (Clio, MyCase, Smokeball, PracticePanther) and document management platforms (NetDocuments, iManage, Worldox, Box), so teams don't need to abandon their existing workflows to use it.
Best Practices for Claims Professionals Adopting AI
Use Industry-Specific AI, Not General-Purpose Tools
The right AI for claims work is trained on insurance and legal data — not general internet content. Purpose-built systems understand the vocabulary of claims: medical causation, comparative fault, reserve adequacy, treatment patterns. General-purpose tools lack that domain grounding, and the output quality difference becomes apparent whenever the work product actually matters.
Build Human Oversight Into Every Decision Point
AI efficiency gains are real. But they don't replace the judgment of a licensed professional. For any adverse determination — especially medical necessity or coverage eligibility — a licensed professional should review the AI-generated output before it issues. CMS rules for Medicare Advantage require it. State laws like California SB 1120 require or strongly imply it. ERISA's full and fair review standard demands nothing less.
Maintain Audit-Ready Documentation
The regulatory environment is moving fast. Claims organizations should document:
- How AI tools are used in the workflow
- What data inputs inform AI outputs
- How outputs are reviewed before use in consequential decisions
- What controls exist to detect bias or error
This documentation supports a fast, defensible response to any regulatory inquiry or litigation challenge.
Showing that AI recommendations were subject to individualized professional review — with a documented audit trail — is exactly the kind of evidence that distinguishes defensible practice from the conduct at issue in the UnitedHealth, Humana, and Cigna cases.
Frequently Asked Questions
Are insurance companies using AI to review claims?
Yes. The NAIC's 2025 health AI/ML survey found that 84% of health insurers currently use AI or machine learning, with 43% applying it to claims adjudication and 71% to utilization management. AI is used for triage, document review, fraud detection, coverage determinations, and prior authorization.
What federal regulations govern AI use in claims review?
ERISA's full and fair review standard requires individualized professional review on medical judgment appeals for employer-sponsored plans. CMS's 2023 Medicare Advantage rule prohibits algorithm-only medical necessity denials. Binding AI-specific federal rules remain limited, though the regulatory landscape continues to shift.
What are the biggest legal risks of using AI in claims review?
The primary risks are bulk denials without individual review (which have triggered class actions against major insurers), algorithmic bias producing discriminatory outcomes, HIPAA gaps for third-party AI vendors without proper business associate agreements, and lack of transparency that prevents claimants from effectively challenging AI-driven decisions.
How do state laws regulate AI in claims decisions?
Twenty-five jurisdictions have adopted the NAIC model bulletin requiring AI governance, validation, and compliance with unfair trade practice rules. California and Colorado have enacted binding laws requiring human review of AI-assisted adverse decisions. ERISA preemption limits these protections for self-funded employer plans, which cover approximately 63% of privately insured workers.
What is the difference between rules-based automation and AI in claims processing?
Rules-based systems follow preset decision trees and require structured data inputs; they fail when documents are unstructured or inconsistent. AI systems use machine learning and natural language processing to analyze medical records, police reports, and handwritten notes, generating recommendations grounded in actual claim documents.
How can defense teams use AI in claims review without running afoul of regulations?
Four practices reduce regulatory exposure:
- Use purpose-built, claims-specific AI rather than generic tools
- Have a licensed professional review all AI outputs before any adverse decision
- Document how AI is used, what inputs it receives, and how outputs are reviewed
- Track evolving state and federal guidance, which varies significantly by jurisdiction
