Your Practice Just Adopted AI. Does Anyone Know Which Rules Apply?
The Adoption Already Happened. The Governance Didn't.
Somewhere between 2023 and 2024, AI in healthcare stopped being a pilot program and became infrastructure. An AMA-backed survey found that 66% of U.S. physicians used AI in practice in 2024, up from 38% in 2023 (TATEEDA | GLOBAL, 2026 AI Trends in US Healthcare, March 2026). That's not gradual adoption. That's a system-wide shift that happened faster than any compliance framework could reasonably track.
At the practice level, this usually didn't arrive as a big strategic decision. It arrived as features. Your EHR vendor turned on ambient documentation. Your front desk started using an AI scheduling assistant. Someone in billing subscribed to a coding tool. And now, without anyone formally deciding anything, your practice is deploying AI in clinical, administrative, and financial workflows simultaneously.
The problem is that the rules have arrived, even if the governance hasn't.
The Patchwork Is Not a Placeholder. It's the Law Now.
A lot of practice managers I talk to are waiting for federal clarity before they update their policies. I think that's a real risk, because the state-level rules are already in effect and the federal posture right now is more about preempting state law than filling the gaps.
In 2025, 47 states introduced more than 250 bills touching health AI regulation. Of those, 33 became law in 21 states (Manatt Health, Health AI Policy Tracker, updated April 2026). The pace in 2026 is no slower: 43 states have introduced over 240 bills already (Healthcare Brew, What's the state of healthcare AI regulation?, March 2026).
Two of the most concrete laws are already active. Texas's TRAIGA, effective January 1, 2026, requires licensed healthcare practitioners to provide patients with conspicuous written disclosure of AI use in diagnosis or treatment before or at the time of interaction. California's AB 489, also effective January 1, 2026, prohibits design elements that imply an AI has a healthcare license, and hands enforcement jurisdiction to professional licensing boards (Akerman LLP, HRx: New Year, New AI Rules, January 2026).
Maryland went further. HB 1563, effective June 2026, requires health insurers to report quarterly to the Insurance Commissioner on adverse decisions, including whether AI was involved, with specific scrutiny on emergency department denials (Holland & Knight, States Continue Efforts to Regulate AI in Healthcare, May 2026).
For a practice operating across multiple states, or for a credentialing team supporting a multi-site health system, the compliance surface here is genuinely complicated.
Where Credentialing Gets Specific
Most of the AI governance conversation focuses on clinical tools. But there's a credentialing angle here that deserves its own attention, and it's one I think the industry is underweighting.
AI-assisted credentialing tools can compress onboarding timelines from 120 days to as few as 30 by automating primary source verification, data validation, and payer enrollment (Censinet, How AI Agents Reduce Provider Credentialing from 120 Days to 30, February 2026). That's a real operational gain. But those tools are running on your provider data. And if your underlying data has drifted, the AI doesn't catch that. It automates it.
This is the part that gets missed in the efficiency pitch. AI credentialing tools are optimized for speed through a known process. They are not optimized for detecting that a provider's license lapsed last quarter, that a DEA registration address no longer matches the state of practice, or that a hospital affiliation your system filed three years ago was quietly terminated. Those are data integrity problems, not process problems, and AI process automation doesn't solve them.
ONC's HTI-1 Final Rule, effective March 2024 with the DSI standard integrated into Base EHR requirements by January 2025, requires AI vendors providing Predictive Decision Support Interventions to publish Intervention Risk Management summaries covering risk analysis and governance (AccountableHQ, Healthcare AI Regulations 2025, March 2026). That's a meaningful transparency step. But it only applies to tools certified under the ONC program. The broader credentialing tooling ecosystem, including many point solutions your team might use, isn't covered.
What that means practically: your team still needs to audit the inputs, not just trust the outputs.
What Argoseer Actually Does Here
Argoseer is not a credentialing system. We don't replace CAQH, Medallion, Modio, or any CVO. We don't perform primary source verification or issue licenses.
What we do is monitor. We watch 1.8 million provider records continuously, pulling delta events from NPPES, state licensing boards, DEA, OIG, and NPDB to flag what has changed since your credentialing system last touched a record. Right now, across the 217,802 practices and 820,329 providers in our pipeline, we're tracking 840 recent delta events and 12,020 practices with at least one active data mismatch.
The framing I keep coming back to: your credentialing system tracks what you filed. Argoseer verifies whether it's still true.
In a governance environment where state laws are now asking you to demonstrate AI oversight, disclose AI use to patients, and in some cases report on AI-influenced decisions, the underlying data quality question becomes a compliance question too. If your AI credentialing tool is running on stale records, the disclosure and accuracy obligations don't disappear because you used automation to get there.
We're not the compliance answer to TRAIGA or HTI-1. But we're part of the data foundation that makes any AI-adjacent compliance posture defensible.
What This Means for Practice Managers Right Now
I'd suggest a short checklist before the end of this quarter:
First, inventory every AI tool your practice is currently using, including EHR-embedded features that may have activated automatically. Second, map each tool against the states where you operate and check whether disclosure obligations apply. Texas and California are live now. Third, review your consent forms and intake materials for disclosure language. The Texas requirement is for conspicuous written disclosure before or at time of interaction, which is a higher bar than a footnote in your privacy policy.
Fourth, and this is the part most relevant to credentialing teams: audit the data quality going into any AI-assisted credentialing or verification workflow. The NIST AI Risk Management Framework, while voluntary, is a reasonable starting scaffold for documenting your governance posture (World Economic Forum, as cited in HealthStream, The Role of AI in Modernizing Provider Credentialing, August 2025).
The federal picture may eventually simplify some of this. But the March 2026 National Policy Framework from the Trump Administration was focused more on preempting state regulation than on building federal guardrails for providers (Holland & Knight, AI Regulation: The New Compliance Frontier, April 2026). Until that resolves, the state patchwork is the compliance reality.
See how Argoseer can support your data integrity baseline at argoseer.com/product/monitor.
Argoseer
Building the future of provider data intelligence.
