AAI Compliance Atlas
FrameworksState lawsIndustriesToolsNews
GuidesMap my obligations →
AAI Compliance Atlas

Structured, continuously verified reference for US AI compliance — federal frameworks, state laws, and the obligations that connect them.

Atlas

  • Frameworks
  • State laws
  • Industries
  • By role
  • Comparisons

Tools

  • Compliance Checker
  • Penalty Calculator
  • Impact Assessment

Resources

  • Guides
  • News
  • Blog

Company

  • About
  • Contact
  • Privacy
  • Terms
© 2026 AI Compliance Atlas. Informational only — not legal advice. Consult qualified counsel before making compliance decisions.Verified Jun 9, 2026
  1. Home/
  2. Industries/
  3. Healthcare/
  4. Utah Artificial Intelligence Policy Act
In effectSB 149 (2024); amended by SB 226, HB 452, SB 332 (2025)Utah

Utah Artificial Intelligence Policy Act for Healthcare

How Utah Artificial Intelligence Policy Act applies to healthcare organizations and the obligations to plan for.

Effective
May 1, 2024
Max penalty
$5K
Applies to
deployer + vendor

Why this law matters for healthcare

Healthcare providers, payers, and health-tech vendors deploying AI for clinical decision support, diagnostics, prior authorization, or patient interaction.

Licensed healthcare providers using generative AI in patient-facing high-risk medical or mental-health advice interactions must disclose AI use under Utah Chapter 77; mental-health chatbots also need Chapter 72a controls. Organizations operating in Utah should treat this law as part of the baseline regulatory obligations alongside any sector-specific federal rules.

Key obligations

  • disclosure→ deployerUtah Code § 13-2-12(2)

    Persons in regulated occupations using generative AI must proactively disclose at the start of an interaction that the consumer is interacting with generative AI; other consumer-facing entities must disclose upon consumer inquiry.

    Deadline: at_interaction

Recommended next steps

  1. Inventory AI systems used in healthcare workflows that may fall within Utah Artificial Intelligence Policy Act's scope.
  2. Map each system against the obligations above and identify the responsible role (developer vs deployer).
  3. Adopt a structured framework — see NIST AI RMF and ISO/IEC 42001 — to demonstrate due care and produce audit-ready evidence.
  4. Document obligations satisfied and gaps in a single register, refreshed at the cadence required by the law (typically annual).

Automate AI governance with OneTrust

partner link

Manage AI inventory, risk assessments, and policy enforcement across your organization. Used by hundreds of regulated enterprises.

See OneTrust AI Governance →
Related
  • Utah Artificial Intelligence Policy Act — full law detail
  • All AI laws applicable to healthcare
  • All AI laws in Utah
  • HIPAA compliance for AI in healthcare — PHI, BAAs, de-identification, Security Rule controls, breach response, and FDA overlap
Legal disclaimer

This content is informational only and does not constitute legal advice. Laws change frequently and vary by jurisdiction. Consult qualified legal counsel before making compliance decisions. Information accuracy not guaranteed as of any specific date.

We may receive referral commissions from recommended compliance tools. Recommendations are based on product fit and not on commission size. Links marked “partner link” include a tracked redirect.