Abstract

Background: The integration of artificial intelligence (AI) in U.S. healthcare has created complex governance challenges due to fragmented regulatory oversight between HIPAA privacy regulations and FDA medical device approval processes. Current regulatory frameworks, developed prior to widespread AI adoption, may inadequately address the unique characteristics of continuously learning systems and multi-institutional data sharing requirements.
Objective: To evaluate the effectiveness of current regulatory frameworks governing healthcare AI implementation through comprehensive stakeholder analysis and quantify specific compliance barriers across diverse healthcare organizations.
Methods: We conducted a mixed-methods study combining semi-structured interviews with healthcare AI stakeholders, analysis of FDA regulatory pathways for AI devices, and detailed case studies of AI implementations. Participants included hospital administrators, AI developers, regulatory compliance officers, and clinicians from healthcare systems across four U.S. regions. We analyzed FDA clearance data for AI-enabled medical devices (2019-2023) and documented compliance challenges in real-world AI implementations. Data collection occurred from January 2023 to March 2024 using purposive sampling to ensure diverse organizational representation.
Results: Among stakeholders interviewed, regulatory uncertainty was widespread, with significant knowledge gaps between compliance officers (high regulatory familiarity) and clinicians (limited regulatory knowledge). HIPAA compliance challenges occurred in the majority of AI implementation cases, with data de-identification requirements and inadequate consent mechanisms representing the most frequent obstacles. FDA regulatory pathway analysis revealed substantial variation in approval timelines and oversight requirements, with most AI devices (67%) utilizing 510(k) clearance despite limited post-market surveillance requirements. Smaller healthcare organizations faced disproportionately higher compliance costs relative to project budgets and experienced longer implementation delays compared to large health systems. Economic analysis demonstrated that regulatory compliance costs comprised 11-30% of total AI project budgets, with significant variation by organizational size and complexity.
Conclusions: Regulatory fragmentation between HIPAA privacy oversight and FDA safety regulation creates substantial implementation barriers that vary significantly across healthcare organizations and stakeholder groups. The current framework inadequately addresses continuously learning AI systems and creates compliance uncertainty that may delay beneficial AI adoption while potentially exacerbating healthcare delivery inequities. Evidence-based policy reforms incorporating unified governance frameworks, risk-stratified compliance pathways, and standardized privacy assessment tools could enhance regulatory effectiveness while maintaining appropriate patient protections. These findings provide empirical foundation for ongoing federal policy development and practical guidance for healthcare organizations navigating current regulatory requirements.