Photo of Carolyn Metnick

Carolyn Metnick

Subscribe to Carolyn Metnick's Posts

Carolyn Metnick is a partner in the Corporate Practice Group in the firm's Chicago office and a member of the Healthcare and Privacy & Cybersecurity Teams.

Contact:Read more about Carolyn Metnick

In early August, Illinois enacted the Wellness and Oversight for Psychological Resources Act (HB 1806, or the “Act”), making it the first state to pass a law regulating the use of AI[1] in the delivery of therapy and psychotherapy services. The Act, which took immediate effect, imposes guardrails on the use of AI to provide decision-making therapeutic support services, but permits the use of AI for administrative and supplementary tasks, subject to certain consent requirements. This blog post summarizes the Act and addresses its potential implications for the use of agentic AI by Illinois therapy providers.Continue Reading Illinois Becomes the First State to Regulate the Use of AI Mental Health Therapy Services

California continues to lead the nation in artificial intelligence (“AI”) regulation with the recent enactment of Senate Bill (“SB”) 53—the Transparency in Frontier Artificial Intelligence Act (“TFAIA” or the “Act”)[1]. Signed by Governor Gavin Newsom earlier this fall, the TFAIA takes effect January 1, 2026, and establishes significant oversight, accountability, and reporting requirements for advanced developers at the cutting edge of artificial intelligence. This law sets a framework for transparency and public safety, and is expected to set a nationwide precedent for future AI legislation to come.Continue Reading California Enacts SB 53: A Defining Step in Responsible AI Governance for Frontier AI Developers

Healthcare organizations of every shape and size are rapidly expanding their use of artificial intelligence solutions from high-risk applications like clinical decision-support interventions, ambient listening, and charting to lower-risk administrative activities like automated patient communications and scheduling. While adoption is widespread and increasing in depth and breadth across the industry, not every healthcare organization has established governance around AI or a monitoring process for exploration and adoption of new tools – including those contemplating a sale of assets or equity. For buyers in healthcare mergers and acquisitions today, AI diligence needs to be a focus, given the potential risk of compliance and class action concerns related to high-risk AI solutions, particularly those that have any interaction with protected health information (“PHI”) regulated under the Health Insurance Portability and Accountability Act, as amended and pursuant to its implementing regulations (collectively, “HIPAA”).Continue Reading AI Due Diligence in Healthcare Transactions

At the end of June, Texas enacted the “Texas Responsible Artificial Intelligence Governance Act” (the “Act”), adding to the patchwork of growing AI laws. This summary addresses the Act’s most significant provisions.Continue Reading Texas Enacts Responsible AI Governance Act Adding to Patchwork of AI Laws

On June 10th, Sheppard Mullin partner Carolyn Metnick and associate Esperance Becton, in collaboration with Marsh McLennan, presented the CLE webinar, “Navigating Healthcare Risks in a Rapidly Evolving Patient and Provider Centered AI Landscape.” The session addressed the growing legal, operational, and ethical risks of AI adoption in healthcare, emphasizing the importance of thoughtful governance and risk mitigation. Key discussion points included regulatory compliance, implementation strategies, liability trends, Marsh’s generative AI risk framework, and insurance considerations.Continue Reading Key Insights from Sheppard Mullin and Marsh McLennan’s Webinar on Navigating Healthcare Risks in a Rapidly Evolving AI Landscape

Congress is weighing a sweeping proposal that could significantly reshape how artificial intelligence (AI) is regulated across the United States. At the end of May, the United States House of Representatives passed, by a vote of 215-214, the One Big Beautiful Bill Act (OBBBA), a budget reconciliation bill with a provision imposing a 10-year moratorium on the enforcement of most state and local laws that target AI systems. If enacted, OBBBA would pause the enforcement of existing state AI laws and regulations and take precedence over emerging AI legislation in state legislatures across the country.Continue Reading The One Big Beautiful Bill Act’s Proposed Moratorium on State AI Legislation: What Healthcare Organizations Should Know

Utah is one of a handful of states that has been a leader in its regulation of AI. Utah’s Artificial Intelligence Policy Act[i] (“UAIPA”) was enacted in 2024 and requires disclosures relating to consumer interaction with generative AI with heightened requirements on regulated professions, including licensed healthcare professionals.Continue Reading Utah Enacts AI Amendments Targeted at Mental Health Chatbots and Generative AI

The integration of artificial intelligence (AI) tools in healthcare is revolutionizing the industry, bringing efficiencies to the practice of medicine and benefits to patients. However, the negotiation of third-party AI tools requires a nuanced understanding of the tool’s application, implementation, risk and the contractual pressure points. Before entering the negotiation room, consider the following key insights:Continue Reading Key Considerations Before Negotiating Healthcare AI Vendor Contracts

2024 marked a notable year in AI and healthcare, with AI being top of mind for all healthcare players, including providers, technology companies, developers and regulators. The adoption of AI into clinical settings became more common, as scribe and clinical-decision support products gained popularity and EMR vendors incorporated AI tools into their products. The federal government released guidance, established task forces and implemented the directives of the 2023 Executive Order on AI. Similarly, state regulation began to unfold with some states passing legislation around AI’s use in healthcare.Continue Reading Healthy AI: 2024 Year in Review

The U.S. Department of Health and Human Services (“HHS”) issued a Notice of Proposed Rulemaking (the “Proposed Rule”) on December 27, 2024, to significantly amend HIPAA’s Security Rule, which sets forth the security standards for the protection of protected health information by covered entities and their business associates. The Proposed Rule’s issuance was expected, especially in light of the growing number of health data breaches and disclosures of large scale foreign cyberattacks.Continue Reading HHS’ Last-Minute Holiday Gift: Proposed Changes to the HIPAA Security Rule

Texas is joining a growing number of states in considering comprehensive laws regulating use of AI. In particular, the Texas Legislature is scheduled to consider the draft “Texas Responsible AI Governance Act” (the “Act”), which seeks to regulate development and deployment of artificial intelligence systems in Texas. Critically, as most states continue to grapple with the emergence of AI, the Act could serve as a model for other states and could prove tremendously impactful.Continue Reading Texas Considers Comprehensive AI Bill