From Physician’s Weekly:
The HIPAA Privacy Rule doesn’t specify provisions for protecting PHI data entered in AI technologies. What the rule does stipulate is that healthcare entities are not obligated to get patient consent for interoperability and electronic exchange of PHI. Certain states or entities, however, adopted bills, policies, regulations, or statutes requiring opt-in or opt-out consent from patients. The George Washington University Milken Institute School of Public Health pulled together a list of those states and entities, but its last update was in 2016.