In this episode of Jackson Walker Fast Takes, host Courtney White welcomes Healthcare partners Phil Kim and Cheryl Murray for a conversation about how artificial intelligence is reshaping healthcare and the growing need for clear guidance around its use. They discuss new Texas laws, evolving federal considerations, and what organizations should be thinking about as AI becomes more integrated into patient care, emphasizing the importance of staying informed and taking a proactive approach as the landscape continues to change.
Featured This Episode
Our Host: |
||
 Courtney WhiteResearch Attorney, Dallas & Houston Follow on LinkedIn » Instagram: @courthousecouture |
||
Episode Guests: |
||
 Phil KimPartner, Dallas Follow on LinkedIn » |
Cheryl Camin Murray |
|
Episode Transcription
Courtney White: Hi everyone, I am Courtney White, and this is Jackson Walker Fast Takes. The healthcare landscape is changing daily because of the use of artificial intelligence. I have asked two of my colleagues to join this episode to discuss it further. Cheryl Murray and Phil Kim are healthcare partners in the Dallas office. Cheryl and Phil, welcome to the podcast.
Cheryl Murray: Happy to be here. Thank you.
Phil Kim: Thanks, Courtney.
Courtney White: Phil, could you quickly discuss what you and Cheryl do every day?
Phil Kim: Absolutely. Between the two of us, we cover the full life cycle of what we would look for in a healthcare company. So that would encompass the regulatory compliance side, the privacy side, and the transactional side of our practices.
They tend to live on whether it be diligencing companies or structuring, or in this case with digital health and medtech companies, just helping them to navigate the regulatory landscape, especially as it relates to AI-enabled products and bringing them to market.
Courtney White: Obviously, AI has been a buzzword for years. Why is this particular moment important or different for healthcare?
Phil Kim: That’s a great question. AI isn’t anything new to healthcare. It’s a technology that has been around for years. It is just something that has matured a lot more, and dramatically over the last few years. Large language models, computer vision tools, as well as predictive analytics platforms, have really helped us move well beyond that proof-of-concept stage.
So what’s different now is that we’ve got the convergence of a lot of different forces in play with GenAI and LLMs, expanding use cases. You’ve got historically things like the da Vinci surgical robot, of course, that have been used in millions of procedures, and different AI-assisted radiology tools that we’re all well aware of. But as we’ve seen the convergence of things like generative AI and LLMs, adoption has been faster and more pervasive across healthcare than most other sectors. And so we’re quickly moving from narrow AI doing one specific task to tools that can do a host of different things, whether it be simple tasks like drafting clinical notes, but also interacting with patients, summarizing records, and supporting diagnostic reasoning.
And so what we’re seeing now is somewhat of an awakening on the regulatory side, and it’s happening at both the state and federal levels. The stakes are quite high when it comes to healthcare, of course. And as with most things in their nascent stages, there is a significant governance gap where organizations are deploying AI at an unheard-of speed without always having mapped out these tools against the regulatory frameworks that often govern their operations. We’re regularly playing catch-up, and there are all kinds of different patient safety implications, and it demands a lot of our attention right now.
Courtney White: I can only imagine. Thank you for that great intro. And Cheryl, I want to turn to you next to discuss a specific piece of legislation that people have really been talking about. So could you please tell us about Texas Senate Bill 1188 and why it matters?
Cheryl Murray: You bet. So as you stated, Courtney, Senate Bill 1188 is one of the most significant state-level efforts that does regulate AI in healthcare. It’s already in effect. It became effective September 1, 2025. And at a big-picture, high level, it imposes new obligations on medical facilities, healthcare practitioners, and even some governmental entities with regard to their use of AI in the electronic health records.
So it all revolves around electronic health records and how these healthcare providers store patient information and how it may be stored in the record. In particular, it requires that the patient information has to be stored in the EHR in the United States. This bill also requires that healthcare practitioners who use AI for diagnostic purposes have to review the accuracy of this AI-generated data, and they have to disclose to the patients that they’re using AI for diagnostic purposes. The bill prohibits the collection of credit scores or voter registration status in EHRs, and it guarantees patients or their guardians full access to a minor’s electronic health record upon request.
So the big picture and idea is that patients should know when AI is playing a role in the decisions that affect their healthcare. And of course, there are violations that are provided in the bill, which provide that there could be imposed civil penalties ranging from $5,000 to $250,000 per violation, depending upon the violator’s intent. So there could be serious ramifications for noncompliance.
Courtney White: Thank you, Cheryl. That sounds like a very important bill for our listeners to know about. And Phil, can you please talk about TRAIGA? Can you walk us through what that is and why listeners should have that on their radar?
Phil Kim: TRAIGA is, as Cheryl was talking about, if SB 1188 is the healthcare-specific law, TRAIGA is the broader framework. It stands for the Texas Responsible Artificial Intelligence Governance Act. And it was signed in the middle of last year, but took effect at the beginning of this year. And the biggest difference is scope.
So SB 1188’s disclosure requirement, as Cheryl mentioned, is limited to diagnostic AI. TRAIGA goes further than that, where if a provider uses any AI system in relation to healthcare service or treatment, even preventive care and treatment planning, they have to disclose to the patient or their personal representative, and that disclosure needs to be clear and conspicuous, written in plain language.
So what that means is that TRAIGA draws some hard lines. You can’t use AI to manipulate human behavior to cause harm. You can’t deploy it with the intent of unlawfully discriminating against a protected class, things that we would all typically expect. For our digital health clients, these prohibitions matter, especially if you’re building or deploying patient-facing AI tools that aren’t regularly used in a clinical setting within a hospital.
So two things I tend to flag for every client are that there’s a safe harbor, and enforcement runs through the Texas AG’s office. So it can range from as low as $10,000 to $200,000 per violation. There’s a 60-day cure period before the AG can bring an action.
And so the law actually rewards organizations that are acting in good faith in response to any wires that they may have tripped. And Texas often gets a bad rap, but TRAIGA is a first-in-the-nation state AI regulatory sandbox that we see Texas creating, and the Texas Department of Information Resources administers it. So it’s a really innovative tool that allows companies to test innovative AI systems for up to three years with reduced regulatory burden. And for health tech companies and investors alike, I think that’s a real draw to the Texas market.
Courtney White: Cheryl, as states like Texas move forward with their own legislation, could you please summarize for us what is happening at the federal level? Is there a preemption issue on the horizon?
Cheryl Murray: This is one of the most important questions, Courtney, and quite frankly, it’s unsettled in the space right now. The short answer is that federal preemption is complicated, and it’s still developing. On December 11, 2025, our president signed an executive order titled Ensuring a National Policy Framework for Artificial Intelligence that establishes a minimally burdensome national standard for AI, and it’s to challenge state laws that are viewed by the administration as overly burdensome.
So we have this existing federal framework that touches on AI and healthcare, but it’s not really put in place in a way that preempts state law. And we also have other mechanisms in place from a federal perspective that impact and regulate AI. For example, the FDA has been actively working on its regulatory approach to AI and machine-learning-enabled medical devices, and it’s issued guidance documents. We have HIPAA, which governs the use and disclosure of protected health information, and that’s often the fuel that powers healthcare AI systems, that PHI. And CMS has even weighed in on the use of AI in coverage and utilization review decisions.
So on one hand, there’s no comprehensive federal AI statute today, but Congress has introduced various proposals, and although nothing’s been enacted to create a unified federal framework, we have some things percolating that down the road may come into effect.
So we have this patchwork problem where if you’re a health system operating in multiple states or a digital health company with a national footprint, you may be subject to overlapping and potentially inconsistent obligations based on various state laws, with no federal preemption in place that would come in and kind of be the law of the land.
So what we’re telling clients is they shouldn’t wait for federal clarity. The state legislative activity is real, it’s accelerating, and compliance obligations are being created now. So organizations should build their AI governance frameworks in a way that is flexible to accommodate a future federal standard, because when the federal legislation comes into play, it’s going to likely set a floor, not a ceiling, and it may or may not preempt state-specific requirements because the compliance landscape is not static. It’s shifting faster right now than pretty much anything we’ve seen in recent memory.
Courtney White: So Phil, our listeners are busy professionals, practitioners, and in-house counsel. Could you give them a few practical takeaways they should be acting on right now?
Phil Kim: Yeah, happy to. And I’d say that these takeaways apply across the board, whether you’re a health system, a PE-backed platform, a digital health company, or a physician group just trying to figure out where the guardrails are.
First, I would say inventory your AI. That may sound very basic, but a lot of organizations I work with can’t tell me exactly where AI is running in their operations. So you’ve got tools embedded within your EHR that your IT team may not even think of as AI. You’ve got different ambient listening and scribing tools that clinicians downloaded on their own. You’ve got AI baked into your RCM or scheduling platform or even your patient portal. So ultimately, you can’t govern what you can’t see, and you definitely can’t comply with SB 1188’s disclosure requirement if you don’t know what to disclose.
Second, I would say review your vendor contracts. That’s what I spend a lot of my time doing right now for clients. Your agreements need to make sure to address data ownership, model transparency, US-only data storage to the extent that you can to comply with SB 1188’s localization requirement. You need indemnification for AI outputs. Most critically, I would say you need an explicit prohibition on the vendor using your PHI to train its general-purpose AI model for the benefit of other customers. A lot of legacy tech agreements simply don’t cover or address any of this. So you need to make sure to review those contracts.
Third, I would say establish governance. Make sure that it’s current, that it stands up against a cross-functional AI governance committee, whether that’s legal, compliance, IT, leadership, or privacy. And don’t treat it as a one-and-done exercise. Compliance is never static. So in the dynamic framework we see ourselves in today, I’ve seen organizations relying on AI policies drafted from 2023, and that’s simply too far back.
Fourth, I would say monitor the legislative landscape. There are over 250 bills across 47 states. So you need to track where you are and what your legislators are doing because it’s a real compliance management challenge.
And lastly, I’d say, and this is the one I think people aren’t paying enough attention to, is agentic AI. We’re starting to see AI systems that don’t just answer questions or flag results. They act autonomously. So they chain together tasks, interact with EHRs and third-party systems, pull data, make decisions, and even execute workflows with limited or sometimes no human supervision in between steps. So it’s a scary thought, but oversight, audit, and accountability questions definitely will arise.
And it’s fundamentally different from what we’ve been dealing with in the past. So we need to make sure that there’s not just an existing governance framework, but one that is dynamic and built specifically for these types of AI tools.
Courtney White: And Cheryl, before we wrap up, I understand there’s an upcoming opportunity for a webinar that our listeners can tune in to and learn a little bit more about these topics. Could you tell us about that webinar in September and how individuals can contact you if they want to attend?
Cheryl Murray: You bet. As you mentioned, Courtney, the webinar will take place in September, and it’s going to take a much deeper dive into the legislative and regulatory landscape for AI and healthcare. We’ll cover specific compliance obligations that organizations need to be aware of and walk you through actual practical frameworks for AI governance. And it’s going to be useful, we think, for lawyers, non-lawyers, as well as all executives and individuals working in healthcare. So if you’re interested in receiving an email invitation, please contact Cara Johnson, and that’s cjohnson, J-O-H-N-S-O-N, at jw.com. We hope you can join us.
Courtney White: Cheryl and Phil, thank you so much for joining the JW Fast Takes podcast today.
Phil Kim: Thanks for having us.
Cheryl Murray: My pleasure.
Courtney White: For more information and additional JW Fast Takes podcasts and webinars, please visit jw.com/fast.
The opinions expressed do not necessarily reflect the views of the firm, its clients, or any of its or their respective affiliates. This article is for informational purposes only and does not constitute legal advice.
Meet Jackson Walker
Since 1887, Jackson Walker has represented some of the most influential companies and business leaders in the world. Today, we remain firmly rooted in Texas while serving clients around the globe. With more than 500 attorneys, we are the largest law firm in the state. Jackson Walker consistently ranks among leading firms in Chambers and Partners, Best Law Firms® by Best Lawyers, and as a BTI Client Service A-Team based on feedback from corporate counsel.
