←State PenaltiesHealthcare AI Regulatory Penalties — All 50 States
Healthcare AI Regulatory Penalties — All 50 States
HIPAA overlays, AI medical decision laws, prior authorization rules, and healthcare fraud penalties across all 50 states.
Color-coded by maximum imprisonment severity
Risk tier:HighMediumLow
| State | Tier | Law | Civil Fine | Criminal Fine | Imprisonment | HIPAA Overlay |
|---|---|---|---|---|---|---|
| Alabama | High | SB 63/HB 515 medical necessity | $100,000/act | $30,000 | 20 years (Class B Felony) | Yes |
| Alaska | Low | SB 133 prior auth | $25,000/instance | N/A | License suspension | Yes |
| Arizona | Medium | HB 2175 AI oversight | $1,000/violation | $10,000 enterprise | 6 months | Yes — up to $250K/10 yrs |
| Arkansas | Low | Insurance mandates | $1,000/violation | N/A | N/A | Yes |
| California | Medium | SB 1120 / AB 3030 | $25,000 (facility) | $10,000 | 1 year | Yes |
| Colorado | High | General facility/HIPAA | $10,000+ | $250,000 | 10 years | Yes — up to $250K/10 yrs |
| Connecticut | Low | DPH enforcement | $25,000 | N/A | N/A | Yes |
| Delaware | Medium | DHSS/Insurance Commissioner | $10,000/instance | $10,000 (Class F) | Felony terms | Yes |
| Florida | High | HIPAA + state licensing | $50,000/violation | $250,000 | 10 years | Yes — full HIPAA tiers |
| Georgia | High | CATCH Act / Facility licensing | $5,000 (serious harm min.) | $500,000 (kickback) | 10 years | Yes |
| Hawaii | Low | HB 820 AI review | $10,000/offense | N/A | 30 days (petty misd.) | Yes — up to $68,928/vio |
| Idaho | High | Medicaid fraud / Anti-kickback | $5,000/referral | $15,000 | 15 years (insurance fraud) | Yes |
| Illinois | High | Healthcare fraud | $50,000 (corp.) | $25,000 | Life (if death results) | Yes |
| Indiana | Low | IC 16-51-2.5 AI disclosure | $1,000/violation | N/A | N/A | Yes |
| Iowa | Low | Iowa Code 135C.36 | $10,000/citation (Class I) | N/A | Program exclusion | Yes |
| Kansas | Low | SB 405 Healthcare AI | $50,000/violation | N/A | N/A | Yes |
| Kentucky | High | KRS 223.991 | $500 | $250,000 (HIPAA) | 10 years (HIPAA) | Yes |
| Louisiana | High | HB 114 AI diagnosis | $10,000/violation | $250,000 | 10 years | Yes |
| Maine | Low | LD 1301 AI denials | $25,000/day (repeat) | N/A | N/A | Yes |
| Maryland | High | HB0820 AI healthcare | $10,000/offense | $250,000 (health data) | 10 years | Yes |
| Massachusetts | High | RPO reporting | $25,000/week | $250,000 | 10 years | Yes |
| Michigan | High | Public Health Code | $50,000 (willful neglect) | $250,000 | 10 years | Yes — full HIPAA tiers |
| Minnesota | Low | Health Records Act | $7,500/violation | Criminal prosecution | License revocation | Yes |
| Mississippi | Low | HB 1717 Medical Judgment | $5,000/violation | N/A | License suspension | Yes |
| Missouri | High | HIPAA enforcement | $50,000 | $250,000 | 10 years | Yes — full HIPAA tiers |
| Montana | High | HCA / Facility violations | $50,000 | N/A | 20 years (felony) | Yes |
| Nebraska | Low | LB 77 AI review | $1,000 (subsequent) | N/A | N/A | Yes |
| Nevada | Medium | AB 406 / BBSP | $15,000/violation | $5,000 (Cat D Felony) | 4 years | Yes |
| New Hampshire | Medium | HB 1406 / NHFCA | $11,000/claim + 3x damages | Class B Felony | 7 years (Medicaid fraud) | Yes |
| New Jersey | Medium | A3973 kickbacks | $20,000/violation | $50,000 | 5 years | Yes |
| New Mexico | Low | Medical Board / False Claims | $28,619/claim + 3x damages | N/A | License revocation | Yes |
| New York | High | Healthcare fraud | Up to $2.07M/year (HIPAA) | $250,000 | 25 years (1st degree) | Yes |
| North Carolina | High | Medical Board | $68,928/violation (HIPAA) | $250,000 | 10 years | Yes |
| North Dakota | Low | Prior auth reform | $500/day | Board sanctions | N/A | Yes |
| Ohio | Medium | ORC 3701.244 | $20,000/violation | $750 (health order) | 90 days (2nd degree misd.) | Yes |
| Oklahoma | Low | SB 1967 / HB 1915 | $500,000/year (aggregate) | $100,000/violation | Felony possible | Yes |
| Oregon | Low | OHA / Board of Pharmacy | $10,000 (pharmacy) | N/A | N/A | Yes |
| Pennsylvania | Medium | Facility licensing / HIPAA | $50,000/violation | $250,000 | 10 years (HIPAA) | Yes |
| Rhode Island | Low | S0013 healthcare AI | $50,000/violation (insurer) | N/A | N/A | Yes |
| South Carolina | Medium | Medicaid fraud / PMP | Treble damages + $2K/claim | $10,000 | 10 years (PMP felony) | Yes |
| South Dakota | Medium | SB 169 AI review | Cease-and-desist | $250,000 (HIPAA) | 10 years (HIPAA) | Yes |
| Tennessee | Low | SB 1261 AI utilization | Punitive damages | N/A | N/A | Yes |
| Texas | Low | SB 1188 / TRAIGA | $250,000 (financial gain) | N/A | License revocation | Yes |
| Utah | Low | HB 452 mental health chatbots | Admin fines | N/A | N/A | Yes |
| Vermont | Medium | Green Mountain Care Board | $10,000 (drug pricing) | $1,000/claim | 10 years (Medicaid fraud) | Yes |
| Virginia | Low | SB 754 reproductive data | $5,000 (subsequent willful) | N/A | N/A | Yes — up to $250K/10 yrs |
| Washington | Medium | Mental health parity | $300,000 (admin) | N/A | 364 days (gross misd.) | Yes |
| West Virginia | Medium | WV Code §9-7 | $50,000/violation (HIPAA) | $10,000 | 10 years (record destruction) | Yes |
| Wisconsin | Medium | Provider AI restrictions | $25,000 (willful) | $100,000 (for profit) | 3.5 years | Yes |
| Wyoming | Medium | SF0057 Price Transparency | $1,000/day | $250,000 (HIPAA) | 10 years (HIPAA) | Yes |