California AB 3030 + SB 1120 Are Active FQHC AI Compliance Triggers — Disclosure + Consent + UM Restrictions in Effect
A May 2026 Holland & Knight legal review highlights two California laws that are now operational compliance triggers for any FQHC running AI:
- AB 3030 — mandatory patient disclosure plus explicit consent before AI is used in care
- SB 1120 — restrictions on AI in utilization management and prior-authorization decision-making (human clinician must make the final medical-necessity call).
Compliance obligations apply now to any FQHC running AI scribes (Abridge, Nabla, Suki, Heidi), AI patient-outreach (Artera Squads, healow Genie), or AI-assisted UM/prior-auth (eClinicalWorks AI Workbench). Federal preemption push is underway in Washington but no enacted preemption yet.
Pairs with already-tracked CHAI/NACHC Medicaid-eligibility AI Best Practice Guides — CHAI gives the governance scaffolding, AB 3030 + SB 1120 are the legal floor.
Strategic implication: FQHC CIOs and Compliance Officers should audit current AI deployments for AB 3030 patient-disclosure scripts and SB 1120 UM-decision pathways before mid-2026.
Key takeaways
- AB 3030 requires patient disclosure + explicit consent before AI is used in care
- SB 1120 requires human clinician to make final medical-necessity call in UM/prior-auth decisions
- Action item: audit AI scribe, patient-outreach, and UM workflows for AB 3030 + SB 1120 compliance now
Primary source
Holland & KnightFQHC Talent. (2026, May 26). California AB 3030 + SB 1120 Are Active FQHC AI Compliance Triggers — Disclosure + Consent + UM Restrictions in Effect. Primary source: Holland & Knight. Retrieved June 18, 2026, from https://www.fqhctalent.com/intel/ca-ab-3030-sb-1120-ai-compliance-active-2026
More in Risk & Compliance
Jul 5
Section 1557 Language Access Annual Notice Year 1 Anniversary — July 5, 2026 Compliance Window
Jun 9
FTCA CY2027 redeeming applications due June 26 — miss it and your FQHC has a malpractice-coverage gap
Jun 1
Two Compliance Signals for FQHCs: HRSA's FY2026 340B Manufacturer-Audit Results Go Live, and OCR's Ransomware Settlements Preview a Tougher HIPAA Security Rule
Jun 1
Eli Lilly Gives ~50 Covered Entities Five Days to Hand Over 340B Claims Data — or Lose Their Discounts