North Carolina AI Medical Billing Bill Targets Upcoding and Denials

North Carolina’s debate over artificial intelligence in medical billing is a preview of a broader policy conflict coming for healthcare: how to regulate algorithmic influence before it becomes embedded too deeply in reimbursement, utilization review, and claims operations.

House Bill 565, now titled “Limit Use of AI Medicaid/Commercial Insurance,” would restrict the use of artificial intelligence in healthcare billing and claims submission, while also limiting insurer reliance on AI in utilization review. The North Carolina General Assembly bill page shows the measure was re-referred to the Senate Judiciary Committee on June 3, 2026, after a Senate Health Care committee substitute was adopted. (North Carolina General Assembly)

The bill reflects a growing concern that AI may not merely automate administrative work, but also reshape the financial incentives behind care. That concern is especially acute in Medicaid and commercial insurance, where coding decisions, prior authorization determinations, and claim reviews directly affect public spending, provider revenue, patient access, and premium pressure.

The Policy Target Is Algorithmic Revenue Pressure

The most consequential part of the bill is its focus on upcoding. The proposed language would bar developers from designing, training, or materially modifying an AI system for healthcare coding, billing, or documentation if that system is designed to promote, incentivize, or systematically result in upcoding. It would also prohibit providers from using such systems.

Upcoding is already illegal when billing codes reflect a higher level of service, severity, or risk than the clinical record supports. The HHS Office of Inspector General describes upcoding as a common false claim involving codes that reflect more severe illness or more expensive treatment than actually existed. That existing enforcement backdrop matters because the North Carolina proposal is not creating upcoding risk from scratch. It is asking whether AI changes the scale, detectability, and accountability of an already recognized billing problem. (OIG HHS)

The policy concern is plausible. AI coding tools can analyze documentation and recommend codes quickly. If properly governed, they may reduce missed documentation, improve coding consistency, and relieve administrative burden. If poorly designed or incentive-aligned toward revenue maximization, they may normalize higher coding intensity without a corresponding change in clinical care.

That is the difference lawmakers are trying to capture. The issue is not whether AI can assist billing. The issue is whether AI can quietly turn documentation workflows into reimbursement optimization systems that exceed the clinical facts.

Human Review Is Becoming the Regulatory Baseline

The bill also addresses insurer use of AI in utilization review and prior authorization. The proposed language would prohibit an AI-based algorithm from serving as the sole basis for denying a utilization review determination. It would require North Carolina’s Medicaid agency to amend prepaid health plan contracts to include similar limits for AI-based denial of utilization review or prior authorization determinations.

That approach fits a broader national direction. Regulators and policy groups are increasingly converging around the idea that AI may support decisions, but should not replace accountable human review in high-stakes healthcare determinations. Reporting from WRAL described the proposal as limiting AI’s role in denials and billing while preserving human involvement in claims and prior authorization decisions. (WRAL News)

This is not only a patient protection issue. It is also a documentation and liability issue. If a claim is denied, a service is delayed, or a code is challenged, affected parties need to know what evidence was reviewed, what recommendation the AI system made, who approved the final decision, and whether the outcome complied with law and policy.

Human review must also be meaningful. A clinician, coder, or claims reviewer clicking approval on an algorithmic recommendation without enough time, context, or authority to disagree does not create real oversight. It creates a thin layer of human validation over automated decision-making.

Providers Are Right to Worry About Ambiguity

Provider concerns should not be dismissed. Hospitals and physician groups are already subject to extensive billing compliance rules, payer audits, Medicaid requirements, False Claims Act exposure, coding edits, and documentation standards. Adding a separate AI attestation process could create uncertainty if the law does not clearly distinguish intentional design, negligent deployment, vendor failure, and ordinary coding disagreement.

The bill’s proposed annual AI compliance attestation for Medicaid participation could become a useful accountability tool if narrowly designed. It could also become another administrative burden if providers are asked to certify compliance without clear standards for what must be reviewed, documented, tested, or retained.

That distinction matters. A health system using an AI-assisted coding product may not control the model’s training data or internal logic. A physician practice may rely on vendor representations. A hospital may deploy multiple revenue cycle tools across departments. A broad attestation requirement could leave providers responsible for technical claims they cannot independently verify unless procurement and audit rights are built into contracts.

The better compliance model would tie attestation to concrete controls: inventory of AI billing tools, vendor due diligence, audit sampling, documentation review, human override procedures, incident reporting, and governance ownership. Without those elements, attestation risks becoming paperwork rather than protection.

Developers Need Direct Accountability

One important feature of the North Carolina proposal is its inclusion of developers. That matters because AI risk is often distributed across parties. A provider may use a tool. A vendor may design it. A billing company may configure it. A payer may audit the output. A patient may bear the cost.

If regulation focuses only on providers, developers can avoid responsibility for systems that create improper incentives. If regulation focuses only on developers, providers can avoid responsibility for how tools are deployed. A credible framework must reach both.

The National Association of Insurance Commissioners has addressed AI risk in insurance through its model bulletin on insurer use of artificial intelligence, which emphasizes governance, accountability, risk management, and compliance across the insurance life cycle, including claims management and fraud detection. That same logic applies to provider-side billing tools. AI governance should follow the system from design to deployment to monitoring. (NAIC Content)

For developers, the practical implications are significant. Products marketed for coding, documentation, claims optimization, charge capture, risk adjustment, or denial management may need stronger evidence that recommendations are clinically supportable. Vendors should expect more questions about training data, bias, documentation sources, audit logs, output testing, and safeguards against systematic inflation.

Claims Integrity Needs Better Data Governance

North Carolina’s proposal sits inside a larger program integrity environment. CMS uses the National Correct Coding Initiative to prevent improper payment when incorrect code combinations or units are reported. Medicaid program integrity efforts also rely on correct coding methodologies to reduce improper payments. (Centers for Medicare & Medicaid Services)

AI changes the scale of that challenge. A human coder may make errors. A poorly governed AI tool can reproduce the same error across thousands of claims. A model trained on historical billing patterns may learn from past coding intensity rather than clinical appropriateness. A system optimized to reduce missed revenue may drift toward higher reimbursement categories unless controls are explicit.

The state’s concern about Medicaid spending is therefore not only political. It is operational. Medicaid claims systems were not built for a world in which AI can generate, recommend, or validate billing codes at high volume. Oversight models need to account for algorithmic consistency, model drift, and vendor-driven coding logic.

The NIST AI Risk Management Framework offers a useful structure for this type of governance because it focuses on mapping, measuring, managing, and governing AI risks. In billing, that translates into knowing where AI is used, measuring whether outputs are supported by records, managing exceptions, and assigning accountability when systems behave improperly. (NIST)

The Legislative Challenge Is Precision

The central challenge for House Bill 565 is precision. A law that is too weak may allow AI-driven billing and denial systems to expand without meaningful accountability. A law that is too broad may chill legitimate tools that improve documentation accuracy, reduce manual burden, or help clinicians and coders identify supportable claims.

That balance is difficult because AI in healthcare administration is not one technology. It includes ambient documentation tools, coding assistants, utilization management systems, claim scrubbers, fraud detection engines, risk adjustment platforms, and payer review models. Each has a different risk profile.

North Carolina’s bill is strongest where it focuses on high-stakes outputs: denial decisions and upcoding. Those areas directly affect access, spending, provider compliance, and patient cost. The bill will need careful drafting to ensure that enforcement targets systems designed or deployed to produce improper outcomes, not legitimate tools that support accurate coding and require clinical confirmation.

Healthcare leaders should treat the debate as a signal, regardless of the bill’s final form. AI billing and utilization tools will draw more scrutiny from states, payers, regulators, and litigants. The organizations best prepared will be those that can explain exactly where AI is used, how recommendations are reviewed, how coding accuracy is tested, and how patients and payers are protected from automated overreach.

AI will remain in healthcare administration because the economic pressure to automate is too strong. The unresolved question is whether governance can keep pace with the incentives AI is being asked to optimize. North Carolina is now testing that question in statute.