Texas has taken an important step towards regulating artificial intelligence (AI) with the passage of House Bill (HB) 149 and Senate Bill (SB) 1188. The private sector, including health care providers. The law is designed to promote transparency and responsible deployment of AI, particularly in the context in which automated systems are used to make decisions that have a substantial impact on individuals. Additionally, SB 1188, which was signed into law on June 20, 2025 and effective September 1, 2025, introduces certain requirements for healthcare providers using AI in a diagnostic context and also prohibits physical offshoring of electronic medical records.
Traiga: A statewide framework for responsible AI
Traiga places restrictions on how AI Systems' Texas institutions, developers and deployers can use AI systems. These restrictions extend to members of the healthcare industry. In particular, Traiga requires that the use of the AI system be disclosed to patients (or their personal representatives) if their healthcare provider utilizes such systems to diagnose or treat patients. In a clinical setting, this disclosure is not subject to emergencies, prior to or during the interaction, where it is necessary to provide as soon as reasonably possible. This requirement is intended to ensure that patients are aware when AI is involved in care, allowing informed decisions such as whether to seek care from another provider.
In addition to disclosure requirements, Traiga contains provisions that prohibit the use of AI with specific intent to discriminate against individuals based on protected characteristics. However, the law makes it clear that different influences alone are not sufficient to establish discriminatory intent. This is a distinction that may shape the way healthcare algorithm bias is evaluated. The law also addresses the use of biometric data in AI systems, but these restrictions apply only to government agencies. Specifically, it prohibits government agencies from using AI to identify individuals via biometric data without consent. In particular, biometric data used for healthcare treatment, payment, or operations under the Health Insurance Portability and Accountability Act (HIPAA) are excluded from this definition. Beyond these substantive provisions, Traiga places governance obligations on organizations developing or deploying AI systems. Healthcare providers should review internal policies and procedures to assess and mitigate risks, maintain documentation, and ensure human surveillance in AI-assisted decision-making. The enforcement agency is based on the Texas Attorney General, who is authorized to investigate violations and impose civil penalties.
Texas SB 1188: AI in healthcare and data localization
SB 1188 introduces a targeted obligation to healthcare providers using AI. Specifically, the law states that licensed practitioners can use AI to support diagnosis and treatment planning. provided The following requirements are met: 1) Providers must act within the scope of their license, regardless of their use of AI. 2) The use of AI is not prohibited by law. Therefore, the bill essentially requires providers to review AI-generated records or recommendations and make the ultimate medical decision according to the provider's scope of practice. Additionally, SB 1188 imposes strict data localization delegation that prohibits physical offshoring of electronic medical records. This requirement applies not only to records stored directly by healthcare providers, but also to records maintained by third-party vendors or cloud service providers. Additionally, the covered entity must ensure that such records are accessible only to individuals whose work responsibilities require access to treatment, payment, or medical activities, and implement reasonable management, physical and technical protection measures to protect the confidentiality, integrity and availability of patient data.
Looking ahead
Traiga and SB 1188 reflect the growing role of Texas in shaping state-level AI regulations, particularly in the health sector. These laws demonstrate a deliberate effort to balance technological advancements with patient and consumer protection. As these requirements become effective, businesses and healthcare providers operating in Texas should begin reviewing AI systems, patient policies and data processing practices to ensure compliance. Furthermore, as AI use continues to evolve and further adoption in healthcare, healthcare businesses and providers will need to determine whether intentional use of AI is compliant with these laws at the time of implementation and future.
Holland & Knight continues to monitor development in the healthcare and AI governance sectors, and can be used to help clients navigate this evolving legal landscape. For more information or questions regarding the establishment of HB 149, SB 1188 or similar laws and regulations, please contact the author.
