ADLM supports FDA effort to develop regulations for AI medical devices

The Association for Diagnostics & Laboratory Medicine (ADLM) has endorsed the Food and Drug Administration’s (FDA) efforts to develop an appropriate regulatory framework for medical devices that utilize artificial intelligence (AI). In a letter addressed to the FDA’s Digital Health Center of Excellence, the association offered several comments to assist the agency in this endeavor.

This contributes to a developing effort in the healthcare industry to govern healthcare AI amidst a lag in federal regulations. With legislators unlikely to pass a comprehensive law on the technology anytime soon, the Coalition for Health AI recently partnered with the Joint Commission to release high-level guidance to aid health systems in the responsible adoption of AI. The Utilization Review Accreditation Commission also launched a health AI accreditation program with two tracks, one for AI developers and another for AI users.

As for ADLM, its letter recommended that, when developing an AI oversight framework, the FDA should draw on lessons learned from the rigorous quality systems that clinical laboratories use to ensure test accuracy and reproducibility. Specific suggestions the association made include the following:

• All AI tools integrated with the performance of clinical laboratory tests should undergo a robust validation process similar to that which is used for laboratory tests themselves. This validation process should be used to characterize AI tools’ performance and ensure safety for clinical use prior to use in patient care.
• Like laboratory quality systems, AI medical devices should undergo external evaluation via a third-party that assesses the accuracy of their performance. This mode of validation could be particularly helpful for AI tools that adapt over time.
• AI algorithms used in the performance of laboratory testing should also be subject to validation and verification protocols. Like any clinical laboratory test system, the use of these algorithms beyond the validated protocols should be restricted.

Finally, ADLM urged the FDA to include clinical laboratorians in the oversight of AI algorithms used in ordering and interpreting laboratory tests. Laboratorians understand the nuances of the performance and reporting of clinical laboratory testing, which is essential to mitigating the impact of variables that could cause AI tools to deviate from expected performance specifications.

Bill proposed that could gain Medicare recognition for genetic counselors

The National Society of Genetic Counselors (NSGC) recently reintroduced a bill to Congress that would allow its members to bill Medicare.

The bill, H.R. 6280, which was introduced by U.S. Reps. Adrian Smith (R-Neb.) and Kathy Caster (D-Fla.), directs the Centers for Medicare and Medicaid Services to recognize genetic counselors as medical providers, allowing them to receive direct Medicare reimbursement. The bill requests that genetic counselors receive recognition specifically under Medicare Part B, which would allow direct beneficiary access to genetic counseling services.

Although genetic counselors do not currently receive Medicare recognition, other types of providers, including nurse practitioners and physician’s assistants, can bill Medicare for genetic counseling services, even if they lack the master’s degree-level genetics training that certified genetic counselors have. Medicare’s lack of recognition has prompted some genetic counselors to question the value of the “genetic counselor” title.

Genetic counselors play a significant role in genetic testing. “[They] serve as connectors to the personalized care that could make all the difference for Medicare patients and their families facing diseases like hereditary cancer and Alzheimer's disease," Sara Pirzadeh-Miller, president of the NSGC and a cancer genetic counselor in Texas, said in a statement.

A counterpart bill, sponsored by Sens. John Barrasso (R-Wyo.) and Peter Welch (D-Vt.) will be introduced in the U.S. Senate in the coming months, NSGC said.

Report reveals privacy weaknesses in NIH cybersecurity for All of Us patient data

A recent report from the Office of Inspector General (OIG) identified shortcomings in cybersecurity measures intended to protect participants in the National Institutes of Health’s (NIH) All of Us Research Program.

The Data and Research Center (DRC) houses the program’s participant data and is maintained by Vanderbilt University Medical Center (VUMC), which received an NIH award to support managing it. In early November 2025, the OIG conducted an audit to examine whether the NIH ensured that VUMC had adequately limited access to research data, implemented required information security and privacy controls, and remediated information security and privacy weaknesses in accordance with federal requirements.

Based on the audit’s findings, the OIG determined that, while VUMC had implemented some cybersecurity controls to protect participant data, NIH did not ensure that VUMC limited the access of authorized data users to the research data in accordance with the program’s policies; communicate with VUMC about national security concerns associated with maintaining genomic data in order to enable the appropriate selection of privacy cybersecurity controls; or ensure that security and privacy weaknesses were remediated within federally required timeframes.

The OIG issued five recommendations to NIH to improve its oversight of the All of Us Research Program’s DRC. These recommendations urged NIH to:

• Require that VUMC implement access controls to prevent internal users from accessing systems while abroad without verified approval.
• Require VUMC to implement a control to prevent the downloading of detailed participant data as required by the All of Us Data Use Policies.
• Formally communicate national security concerns related to maintaining genomic data to All of Us award recipients that use or maintain it.
• Require VUMC to reevaluate the security categorization for the DRC and DRC Researcher Workbench information systems considering these national security concerns.
• Require VUMC to update the remediation timeframe in its system security plans to comply with the timeframes in its award agreement with NIH.

In a written response to the audit, the NIH concurred with all five of the OIG’s recommendations and described actions that it and VUMC have taken and plan to take to address them.