Modernizing federal regulation: Harnessing AI to improve clarity and reduce burden by Thomas J. Kessler 

View all articles 

 

Since the mid-1970s, the amount of government regulation has grown significantly. While regulations proposed years ago may have had only a few paragraphs explaining the rationale or reasons for the regulations, nowadays the same regulation could include pages of rationale for one section and perhaps even one provision. The Centers for Medicare & Medicaid Services (CMS) is not immune to these changes. The annual payment rules regularly reach or exceed 1,000 pages. With almost 37 years in the federal government, I have had the opportunity to work in several areas of CMS. With each stop, I learned a new area of law along with supporting regulations and subregulatory guidance.

Many of CMS’s regulations include language written before desktop computers existed — regulations with inherently contradictory requirements, provisions duplicated across multiple sections, and paragraphs that sent readers into endless loops. Many terms had become outdated or were replaced decades ago without the regulations being updated, and some program requirements existed only in the preamble. These issues often impede both compliance and effective program administration.

As a government employee, I always believed that our roles were more than just writing regulations. Our true mission was to write regulations that were logical, clear, and accessible, so any reader could understand both the language and the requirements behind it.

Learning from the past: The QIO regulations

A significant modernization effort occurred in 2012 involving updates to the Quality Improvement Organization (QIO) regulations.1 The QIO program was originally known as the Professional Standards Review Organization program, and its first regulations were published in 1979.2 For context, those rules were written just two years after the Apple I computer was first sold and one year after the landmark Privacy Protection Study Commission’s report, Personal Privacy in an Information Society.

The QIO program evolved over time, but the core regulations remained largely untouched. In 2012, it was clear that the outdated regulatory provisions were impeding the need to make improvements to the program, and that the regulations no longer reflected operational reality. The revision process took months of reading and cross-referencing decades of Federal Register publications and ensuring consistency with more recent laws.

The effort ultimately produced a more logical regulatory structure, eliminated obsolete requirements, implemented changes that allowed improved oversight of the QIOs, and introduced new concepts such as “immediate advocacy,” an alternative dispute resolution process designed not only to decrease the processing time of beneficiary complaints but give beneficiaries increased satisfaction over the resolution of their complaints. The outcome was a modernized and much more usable regulation — one that better reflected both statutory intent and practical implementation.

The cost of preamble-only requirements

When the Reporting Hospital Quality Data Annual Payment Update (RHQDAPU) program was established, staff began publishing the RHQDAPU requirements in preamble language through one of the annual payment rules. No regulatory text existed, which meant staff were essentially rewriting the same language annually.

This was not only inefficient but also created risks for external stakeholders. When compliance officers, hospital administrators, or attorneys reviewed preamble language, even a minor change in word choice from one year to the next could cause confusion — or worse, be interpreted as a policy shift. In reality, some changes might have been no more than a new staff member who preferred one word over another. Ultimately, the preamble requirements were converted into regulatory text. This stabilized the program, reduced ambiguity, and freed staff to focus on substantive program improvements. It is a practical example of how clarity and consistency reduce both administrative burden and compliance risk.

A push toward consistency: Grievance procedures

Sometime later, leadership requested that an “omnibus” regulation be written to address the individual provider grievance processes required in the provider Conditions of Participation. As a starting point, all grievance requirements were cataloged across provider types. Until then, the regulatory approach was a patchwork — each provider type had slightly different grievance rules, even when the underlying statutory requirement was the same.

By developing a unified set of procedures, meaningless differences were eliminated, compliance was simplified for providers, and filing a grievance was easier for beneficiaries. Although ultimately, the regulation was not published due to competing priorities, it demonstrated how internal regulatory reform could directly improve provider experience and beneficiary understanding.

The challenge of Part 410: A case study in complexity

A similar effort followed with 42 CFR Part 410, one of CMS’s more complex and frequently cited sets of regulations. Part 410 defines numerous professional roles, including “physician,” “attending physician,” “treating physician,” and “ordering physician.” The word “physician” appears more than 400 times, and the term is often defined slightly differently or inconsistently referenced to Section 1861(r) of the Social Security Act.

By developing a unified set of procedures, meaningless differences were eliminated, compliance was simplified for providers, and filing a grievance was easier for beneficiaries.

These inconsistencies create a minefield for anyone trying to interpret the rules, from CMS contractors to provider compliance teams. To address this, I drafted a complete rewrite of Part 410 that consolidated all definitions at the beginning and ensured that any differences between them were meaningful. However, as with many reform efforts, limited resources and interdepartmental coordination challenges prevented its advancement. Yet, the purpose and final product are a model for how agencies could modernize entire parts of regulation for clarity and usability.

Instead of replacing regulatory experts, AI could augment them, freeing staff to focus on policy judgment and substantive review rather than clerical or repetitive tasks.

Why regulations stay outdated

The problems previously described are not unique to CMS. All federal agencies face the same challenge: balancing the need to issue new regulations or update individual provisions with the reality that few resources exist to comprehensively review and modernize existing regulations. Once a regulation appears to “work,” it is often left untouched, even as inconsistencies accumulate and clarity fades. This is why outdated or contradictory language persists for decades.

Comprehensive regulatory rewrites are resource-intensive and traditionally require months of meticulous cross-referencing and legal analysis. Agencies often assume that large-scale revisions are too resource-intensive to justify. As a result, agencies often consider such efforts impractical, if not impossible, particularly when facing budget and staff reductions. Every center and office within CMS has a “wish list” of regulatory changes to be made if the more pressing, higher-priority initiatives can be completed. Yet, the view that revising an entire part could take months of staff time and extensive legal review deserves reconsideration. What if that process could be accelerated without compromising quality? This is possible given recent advances in AI.

AI: Potential regulatory modernization

AI is an opportunity that meets the needs of agencies confronting staffing reductions, lower budgets, and increasing responsibilities. Tasks that once took months can now be accomplished in minutes. Imagine copying an entire part — such as Part 410 — into an AI tool and asking it to identify redundant definitions, outdated references, and inconsistent terminology. Within moments, the system could generate a detailed analysis highlighting every internal inconsistency, cross-reference error, and obsolete citation in the original version.

AI could even propose a new, restructured version while preserving the necessary legal meaning of the content. With proper oversight, human subject matter experts could review, validate, and finalize AI-generated drafts. Instead of replacing regulatory experts, AI could augment them, freeing staff to focus on policy judgment and substantive review rather than clerical or repetitive tasks.

Agencies already rely on digital tools to manage rulemaking workflows and comment processing. Expanding those systems to include AI-assisted text analysis is a logical and necessary next step. By integrating AI early in the drafting process, agencies could improve internal consistency, reduce legal risk, and significantly accelerate the pace of reform.

A smarter, simpler future

There has never been a better time to apply the principle: “Work smarter, not harder.” For decades, federal agencies have operated under immense pressure to produce and maintain an ever-growing body of regulation. With AI, the opportunity exists not only to reduce regulatory burden but improve the clarity, usability, and trustworthiness of those rules.

My experience across CMS taught me that the quality of a regulation is not measured by its length or complexity, but by its clarity and practicality. AI, if implemented thoughtfully, could help agencies finally realize that goal — turning decades of outdated and fragmented language into clear, coherent, and accessible guidance for the public we serve.

Guardrails and trust

There is certainly potential in using AI, and successes are already out there. That said, AI’s potential in no way means humans are not needed. Risks still exist, and human oversight must not go away. The hope is that certain staff can be freed up to work on ways to improve the Medicare program and, perhaps, the Medicaid program as well. Even with that, other staff will still be needed to ensure the newly updated regulations are correct. AI cannot be left to police or manage itself, and this point has already been made. Recently, there has been at least one story of a lawyer using AI to write a complaint submission.3 The lawyer quickly learned that there are still humans on the other end who checked the citations and learned that AI had hallucinated, i.e., “made up” the citations. This is why caution is needed, and guardrails must be in place.

There will obviously be hesitation in any such drastic move. Leadership will need to be bold and willing to take risks, a fact that the federal government has acknowledged. At the same time, care must be taken so that agencies do not lose the public’s or Congress’s trust. Focus must be maintained on the issues of governance, risk, and public trust in using AI.4, 5

These concerns have been reinforced by the Treasury Inspector General for Tax Administration and the Government Accountability Office, which have focused on accountability, the use of governance boards, and risk management.6, 7 Thus, a well-structured plan must be developed with prominent guardrails to ensure programmatic oversight and trust is maintained.

This plan, along with the use of guardrails, should ensure that new regulatory text — whether intended to replace existing text or Again, we must approach the address existing gaps — is properly use of AI in a forward-thinking prioritized prior to implementation. manner so we do not regret it later. Any unintended consequences If handled appropriately, the result should also be thoroughly accounted will be a significantly smaller body for — no matter how unlikely they of Medicare regulations that actually may seem — particularly those address Medicare requirements related to individual rights and more thoroughly, more clearly, privacy. As we already know, AI and include more regulatory hallucinations are real, and “notice requirements than exist now. This and comment” rulemaking must last piece is particularly impactful continue to be required. Using AI when considered in light of the Azar does not mean that differences of v. Allina Health Services decision.8 opinion will go away or that they The judgment of experienced policy are no longer important enough professionals will still be required, to recognize. The public must but made much easier through AI have a say. augmentation.

Endnotes

1. Office of Inspector General —Health Care; Medicare and Medicaid Programs; Peer Review Organizations: Name and Other Changes —Technical Amendments, 44 Fed Reg. 32,074 (June 4, 1979), https://www.govinfo.gov/content/pkg/FR 2002-05-24/pdf/02-12242.pdf . 

2. PSRO Hospital Review; Relationship of PSRO to Hospitals and Use of Hospital Review Committees, Norms for PSRO Hospital Review, 67 Fed Reg. 36,539 (May 24, 2002), https://www.govinfo.gov/content/pkg/FR-1979-06-04/pdf/FR 1979-06-04.pdf . 

3. Jon Brodkin, “Judge admits nearly being persuaded by AI hallucinations in court filing,” Ars Technica, May 14, 2024, https://arstechnica.com/tech-policy/2025/05/judge-initially-fooled-by-fake-ai-citations-nearly-put-them-in-a-ruling/ . 

4. Shalanda D. Young, “Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence,” Office of Management and Budget, Memorandum M-24-10, March 28, 2024, https://www.whitehouse.gov/wp-content/ uploads/2024/03/M-24-10-Advancing-Governance-Innovation-and-Risk-Management-for-Agency-Use-of-Artificial Intelligence.pdf . 

5. Rusell T. Vought, “Accelerating Federal Use of AI through Innovation, Governance, and Public Trust,” Office of Management and Budget, Memorandum M-25-21, April 3, 2025, https://www.whitehouse.gov/wp-content/ uploads/2025/02/M-25-21-Accelerating-Federal-Use-of-AI-through-Innovation-Governance-and-Public-Trust.pdf . 

6. Treasury Inspector General for Tax Administration, Governance Efforts Should Be Accelerated To Ensure the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, Report Number: 2025-IE-R003, November 12, 2024, https://www.tigta.gov/sites/default/files/reports/2025-08/2025ier003fr_3.pdf . 

7. Government Accountability Office, Artificial Intelligence: Generative AI Use and Management at Federal Agencies , Report to Congressional Requesters, GAO-25-107653, July 2025, https://files.gao.gov/reports/ GAO-25-107653/index.html?_gl=1*1efci7a*_ga*MTUyODAwNDUxNS4xNzY3OTEwNzQ5*_ga_ V393SNS3SR*czE3Njc5MTA3NDgkbzEkZzAkdDE3Njc5MTA3NDgkajYwJGwwJGgw . 

8. Azar v. Allina Health Servs., 139 S. Ct. 1804 (2019), https://www.supremecourt.gov/opinions/18pdf/17-1484_4f57.pdf. 

Takeaways

  • Federal regulations often contain outdated, inconsistent, or redundant language that complicates compliance and enforcement. 
  • AI can dramatically accelerate the identification and correction of regulatory inconsistencies, saving agencies time and resources. 
  • AI should be viewed as a complement — not a replacement — for the judgment and expertise of experienced policy professionals. 
  • Modernizing regulatory text with AI could improve clarity for both agency staff and the regulated community, fostering greater compliance and transparency. 
  • The long-standing goal of “working smarter, not harder” does not mean guardrails are not needed to protect the public from the harms of using AI, and caution must be used as we move forward. 

March 2026 | Compliance Today 

 

View all articles 

 

Copyright © 2025 Health Care Compliance Association (HCCA). All rights reserved. All information provided through this site, including without limitation all information such as the "look and feel" of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms of Use and Privacy Statement.