Prior authorization is the workflow that manages to unite the entire healthcare ecosystem in frustration. Providers hate it because it delays care and imposes administrative cost. Members hate it because it creates uncertainty about whether their prescribed care will be covered. Regulators scrutinize it because of evidence that it generates inappropriate denials. Even the health plans running it mostly don't love it — it consumes significant operational resources to administer something that providers and members perceive as hostile.
At the same time, prior authorization serves a real function. It identifies requested services where evidence of medical necessity is unclear, where less-costly alternatives exist, or where practice patterns warrant review. Done well, it steers care toward better outcomes and prevents spend that doesn't produce health benefit. Done badly, it's an obstacle course that rewards persistence over clinical judgment.
Generative AI is reshaping the prior authorization workflow. The potential is real — and so is the regulatory risk of doing it wrong.
Where generative AI helps, specifically
| Workflow step | Traditional approach | GenAI-enhanced approach |
|---|---|---|
| Intake of submission | Manual review of submitted form and attachments | AI extracts clinical data from documents, populates structured review |
| Criteria matching | Reviewer looks up applicable criteria manually | AI identifies applicable criteria based on request type |
| Evidence review | Reviewer reads clinical notes to find criteria elements | AI identifies evidence in notes, highlights for reviewer |
| Determination | Reviewer applies clinical judgment to criteria | Reviewer applies clinical judgment; AI assists with consistency |
| Documentation | Reviewer writes rationale | AI drafts rationale from decision elements; reviewer edits |
| Communication | Standard letter generated | Member and provider communication personalized to case |
| Appeals handling | Full re-review if appealed | Original rationale and evidence accessible; targeted re-review |
The approval path vs. the denial path
The most important distinction in prior authorization AI is approval vs. denial. The regulatory and clinical ethics of these are not symmetric.
Approvals can be automated with significantly less risk. If the submitted documentation clearly meets the criteria, automating the approval decision reduces turnaround time and administrative burden without denying anyone care. Approvals can be issued in seconds or minutes. This is pure improvement.
Denials are different. Denial means the plan will not cover care that a provider has determined to be appropriate. Denial decisions require — legally and ethically — meaningful clinical review by a qualified reviewer. AI can inform and support that review; it should not replace it.
CMS has explicitly stated that AI cannot be the sole basis for denial of care in Medicare Advantage
State regulators have issued guidance that prior authorization denials require clinical review by qualified professionals
Major class-action litigation has targeted payers alleged to have used automation inappropriately to deny care
ERISA and other federal frameworks require specific reviewer qualifications for coverage determinations
Consumer-facing news coverage has made this a reputation issue as much as a compliance issue
The practical takeaway: automate the approval path aggressively; keep a meaningful human reviewer for denial decisions
What appropriate clinical review looks like
Meaningful clinical review, as regulators and courts are increasingly defining it, has specific characteristics. AI-assisted review can meet these requirements; AI-only decision-making cannot.
- Qualified reviewer. A licensed clinician appropriate to the type of service — a board-certified physician in the relevant specialty for specialty determinations, a pharmacist for drug reviews, etc.
- Individualized assessment. The reviewer considers the specific patient's clinical situation, not just whether the submission checks criteria boxes.
- Access to clinical records. The reviewer has the information needed to make the decision — medical records, prior treatments, contraindications.
- Clinical judgment applied. The decision reflects application of medical judgment, not just rule-based denial.
- Documentation of reasoning. The determination includes clinical rationale that can be explained, defended in appeals, and potentially reviewed in litigation.
- Peer-to-peer availability. The ordering provider can reach the reviewer to discuss the decision, not just receive a denial notice.
The specific places generative AI shines
Within this governance framework, generative AI has several specific applications that are clearly valuable.
- Clinical documentation review. A typical prior authorization submission includes clinical notes, often many pages long. AI can read these notes and extract the specific evidence relevant to the criteria — saving the reviewer significant time and reducing cases where evidence was missed.
- Criteria navigation. Medical necessity criteria are extensive. AI can identify which specific criteria apply to a request and surface the relevant elements for the reviewer.
- Prior decision retrieval. For members with history, previous authorization decisions and their rationale inform current decisions. AI can surface this context for the reviewer.
- Consistency checking. AI can flag when a proposed decision differs from patterns in similar cases. This is a quality assurance tool — not to override the reviewer but to prompt consideration.
- Documentation drafting. The written rationale for a decision is often drafted from scratch. AI can draft the rationale from the decision elements, which the reviewer edits — significantly reducing administrative time per case.
- Member and provider communication. The letters and calls communicating decisions can be made clearer, more personalized, and more useful. A denial letter that explains exactly what evidence was considered and what would satisfy criteria helps providers and members more than generic templates.
The CMS interoperability mandate
The CMS interoperability and prior authorization rule (CMS-0057) is reshaping prior authorization workflows. Key provisions are phasing in between 2026 and 2027, including requirements for electronic prior authorization APIs, standardized data exchange, specific decision timeframes, and reporting on prior authorization metrics.
- Electronic prior authorization APIs. Payers must support FHIR-based APIs for prior authorization submission, status, and decision retrieval.
- Decision timeframes. Standard requests within 7 days; urgent within 72 hours. Automation is how plans meet these reliably.
- Standardized data exchange. Required data elements and formats reduce the friction between providers and payers.
- Public reporting. Prior authorization metrics — approval rates, denial rates, appeal overturn rates, turnaround times — will be publicly reported. The public scrutiny will drive behavioral change.
The cost vs. care trade-off, honestly
A candid statement that not every vendor and not every consultant will make: the business of prior authorization is in part a cost containment function. Some of the denials serve a legitimate purpose (care of dubious medical value, genuinely higher-cost options when lower-cost equivalents exist). Some are the plan saying "we hope the provider or member gives up rather than submit an appeal."
The second category is where the industry has gotten itself in trouble. Plans that optimize for denial rates as a cost metric — rather than appropriateness as a clinical metric — create regulatory exposure and reputation damage. The generative AI implementations that will succeed long-term are the ones that use the technology to make the process more appropriate, not to make denial easier.
This is a cultural question as much as a technology question. The technology can support good decisions or it can support bad decisions at scale. Leadership intent matters.
Measurement that actually reflects quality
The metrics that health plan leadership watches for prior authorization operations matter. Some metrics drive behavior that matches public interest; some drive behavior that conflicts with it.
- Appeal overturn rate. When denials are appealed and external reviewers overturn them, the original decision was wrong. High overturn rates indicate systemic issues with original decisions.
- Turnaround time. Both the timeline the plan commits to and the actual performance. Fast turnaround on approvals is good; fast turnaround that reflects cursory review is not.
- Peer-to-peer engagement rate. When providers request peer-to-peer discussion, it means they disagree with the decision. Rates and outcomes indicate quality.
- Provider satisfaction. Measured honestly, through survey or interaction analysis.
- Member harm indicators. Delays in care, abandoned treatment plans, adverse outcomes traceable to PA processes.
- Regulatory action. Enforcement actions, settlements, and examination findings that the plan has accumulated.
Prior authorization is undergoing significant change. The technology is advancing. The regulatory environment is tightening. Public expectations are rising. Plans that use generative AI to make PA more efficient and more appropriate will reshape an industry friction point for the better. Plans that use it to scale problematic practices will face an increasingly hostile operating environment. For leadership teams mapping where utilization management and prior authorization sit within the broader health plan operating model, the Insurance Capability Model shows the capability dependencies — clinical review, documentation systems, provider communication, regulatory compliance — that determine whether AI-enhanced prior authorization becomes a differentiator or a liability.