The Prior Authorization Machine Becomes the Care Gate
When prior authorization is automated, the gate between medical judgment and covered care becomes a model-mediated institution. The question is not only whether a machine denies care. It is who must fight the machine-shaped process before care can happen.
The Gate Before Care
Prior authorization is one of the least mystical and most powerful interfaces in American health care. A clinician recommends a medication, procedure, device, facility stay, imaging study, therapy course, or post-acute placement. Before the service is covered, the payer asks for advance approval. The patient experiences the result as waiting, paperwork, delay, denial, resubmission, appeal, abandonment, or eventual care.
The administrative theory is straightforward: some services are unnecessary, unsafe, unsupported, miscoded, fraudulent, or too costly without review. A payer gate can prevent waste and protect patients from low-value care. That justification should not be dismissed. Health care does contain overtreatment, fraud, poor documentation, and perverse billing incentives.
But a gate is still a gate. It can protect, ration, delay, intimidate, and exhaust. Once enhanced technology, predictive models, automated workflows, and AI-assisted review enter the process, prior authorization becomes a high-control interface: a structured passage through which medical judgment must be translated into machine-readable evidence before the institution will pay.
The danger is not a cartoon in which a chatbot coldly says no. The more ordinary danger is a distributed system that makes denial cheap, appeal costly, accountability diffuse, and delay administratively normal.
The Scale of Denial
KFF's January 2026 analysis of federal data reported that Medicare Advantage insurers made nearly 53 million prior authorization determinations in 2024, up from 49.8 million in 2023. They fully or partially denied 4.1 million requests, or 7.7 percent. Only 11.5 percent of denied requests were appealed, but 80.7 percent of those appeals were partially or fully overturned.
Those numbers matter because they reveal two different burdens. The first burden is the denied request. The second is the appeal path that most people never use. If more than four million Medicare Advantage requests are denied in a year, but fewer than one in eight denials is appealed, then appeal statistics describe a narrow surviving population: patients and providers with enough time, knowledge, documentation, staff, stamina, and clinical urgency to keep going.
The high appeal-overturn rate does not prove that every initial denial was wrong. Some requests may have been missing documentation that later arrived. But it does show that many denied services ordered by clinicians were ultimately approved after additional friction. In a medical setting, delay is not neutral. A postponed rehabilitation placement, imaging study, medication, or procedure can change a patient's recovery path.
The burden is visible in clinician surveys as well. The AMA's 2025 physician survey, based on 1,000 practicing physicians, reported that 95 percent said prior authorization delays access to necessary care, 79 percent said it can at least sometimes lead to treatment abandonment, and 94 percent said it somewhat or significantly increases physician burnout. The survey is from a professional association with a clear advocacy position, so it should be read as stakeholder evidence rather than detached measurement. But it gives a consistent account of where the work lands: in clinics, staff time, patient waiting, and appeal decisions.
Automation Enters the Gate
The automation question became harder to ignore after investigations into Medicare Advantage denials for post-acute care. In October 2024, the U.S. Senate Permanent Subcommittee on Investigations released a majority staff report examining UnitedHealthcare, Humana, and CVS. The report found that between 2019 and 2022, all three denied prior authorization requests for post-acute care at much higher rates than for other care. It reported that in 2022, UnitedHealthcare and CVS denied post-acute prior authorization requests at about three times their overall prior authorization denial rates, while Humana's post-acute denial rate was more than 16 times its overall rate.
The same report described UnitedHealthcare's post-acute denial rate rising from 10.9 percent in 2020 to 22.7 percent in 2022 as naviHealth managed post-acute care for many Medicare Advantage members. It cited internal materials involving auto-authorization, machine learning, and nH Predict, an algorithmic tool linked in reporting to post-acute placement and length-of-stay decisions. For CVS, the report described a Post-Acute Analytics program using artificial intelligence to reduce spending on skilled nursing facilities. The companies and industry groups disputed aspects of the report, and the report itself was a majority staff product rather than a court finding. Still, it put a concrete governance problem on the record: technology can make the denial process faster, more targeted, and less visible from the patient's side.
HHS OIG had already identified a pre-AI version of the same problem. In a 2022 review of a sample of denials by 15 large Medicare Advantage organizations, OIG found that 13 percent of prior authorization denials met Medicare coverage rules and likely would have been approved under Original Medicare. OIG pointed to causes including the use of clinical criteria not contained in Medicare coverage rules and cases where reviewers said documentation was insufficient even though OIG reviewers found the medical records adequate.
That is the institutional context into which AI arrives. Automation does not invent the gate. It changes the gate's capacity, speed, targeting, evidence demands, and appearance of objectivity.
WISeR and Traditional Medicare
CMS is now testing a related model inside Original Medicare. The Wasteful and Inappropriate Service Reduction model, or WISeR, runs from January 1, 2026 through December 31, 2031 in six states: Arizona, New Jersey, Ohio, Oklahoma, Texas, and Washington. CMS says the model uses enhanced technologies, including AI and machine learning, along with human clinical review, for selected items and services that raise concerns about waste, fraud, abuse, inappropriate use, patient safety, or low-value care.
The operational guide says that for services rendered on or after January 15, 2026, affected providers and suppliers can either submit a prior authorization request or provide the service and undergo pre-payment medical review. The model does not change Medicare benefits or coverage requirements, and CMS says existing National Coverage Determinations and Local Coverage Determinations remain the governing criteria.
CMS also builds in procedural safeguards. The guide says WISeR participants will aim to make prior authorization determinations within three calendar days, or two days for expedited requests. It says non-affirmed prior authorization decisions can be resubmitted without limit before a claim is submitted, and that appeal rights remain available after a payment denial. It also requires human clinicians with relevant expertise to review non-affirmations before they are issued.
Those details are important because they show the state trying to turn automation into a governed workflow rather than an unbounded denial machine. But they also show how the interface thickens. A clinician now has to supply the right codes, documentation, coverage rationale, clinical history, and request timing to a technology participant operating between the provider and Medicare payment. A patient may be told that benefits have not changed while the path to payment has changed substantially.
Human Review Is Not Enough
"A human clinician reviews denials" is a necessary safeguard. It is not a complete governance model.
Human review can become a rubber stamp when the surrounding system rewards speed, savings, volume, consistency with model output, or strict adherence to templates. It can become symbolic when reviewers see only a compressed case file rather than the patient's clinical situation. It can become procedural cover when the patient cannot see what evidence mattered, what rule was applied, what the model flagged, or how to correct the record.
This is a familiar pattern in model-mediated institutions. A model does not need final authority to shape the decision. It can rank cases, prefill rationales, highlight suspected deficiencies, suggest likely noncompliance, route the file, estimate cost, compare against expected length of stay, or make approval feel exceptional. The human reviewer then enters a decision environment already arranged by the machine.
The relevant question is therefore not, "Did the AI deny care?" It is, "How did the automated system structure the work of denial, approval, delay, documentation, and appeal?"
The Governance Standard
A serious prior authorization regime using AI or enhanced technology needs a higher standard than speed plus human review.
First, the rule base should be visible. Patients and providers need to know whether the governing standard is Medicare coverage law, a local coverage determination, a payer policy, a proprietary guideline, a vendor model, a coding edit, or a documentation checklist. If the rule cannot be named, the denial cannot be meaningfully contested.
Second, automation should be logged at the case level. The record should show whether a model, rules engine, predictive score, auto-authorization process, routing tool, or generated rationale materially shaped the review. Aggregate disclosure is not enough for the patient whose case was delayed.
Third, reviewer independence should be real. Clinicians reviewing denials should not be measured mainly by throughput, savings, conformity to model output, or denial targets. Their role should be clinical judgment under accountable criteria, not human decoration for automated utilization management.
Fourth, appeal rights should begin before exhaustion. A system that technically permits appeal while making appeal slow, obscure, or staff-intensive still governs by attrition. Notices should state the precise missing evidence, the applicable criterion, the reviewer's relevant specialty, the route for expedited review, and whether resubmission or formal appeal is the right path.
Fifth, regulators need service-level data. KFF notes that public Medicare Advantage prior authorization data are aggregated at the contract level and do not reveal variation by service or plan. The Senate report recommended more granular collection. Without service-level data, the most consequential patterns can hide inside averages.
Sixth, savings claims need access audits. If a model saves money by reducing inappropriate care, that should be demonstrable without increasing wrongful denials, abandonment, hospitalization, or delayed recovery. The metric cannot only be expenditure. It has to include patient outcome, appeal reversal, time to care, and provider burden.
The Site Reading
The prior authorization machine is a denial interface built out of paperwork, code, clinical criteria, payment incentives, and time.
It turns a doctor's order into a case. The case becomes a packet of codes and evidence. The packet enters a workflow. The workflow may be triaged by software, reviewed by a contractor, compared against policy, returned for more documentation, affirmed, non-affirmed, denied, resubmitted, appealed, or abandoned. The patient experiences this institutional machinery as a delay in the body.
That is why this belongs beside the site's earlier essays on the adverse action notice, the medical scribe, the AI audit, and the public register. Each asks the same institutional question from a different angle: when a model-mediated system affects a person's life, where does accountability become visible enough to use?
Prior authorization is especially revealing because it exposes the difference between a decision and a path. A denial is a decision. A documentation burden is a path. A model that never formally denies care can still reshape the path until only the best-resourced patients and clinics can traverse it.
The governance test is therefore practical. A patient should be able to know what rule blocked care. A clinician should be able to see what evidence would satisfy the rule. A regulator should be able to detect abnormal denial patterns by service. A reviewer should be free to override the machine-shaped path. And the institution should have to prove that speed, savings, and automation did not become a quieter way to ration care by friction.
Sources
- CMS Innovation Center, WISeR (Wasteful and Inappropriate Service Reduction) Model, reviewed May 2026.
- CMS, WISeR Model Provider and Supplier Operational Guide 6.0, May 2026.
- CMS, CMS Launches New Model to Target Wasteful, Inappropriate Services in Original Medicare, June 27, 2025.
- KFF, Medicare Advantage Insurers Made Nearly 53 Million Prior Authorization Determinations in 2024, January 28, 2026.
- U.S. Senate Permanent Subcommittee on Investigations, PSI Majority Staff Report: Medicare Advantage, October 17, 2024.
- HHS Office of Inspector General, Some Medicare Advantage Organization Denials of Prior Authorization Requests Raise Concerns About Beneficiary Access to Medically Necessary Care, April 2022.
- American Medical Association, 2025 AMA Prior Authorization Physician Survey, May 2026.
- Congressional Research Service, Overview of the Medicare Wasteful and Inappropriate Service Reduction (WISeR) Model, 2026.
- Church of Spiralism, The Adverse Action Notice Becomes the Explanation Interface, The AI Scribe Becomes the Medical Record, and The AI Audit Becomes the Compliance Interface.