What is prior authorization in healthcare: What Is Prior

April 15, 2026
Blog
15 min read

Prior authorization in healthcare is payer approval you have to secure before you render certain services, procedures, or drugs, so the insurer can decide whether it considers the care medically necessary. For a practice owner, that means prior auth isn't just a utilization review issue. It's a front-end revenue cycle control that affects scheduling, clean claims, cash flow, and patient access.

The scale is hard to ignore. Physician practices complete an average of 45 prior authorization requests per physician per week, and physicians plus staff spend 13 hours on that workload, while 34% of insured adults say prior authorization is the single biggest burden in healthcare, rising to 39% for people with chronic conditions, according to these prior authorization statistics. If your team treats cardiology imaging, orthopedic surgery, infusion drugs, or recurring behavioral health services, you already know this isn't clerical overhead. It's operational risk.

What is Prior Authorization in Healthcare

What is prior authorization in healthcare? It's a payer-mandated pre-service review process that requires your practice to submit clinical and coding documentation before the insurer will approve reimbursement for certain services.

A doctor in a white lab coat using a digital tablet to process a prior authorization form.

In plain terms, the payer is saying: “Don’t perform this service yet. Show us why it meets our rules first.”

That sounds simple. In practice, it reaches deep into scheduling, charge capture, denial prevention, and patient retention. A cardiology group ordering CPT 75574 for coronary CT angiography, an orthopedics practice planning CPT 27447 for total knee arthroplasty, or a behavioral health clinic managing recurring session approvals all face the same core problem. If authorization isn't obtained correctly, the claim may never have a realistic chance of being paid.

Why practice owners should treat PA as an RCM function

Prior auth sits before claim submission, but its consequences show up after service. They show up as:

  • Held appointments when the schedule team can't secure approval in time
  • Write-offs when an approved code doesn't match the rendered service
  • Rework when the payer asks for records already in the EHR but not attached to the request
  • Patient friction when treatment starts are delayed

Practical rule: If a service commonly needs authorization, your team should treat it like an eligibility and coding event, not a paperwork event.

Many practices still handle PA with scattered faxes, portal logins, and sticky-note follow-up. That approach breaks down fast once volume rises. A better operating model starts with standard intake rules, payer-specific documentation checklists, and an authorization tracker tied to the appointment and claim. For more operational guidance, review Happy Billing’s prior authorization resources.

The Typical Prior Authorization Workflow and Timelines

A workable PA process isn't one task. It's a chain of handoffs. If one person misses a coverage rule, diagnosis detail, date window, or servicing-provider requirement, the downstream claim suffers.

An infographic showing the typical step-by-step prior authorization workflow process in healthcare with associated timeframes.

Step 1 Service identification

The process starts when the ordering clinician or scheduler identifies that a service likely requires prior auth. This usually happens for high-cost imaging, elective procedures, specialty drugs, recurring therapies, and some outpatient surgeries.

Common triggers include:

  • Procedure code review for services such as 75574, 27447, or selected injection and surgery codes
  • Payer plan type because Medicare Advantage, Medicaid managed care, and commercial plans often differ
  • Place of service since outpatient hospital and office settings can have different rules
  • Frequency limits for repeat studies or therapy visits

A front desk team that only checks active coverage but doesn't check auth requirements leaves revenue exposed before the patient is even seen.

Step 2 Payer verification

Someone on the team must confirm the exact rule with the payer. That means more than asking whether authorization is required. It means confirming:

  • the code set being reviewed
  • diagnosis support
  • whether the rendering provider must be in network
  • whether the servicing location must match the request
  • whether modifiers affect the review
  • whether the request must be submitted through a portal, fax, or electronic transaction

For procedure-heavy specialties, payer verification should happen before the date of service is finalized.

A good verification note answers three questions: Does this service need PA, what exactly must be submitted, and how long is the approval valid?

Step 3 Documentation assembly

Many requests fail under such circumstances. The chart may support the service, but the submission package doesn't.

A solid PA packet often includes the ordering note, diagnosis details, prior treatment history, imaging or test results, and the precise procedure code. For cardiology, that may include stress-test findings. For orthopedics, it often means documenting failed conservative treatment before surgery. For mental health, it may mean plan-of-care detail and session frequency support.

A few code-level examples matter here:

Specialty Example code Common documentation issue
Cardiology 75574 Missing evidence supporting advanced imaging necessity
Orthopedics 27447 Inadequate documentation of failed conservative care
Behavioral health Session-based services Missing frequency or treatment plan detail

Step 4 Submission and tracking

The request goes to the payer through its required channel. That may be a portal, fax workflow, or emerging API-based workflow. The key is that submission isn't the finish line. It's the start of tracking.

Your tracker should capture:

  • Submission date
  • Requested CPT or HCPCS code
  • Diagnosis code set
  • Payer reference number
  • Status such as pending, approved, denied, or request for information
  • Expiration dates tied to the authorization

Without that log, staff end up calling payers repeatedly and still missing decision windows. Practical workflow changes like these are also part of broader revenue cycle workflow improvements.

Step 5 Determination and scheduling impact

The payer sends a determination letter. That letter may approve, deny, or request more information. The details matter. The approval may be limited by code, units, provider, place of service, or date range.

If the practice performs a different service than the one approved, payment can still fail. If the authorization expires before the visit or surgery date, the claim can fail. If the rendering provider differs from the approved provider, the claim can fail.

Step 6 Appeal or service delivery

Once approved, scheduling and billing have to use the exact authorization details. If denied, the appeal should focus on the payer’s stated reason, not a generic “please reconsider” letter.

For CMS-related timelines, the expedited path is commonly tied to 72 hours, while standard review is often measured in days rather than minutes under payer processes discussed in CMS-related interoperability materials. In real operations, practices still see delays when records are incomplete, portals reject attachments, or RFIs sit unanswered.

Navigating Payer Variations and Documentation Requirements

Prior authorization rules aren't uniform. That's why a process that works for one payer fails with another, even when the same physician orders the same service for the same diagnosis.

A healthcare professional analyzing prior authorization paperwork on multiple computer screens and physical file folders at a desk.

Medicare Advantage Medicaid MCOs and commercial plans

Medicare Advantage tends to be highly structured. Medicaid managed care often varies by state and plan administrator. Commercial payers may have the most portal variation and the most service-line-specific edits.

The operational difference is this: your staff can't rely on a generic “auth required” flag. They need payer-specific rules tied to the exact code, diagnosis, and servicing context.

A practice manager should expect variation in:

  • Which codes trigger review
  • Which diagnoses support approval
  • Who can order or render the service
  • Whether records must show step therapy or failed conservative treatment
  • Whether the payer wants portal entry, faxed records, or structured electronic submission

Cardiology and CPT 75574

Cardiology is where weak PA workflows get exposed quickly. Advanced imaging requests often depend on precise clinical support, not broad medical history.

According to the AMA’s discussion of prior authorization operations, a PA request for CCTA using CPT 75574 may be denied 20% of the time without evidence of a prior equivocal stress test, and a CMS Final Rule, effective in 2027, will mandate a Prior Authorization API called PARDD intended to standardize requirement discovery and reduce manual processes by 80% according to the AMA’s overview of what doctors should know about prior authorization.

That example matters because it shows what payers are really doing. They're not approving “cardiac imaging.” They're reviewing whether this exact study, under this exact coverage logic, has the required support.

If your request for 75574 doesn't show the payer's required predicate findings, the denial isn't random. It's rules-based, and your team has to answer with equally rules-based documentation.

Orthopedics and procedure justification

Orthopedic authorizations often hinge on longitudinal history. For CPT 27447, the chart usually needs a clear record of failed conservative treatment, functional limitation, imaging findings, and medical necessity for surgery at this time, not later.

This is also where modifier awareness matters. If your billing team knows a case may involve laterality, multiple procedures, assistant surgeon participation, or global-period implications after surgery, they should flag that early. The prior auth submission and final claim don't need to be identical in every field, but they do need to align clinically and operationally.

Preparing for API-driven rule discovery

The coming CMS framework matters because it pushes payer requirement discovery into electronic workflows. That won't eliminate denials by itself. It will help your team identify requirements earlier and submit cleaner packets.

A practical approach is to maintain a payer matrix that includes:

Payer category What your team should track
Medicare Advantage Service-level PA rules, validity windows, provider matching
Medicaid MCO State plan differences, referral dependencies, documentation format
Commercial Portal workflow, specialty-specific edits, code-specific medical necessity criteria

Most denials tied to documentation aren't clinical disputes. They're packaging failures. A running internal rulebook, updated from payer notices and your own denial patterns, is one of the most useful tools a manager can build. It also helps to monitor broader insurance policy updates in healthcare.

The Financial Impact of Prior Authorization on Practice Revenue

Prior auth affects revenue in two ways. First, it can block payment outright. Second, it slows payment enough to distort cash flow even when the claim is eventually recoverable.

A medical doctor reviews prior authorization cost trends on a digital tablet at a desk.

CMS data shows the scale of the issue. Medicare Advantage plans processed over 50 million prior authorization requests in 2023 and denied 3.2 million, a 6.4% denial rate. Insurers including UnitedHealthcare, Humana, and Elevance denied about 12.8 requests per 100 enrollees, nearly double the average. Only 11.7% of denials were appealed, yet 81.7% of those appeals were fully or partially overturned, according to CMS-linked prior authorization reporting summarized by the AMA.

What that means inside a practice

If a payer denies authorization for a scheduled service, your practice faces one of three bad choices:

  • delay care and leave schedule capacity underused
  • perform the service and accept reimbursement risk
  • resubmit, appeal, and add staff labor plus payment delay

None of those outcomes is a small administrative nuisance. They're margin problems.

The high overturn rate also tells managers something important. A meaningful share of denials aren't final clinical judgments. They're decisions that can be reversed if the practice has the staff time, records, and follow-up discipline to challenge them. Many groups never get that far, so the denied case turns into write-off pressure or patient collection friction.

The hidden cost isn't just denials

PA revenue leakage also shows up in:

  • A/R drag because claims sit until the approval issue is fixed
  • Staff opportunity cost because experienced employees spend time chasing portal statuses instead of preventing denials elsewhere
  • Scheduling waste because high-value procedure slots get moved or canceled
  • Patient fallout because delayed treatment can send patients to competing systems

Revenue rule: A prior auth problem is rarely isolated to one claim. It usually affects the appointment, the chart, the coder, the biller, and the patient balance conversation.

Practice owners should review PA impact alongside denial categories and days in A/R, not as a separate admin bucket. If authorizations are weak, downstream billing metrics will keep underperforming even when coding is strong.

Optimizing Your PA Process with EHR and Automation

Most PA failures come from fragmented workflows, not lack of effort. Staff are working. The system around them isn't.

Build PA tracking into the EHR

Your EHR should function as the operational source of truth for every authorization-dependent encounter. At minimum, create fields or workqueue columns for:

  • Auth required yes or no
  • Requested CPT or HCPCS
  • Submission date
  • Pending approved denied status
  • Authorization number
  • Approved units or visits
  • Effective and expiration dates
  • Rendering provider and servicing location

That sounds basic, but many practices still store approval numbers in portal screenshots, emails, or free-text notes. Then the billing team can't verify what was approved when the claim is ready.

For recurring services, use task rules. Behavioral health is a good example. A clinic with frequent authorization renewals needs alerts before approved sessions run out. This is especially relevant for practices managing high-volume utilization workflows such as mental health billing services.

Standardize the handoff from clinical staff to auth staff

The best PA workflows use a short intake packet, not open-ended chart review. The request should identify:

  • the procedure or service code
  • the diagnosis supporting medical necessity
  • prior treatment history if the payer requires step progression
  • attachments the payer expects
  • the target date of service

When the clinician leaves out the key support, the auth specialist ends up guessing. Guessing leads to denials or RFIs.

Use CRD and PAS where available

Automation matters because manual prior auth work is slow and error-prone. According to Agadia, manual prior authorization processes take over 90 minutes per request and contribute to a 10% to 15% drop in first-pass claim acceptance. Automation through FHIR-based PAS APIs can reduce that time by 70%, pre-populate documentation templates, and help practices achieve a 98%+ first-pass clean claim rate while keeping Days in A/R under 35, as described in this overview of prior authorization automation and PAS APIs.

Coverage Requirements Discovery, often called CRD, helps the practice identify whether a service requires prior auth and what documentation is needed. PAS, or Prior Authorization Support, helps transmit the request in a more structured format. In practical terms, these tools reduce portal hunting and duplicate data entry.

Automation works best when the underlying workflow is already clean. If your team submits the wrong code, wrong provider, or weak documentation faster, you'll just get denied faster.

What works and what doesn't

A few patterns show up repeatedly.

What works

  • Code-specific checklists for high-volume procedures
  • Central status tracking inside the EHR or PM system
  • Daily aging review for pending and expiring requests
  • Appeal templates mapped to common denial reasons

What doesn't

  • Inbox-driven management where follow-up lives in individual email chains
  • Portal-only visibility that billing can't access
  • Late submission after the patient is already on the schedule
  • Generic medical necessity letters with no payer-specific support

Teams exploring tech-enabled improvement should also look at broader technology for revenue cycle operations.

How to Evaluate an Authorization Management Partner

If you're considering outsourcing prior auth, don't buy a promise. Buy a process.

A capable authorization partner should be able to explain exactly how it handles procedure-specific requests, payer follow-up, appeals, and handoff back into billing. If the answer is mostly “we work denials aggressively,” that's not enough. True value is preventing the denial in the first place.

Questions that separate real capability from generic outsourcing

Ask these directly.

  • Do you have specialty-specific auth staff who understand services like 75574, surgical workflows such as 27447, and recurring authorization models in behavioral health?
  • Do you work inside our current EHR or PM system so schedulers, coders, and billers can all see the same status?
  • How do you handle denials and appeals when the payer says the service isn't medically necessary or the documentation is incomplete?
  • How do you report payer-specific trends so the practice can change front-end behavior, not just react after the fact?

The metrics that matter

A good partner should show performance using operational metrics tied to cash, not vanity statements.

Use this screen:

KPI Why it matters
First-pass approval rate Shows whether submissions are right the first time
Turnaround time Affects scheduling and date-of-service risk
Appeal resolution process Reveals whether denied cases are truly recoverable
Impact on Days in A/R Connects authorization work to cash flow
EHR documentation discipline Prevents lost approvals and mismatched claims

What a practice owner should listen for

The strongest vendors talk about workflow details. They mention payer portals, rendering-provider matching, approved date ranges, CPT-level submission logic, and escalation paths for RFIs or peer-to-peer requests.

Weak vendors stay generic. They promise “better efficiency” but can't describe how they keep an authorization number tied to the final claim or how they prevent the wrong location from being billed under an approval.

Choose the partner that can show you where errors happen, who owns each handoff, and how the process affects your schedule and A/R. Prior auth support is only valuable when it changes operational outcomes.

Frequently Asked Questions About Prior Authorization

Are Gold Card laws reducing prior authorization burden yet

Some states, including Texas and Michigan, have passed Gold Card laws intended to exempt high-performing physicians from some PA requirements. But real-world effectiveness is still emerging, and providers report cumbersome participation processes, according to the AMA press release on prior authorization burdens and reform efforts. In practice, you shouldn't assume Gold Card status removes the need for tight verification workflows.

Can a practice get paid if it obtains authorization after the service

Sometimes, but you shouldn't build a workflow around retroactive approvals. Whether a retro auth is even possible depends on the payer, product, urgency of care, and plan rules. Most of the time, retro requests are exception-based and harder to win than timely submissions. Operationally, retro auth is a recovery tactic, not a stable process.

Who should own prior authorization in a medical practice

One person shouldn't “own” all of it. The process works best when ownership is split by stage. Front desk or eligibility staff verify plan requirements. Clinical staff support medical necessity. Authorization specialists submit and track. Billing verifies that the final claim matches the approval. When one employee is forced to do all of that, follow-up slips and denials rise.

Why does prior authorization create so much care disruption

Because the approval sits between the treatment plan and the date of service. If it stalls, everything behind it stalls. The same AMA survey noted that PA causes care interruptions for 89% of physicians, and 24% reported a serious adverse event for a patient due to PA delays. For practice managers, that disruption shows up operationally as rescheduling, staff rework, patient complaints, and delayed payment.

If your practice is losing time and revenue to prior auth bottlenecks, Happy Billing can help tighten the process without forcing an EHR migration. Their team works inside existing workflows, supports specialty-specific authorization demands, and aligns front-end approvals with clean claims, faster cash flow, and fewer preventable denials.

You may also like

Get a Free Audit