CMS mandates and industry pledges are accelerating change, but reducing prior authorization volume doesn’t eliminate complexity. It shifts it. Health plans that treat reform as a compliance exercise will struggle. Those that redesign utilization management for the future will lead.
For years, CMS has been signaling that prior authorization is broken. Today, the message is louder, more public, and backed by deadlines.
There is no shortage of headlines about prior authorization reform. CMS is introducing new requirements focused on speed, transparency, and accountability. Health plans are making public commitments to simplify the process. And across both regulatory and industry efforts, a clear direction is emerging.
The pressure to modernize prior authorization is no longer theoretical.
Here’s what’s concrete: as of this year, impacted payers have to turn around standard medical prior authorization decisions in 7 days and expedited decisions in 72 hours and publicly report key metrics. By January 2027, FHIR-based electronic prior authorization interfaces must be in place. A proposed rule would extend similar requirements to drug prior authorizations by October 2027, with even shorter turnaround times.
The compliance calendar is real and health plans are in a constant state of action and reaction to stay ahead of the requirements and dates.
At the same time, nearly 50 health insurers signed a six-point pledge committing to reduce prior authorization requirements, expand real-time approvals, and ensure every clinical denial is reviewed by a medical professional.
One track is regulatory; the other is voluntary. Both are moving in the same direction.
Reducing Volume Does Not Reduce Complexity
One of the most common reactions to prior authorization reform is to focus on reducing the number of requests that require review. On the surface, that sounds like less work, less friction, and a better experience for providers and members.
But reducing volume does not reduce complexity; it simply transfers risk.
Healthcare is an interconnected clinical, operational, and financial ecosystem. When complexity is removed from one part of the system, it doesn’t disappear. It shows up somewhere else.
Think about it this way: When you take routine, lower-acuity services out of the prior authorization queue, what’s left? The hard stuff. The high-cost, clinically complex cases where the stakes are higher and the documentation requirements are more demanding. And you now have to make those decisions faster than ever.
At the same time, if you’re not authorizing as much on the front end, the financial and clinical risk that used to get caught at pre-service review has to go somewhere. It moves downstream into payment integrity, post-service audit, and retrospective utilization review. A health plan that treats this as a subtraction exercise only is setting itself up for exposure on the back end.
The Real-Time Approval Challenge
One aspect of the industry pledge deserves particular attention, as it may be the most challenging to implement..
The pledge commits to real-time approvals for 80% of requests by 2027. You can’t staff your way to real-time. That’s an automation problem, and plans need to be thinking about that now. Plans that have not started investing in the data, workflows, and intelligence required to support real-time approvals are already operating against the clock.
Success Requires More Than a Faster Prior Authorization Process
Many organizations are focused on making prior authorization itself more efficient. That’s important, but it is only part of the equation. To succeed in this new environment, health plans need capabilities that operate before prior authorization, during the process, and after the decision is made.
Start Upstream
One of the largest opportunities exists before a request ever reaches a clinical reviewer.
Benefit verification remains a significant source of unnecessary work. Many authorization requests are submitted for services that either do not require authorization or involve members who are not eligible at the time of service. Identifying those issues early removes avoidable volume from the system and frees clinical resources for higher-value work.
Gold carding is another important strategy. Exempting high-performing providers from prior authorization requirements based on demonstrated approval history can meaningfully reduce volume while maintaining appropriate oversight. However, gold carding only works when supported by strong data and governance. Plans need the infrastructure to identify provider performance accurately and apply exemptions consistently.
Improve Decision Quality During Review
Within the prior authorization process itself, two issues consistently drive delays and inefficiencies.
The first is documentation sufficiency.
Incomplete documentation at intake is probably the single biggest driver of prior authorization cycle time, and under a 7-day window there’s no room for back-and-forth. Plans need to know immediately whether the information submitted is sufficient to make a determination.
The second is consistency in clinical criteria application.
When denial decisions are frequently overturned on appeal, the root cause is often not the appeals process itself. The issue typically begins much earlier with inconsistent application of clinical criteria. Organizations that improve consistency at the point of review can reduce appeals, improve provider trust, and accelerate decision-making.
Strengthen the Back End
On the back end is payment integrity and retrospective utilization analysis. If you’re reducing pre-service review, you need a stronger post-service layer. Payment integrity and retrospective utilization analysis cannot be afterthoughts. They become essential safeguards for managing risk that is no longer being addressed upfront.
The organizations that perform well in the future will be those that strengthen both sides of the equation simultaneously.
Where AI Fits and Why Governance Matters
One of the most common questions health plans are asking today is how artificial intelligence fits into prior authorization. The answer unfortunately is still evolving.
The 2026 Medicare Advantage final rule deferred AI-in-Prior Authorization governance entirely, meaning CMS looked at it and essentially said they are not ready to codify this yet. In other words, the rules are still being written.
What we do have is insight into the direction regulators appear to be heading. The WISeR model, currently being tested by CMS in traditional Medicare, combines AI-supported analysis with clinician review for specific services. The model sends a clear signal: CMS is not opposed to AI in utilization management. It’s important to note that the model they are validating puts clinician review firmly in the loop. AI accelerates and informs the decision; it does not make it.
For any company operating in this space, the signal to pay attention to is that explainability, auditability, and human oversight are not optional. The plans and vendors that are building toward that standard now, before the rule is written, are going to be in a much stronger position than the ones who have to retrofit it later.
The Window to Prepare Is Closing
Many organizations still view 2027 as a distant milestone. It is not.
The FHIR interface requirement and the electronic prior authorization mandate are infrastructure changes that take time. If you are starting that work in late 2026, you are already behind.
And think about this holistically. The plans that emerge strongest from this period of reform will not be the ones that simply meet regulatory requirements. They will be the organizations that recognize prior authorization reform for what it really is: a systems redesign opportunity.
The mandates are just the floor. The real opportunity is to build utilization management operations that are faster, more consistent, more transparent, and more closely aligned to clinical outcomes.
That’s what providers have been asking for. It’s what regulators are pushing toward. And, most importantly,it’s what members deserve.
The technology to make that future possible already exists. The question is whether plans have the right strategy and the right partners to build it.
Continue Learning
Read the Brief: AI-Driven Operational Compliance in Healthcare
Read the Blog: Clinical Rigor Is What Will Determine Whether AI Actually Improves Healthcare
Join the Conversation: Why the Future of Healthcare AI Will Be Won Beneath the Surface
About the Author
Gina Collins is Chief Regulatory Officer at Autonomize AI, where she leads regulatory strategy, compliance, and enterprise risk management to support safe, scalable AI adoption in healthcare. With more than 20 years of executive leadership experience across payer, provider, and government healthcare sectors, she is known for driving operational transformation, strengthening governance, and translating complex regulatory requirements into practical solutions. Prior to Autonomize, Gina held leadership roles at the FDA’s Center for Devices and Radiological Health and a Fortune 13 global health services company, leading initiatives focused on regulatory transparency, operational risk, and compliance.
