AI Use in Prior Authorization Decisions Requires Advanced Oversight

As federal and state regulators intensify scrutiny of prior authorization (“PA”) practices and AI in healthcare decision-making, health plans face a rapidly evolving risk landscape that extends far beyond traditional utilization management operations. New and proposed federal and state laws and initiatives are reshaping expectations around medical necessity determinations, algorithmic oversight, delegated entity accountability and access-to-care obligations.

For health plan executives, general counsels, compliance leaders and boards of directors these developments represent not only a compliance challenge, but a strategic enterprise risk issue with significant financial, operational, litigation, and reputational implications. In addition, interoperability, electronic prior authorization (“ePA”) and various state regulations are requiring health plans to submit samples of PA and appeals operational data, making PA a regulated data product.

How AI Is Being Used

Across the industry, the strategic objective is to shift PA from a heavily manual, document-intensive process toward a more scalable utilization management operation that supports faster approvals with consistent and fair use of clinical criteria across all health plans and members, while reducing administrative cost and provider friction. The shift from manual review to algorithmic triage, human-in-the-loop legal requirements, and traceable decision logic make analytics the only scalable way to demonstrably prove responsible AI use has been integrated in all AI governance frameworks and processes.

Health plans are using AI-driven utilization management models across the entire PA workflow including intake and document extraction, clinical documentation review, automated question completion, intelligent routing, medical necessity evaluation support and real-time approval workflows. Some plans report that these improvements to clinical decision support and nurse and physician review have resulted in first-pass approval rates more than 90%, a 45% reduction of manual workflow and an 80% increase in end-to-end process efficiency – leading to accelerated approvals in seconds instead of days.

On the provider side, AI is increasingly embedded into ePA workflows that connect directly to provider electronic health record (“EHR”) systems. Some models can automatically extract relevant clinical data from provider medical records, evaluate the request against authorization criteria, and can issue automatic approvals without additional provider input. Other platforms use generative AI to create clinical summaries, assemble prior authorization packets, complete payer questionnaires, and draft approval or denial rationale language, significantly reducing administrative burden on providers.

Proving Responsible AI Use Positions Organizations for Regulator Scrutiny

In healthcare, AI maturity is measured by institutional reliability under the pressure of regulatory scrutiny. Health plan systems can be enhanced to meet these new standards by:

  • Leveraging data to create shared visibility across legal, operations, IT and clinical teams
  • Moving from episodic to continuous oversight including real-time monitoring, traceable decision logic (explainability layers), supportable human-in-the-loop and bias detection analysis, and anomaly detection
  • Detecting issues before regulators through implementation of early warning systems that enable proactive surveillance

These expectations also align closely with Medicare Advantage Compliance Program principles that require organizations to maintain effective systems for routine monitoring, auditing, prompt issue identification, corrective action and oversight of delegated entities. In an AI-enabled prior authorization environment, those obligations cannot be satisfied through policy statements alone. Plans need operational evidence that decision-making tools are functioning as intended, that human clinical review is meaningful and that processes delegated to vendors are controlled. Having this level of visibility ensures that emerging risks are identified before they become regulatory findings, member issues, litigation exposure, or enforcement issues.

The organizations best positioned for the next phase of internal and external scrutiny will be those that operationalize responsible AI before regulators, plaintiffs or auditors require them to prove it. That means strengthening PA and utilization management programs through transparent governance, algorithmic accountability, operational monitoring through continuous analytics and routine testing. These organizations will also have board-level visibility into performance, outcomes, bias, access, appeal and overturn trends.

With Great Power Comes Great Responsibility

AI has changed the game by enabling new processes that allow qualitative and quantitative data to model human clinician decision-making at scale. The newfound ability to examine entire datasets has led to AI models being trained on historical utilization data, where inconsistencies in data quality, standards or prior decision-making patterns can amplify unintended outcomes from the AI model and perpetuate flawed historical patterns.

AI model risk has led to new legislation that puts a much heavier burden on care providers to control these negative outcomes. At the same time, the previously used retrospective audits that review a sample of transactions as part of the internal audit or compliance process can’t begin to keep up with the scale of the data sets and the speed at which decisions are being made.

Responsible healthcare AI will ultimately be judged not by whether a model was accurate enough, but by whether the institution can demonstrate – through data, documentation and disciplined oversight – that it used AI lawfully, fairly and reliably in the service of patient access and clinical appropriateness.

Footnotes:

1: “2024 CMS Interoperability and Prior Authorization Final Rule,” CMS.gov, (April 14, 2026).

2: California SB 306 requires reporting related to PA approvals, denial rates, service categories, and authorization trends. Oregon HB 3134 requires expanded PA reporting including authorization process metrics, operational transparency, and standardized exchange expectations.

3: Optum press release, “Optum is advancing AI-powered digital prior authorization to reshape care delivery,” (February 4, 2026).

4: Section II.2.A, “Medicare Advantage Industry Segment-Specific Compliance Program Guidance,” HHS OIG website, https://oig.hhs.gov/compliance/ma-icpg/.

Related Insights

Related Information

Published

June 08, 2026

temp Key Contacts

Mitchel S. Harris

Senior Managing Director

Joe Knight

Senior Managing Director

Kyle Wetzold

Managing Director

Most Popular Insights

  1. Hybrid Energy Strategies for Data Centers Expose Complex Constraints
  2. Venezuela’s Oil Sector Recovery: Navigating the Post-Maduro Investment Landscape
  3. How the War on Iran Is Reshaping Transportation & Logistics
  4. Four Predictions for Private Equity in 2026
  5. Global CFO Survey 2026

Sign up to get access to FTI Consulting Insights

Subscribe