Prior Authorization in Medical Billing: Complete Guide for 2026

Published April 20, 2026 · 11 min read · By RCMAXIS Revenue Cycle Team

Prior authorization has become one of the most time-consuming administrative burdens in American healthcare. According to the American Medical Association's 2025 Prior Authorization Physician Survey, physicians and their staff spend an average of 14 hours per week — nearly two full workdays — completing prior authorization requests. For specialty practices, that number climbs even higher.

This guide covers everything your practice needs to know: how prior authorization works, which services require it, how to build a system that reduces denials and delays, and how RCMAXIS handles authorization management for our clients.

What Is Prior Authorization and Why Does It Exist?

Prior authorization (also called pre-authorization, pre-cert, or prior approval) is a requirement by health insurance payers that providers obtain approval before delivering certain services, procedures, or medications. Payers use it to verify medical necessity, confirm plan coverage, and control costs.

While the stated goal is cost containment and appropriate care, the practical reality for specialty practices is a system that delays care, consumes staff time, and generates denials when requirements are not met precisely.

Which Services Typically Require Prior Authorization?

Requirements vary by payer, plan, and state, but the following categories most commonly require prior authorization:

• Specialty medications — biologics, specialty injectables, brand-name drugs when generics exist
• Inpatient admissions — elective surgeries, rehabilitation, skilled nursing facility transfers
• Advanced imaging — MRI, CT scan, PET scan, nuclear medicine studies
• Outpatient surgical procedures — arthroscopy, endoscopy, certain pain management procedures
• Mental health and substance use services — intensive outpatient programs, residential treatment, TMS therapy
• Durable medical equipment (DME) — CPAP machines, custom orthotics, power wheelchairs
• Home health services — skilled nursing, physical therapy, occupational therapy at home

The Prior Authorization Process: Step by Step

Step 1: Identify the Requirement

Before scheduling any service that may require authorization, verify the patient's benefits and check whether the planned CPT code requires prior auth for that specific payer and plan. This should happen at scheduling — not the day before the appointment.

Step 2: Gather Clinical Documentation

Payers require clinical evidence of medical necessity. Gather relevant items such as:

• Physician notes supporting the diagnosis and clinical rationale
• Previous treatment history (especially failed conservative treatments)
• Applicable test results, imaging reports, or lab findings
• Referring physician notes (for specialist visits)
• Payer-specific clinical criteria (most payers publish these — find them on the payer's provider portal)

Step 3: Submit the Request

Submit via the payer's preferred method — online portal, EDI 278 transaction, phone, or fax. Online portal submissions are fastest and create a documented audit trail. Include the rendering provider NPI, service location, requested CPT/HCPCS codes, ICD-10 diagnosis codes, and date of service.

Step 4: Track and Follow Up

Most payers are required to respond within 3–5 business days for non-urgent requests (72 hours for urgent). Do not wait passively. Set a follow-up task for day 3 if no response has arrived. Document every call: date, representative name, reference number, and status.

Step 5: Communicate the Decision

Once approved, record the authorization number, approved service dates, approved units or visits, and the approving payer representative name. This information goes directly on the claim at submission.

Why Prior Authorization Denials Happen

Understanding denial root causes is the first step to prevention. The most common prior auth denial reasons include:

• Missing or insufficient clinical documentation — the most common cause; payers reject requests that do not clearly establish medical necessity using their clinical criteria
• Wrong level of care requested — requesting inpatient when outpatient meets criteria, or vice versa
• Incorrect CPT or ICD-10 codes on the request — codes must match exactly what will be billed
• Submitted to wrong payer or wrong plan — especially common with dual-coverage patients
• Service not covered under the plan — authorization does not guarantee payment; benefits must be verified separately
• Expired authorization — service rendered after authorization end date or beyond approved visit count

How to Build a Prior Authorization Workflow That Works

1. Create a Payer Authorization Matrix

Build a reference document listing every payer you contract with, the services they require auth for, their submission method, typical turnaround time, and portal login URL. Update it quarterly — payer requirements change frequently, especially at plan year renewal (January 1 and July 1 are most common).

2. Embed Auth Checks at Scheduling

Authorization requests should be initiated at the time of scheduling, not the week of the appointment. For procedures with 5+ business day turnaround, this means scheduling 2 weeks out minimum. Build a scheduling rule that flags CPT codes requiring auth and assigns a task to the auth team immediately.

3. Use Payer Clinical Criteria as a Checklist

Every major payer publishes Clinical Coverage Policies that define what documentation is required to approve each service. Download these, turn them into checklists, and have the ordering physician verify that all criteria are met and documented before the auth request is submitted. This single practice reduces first-pass denial rates dramatically.

4. Track Every Request in a Centralized Log

Whether you use your PM system, a spreadsheet, or dedicated auth management software, every request must be logged with: patient name, DOS, CPT codes, payer, submission date, follow-up date, status, auth number, and expiration date. Requests that fall through the cracks become claim denials.

5. Set Expiration Alerts

Authorization expiration is a silent revenue killer. A patient whose monthly injections are authorized for 10 visits by December 31 needs a renewal request submitted in November — not in January when the claim is denied. Set calendar alerts at 75% of authorized visits used and 30 days before expiration date.

How to Appeal a Prior Authorization Denial

An initial denial is not the final word. Under the ACA and most state regulations, you have the right to appeal. Here is how to win:

• Request the denial in writing — get the specific denial reason code and clinical rationale
• Identify the gap — compare what the payer's criteria requires to what was submitted
• Get the physician involved — peer-to-peer review calls (where your physician speaks directly with the payer's medical director) overturn denials at a 60–75% rate in most specialties
• Submit a formal written appeal — include a letter of medical necessity signed by the treating physician, relevant clinical literature, and any missing documentation from the initial request
• Escalate to external review — if the internal appeal fails, most states allow external independent review for medical necessity denials

The Impact of the No Surprises Act on Prior Authorization

The No Surprises Act (effective January 2022) and subsequent CMS rules are beginning to reshape prior authorization requirements. Key developments for 2026:

• CMS has finalized rules requiring Medicare Advantage and Medicaid managed care plans to respond to standard prior auth requests within 7 calendar days (previously 14) and urgent requests within 72 hours
• Plans must now provide specific reasons for denials and make them accessible electronically
• Gold-carding provisions — exempting physicians with strong authorization approval records from needing to request auth for certain services — are being implemented in several states
• HL7 FHIR-based electronic prior authorization (ePA) is being mandated for most federal programs by January 2027

How RCMAXIS Manages Prior Authorization for Our Clients

Our claims management team handles the entire prior authorization workflow, including:

• Real-time eligibility and benefits verification with auth requirement identification at scheduling
• Same-day submission of auth requests via payer portals and EDI
• Daily follow-up on pending requests approaching the 3-day mark
• Proactive renewal of expiring authorizations 30 days in advance
• Peer-to-peer review coordination with the treating physician when denials occur
• Full documentation of all auth numbers in the PM system for clean claim submission

Across our client base, we maintain a 97.3% authorization approval rate and reduce auth-related denials to under 1% of claims submitted. For a busy specialty practice submitting 500 claims per month, that difference represents tens of thousands in recovered revenue annually.

Ready to eliminate prior auth as a revenue bottleneck? Request your free RCM audit and see exactly where authorizations are costing your practice money.