Prior Authorization
Prior authorization is payer approval obtained before a service is performed, required for many imaging studies, surgeries, specialty drugs, and DME. Under the CMS Interoperability and Prior Authorization rule, affected payers must decide standard requests within 7 calendar days and urgent requests within 72 hours starting in 2026.
- When required
- Before the service (with limited retro exceptions)
- CMS-0057-F deadlines
- 72 hours urgent / 7 days standard (2026)
- Denial without it
- CO-197
- Auth is not
- A guarantee of payment
What is prior authorization and when is it required?
Prior authorization (also called precertification or pre-auth) is the payer's advance approval for a planned service. It concentrates on the expensive stuff: advanced imaging (MRI, CT, PET), elective surgery, specialty and infusion drugs, DME, inpatient admissions, and out-of-network exceptions. The payer reviews the request against its medical necessity criteria and either approves it with an authorization number, requests more information, or denies it.
Skip it and the claim denies CO-197, which is provider liability under almost every network contract. The patient cannot be billed for your workflow miss.
How do you get a prior authorization approved?
- Check whether auth is required. Run the CPT code through the payer's auth-requirement lookup for that specific plan; requirements differ between a payer's HMO, PPO, and MA products.
- Submit through the payer portal with the order, relevant notes, and prior conservative treatment documented. Match the request to the criteria set (for example, six weeks of PT before a lumbar MRI).
- Record the auth number, approved CPT codes, units, and validity window in the PM system on the appointment, not in a sticky note or a shared spreadsheet.
- Bill within the window and make sure the rendering provider, site, and codes match the approval exactly.
Numbers worth knowing: an approved auth for CPT 70553 (brain MRI with and without contrast) that is valid for 60 days pays nothing if the scan happens on day 63. Rescheduling patients past an auth expiration date is a silent revenue leak that shows up only as "auth invalid" denials.
What changed with the 2026 prior authorization rules?
The CMS Interoperability and Prior Authorization final rule (CMS-0057-F) took effect for decision timeframes in January 2026. Medicare Advantage, Medicaid managed care, CHIP, and federal exchange plans must now decide expedited requests within 72 hours and standard requests within 7 calendar days, must give a specific reason for denials, and must publicly report their approval and denial metrics. API-based electronic prior auth requirements phase in by 2027.
Practical effect: for MA plans, "still pending after three weeks" is no longer something you have to accept. Reference the federal timeframe when you escalate, and document the submission timestamp from the portal.
What are the most common prior auth failures?
- Auth obtained for the wrong code. Office requests 70551 (MRI without contrast), radiologist performs 70553 (with and without). The auth does not cover it. Train schedulers to auth the "with and without" version whenever contrast is possible, or confirm the protocol first.
- Valid auth, wrong entity. Auth issued to the hospital outpatient department, service performed at the freestanding imaging center, or vice versa.
- Units exhausted. Twelve PT visits approved, sixteen performed, four denied.
- Auth never linked to the claim. The number exists but never lands in the 2300 REF*G1 segment (box 23 on the CMS-1500), producing a denial for a service that was actually authorized.
Frequently asked questions
The claim denies, usually CO-197 (precertification absent). In-network contracts typically make this provider liability, so you cannot balance-bill the patient. Some payers allow retro authorization within 24 to 72 hours of the service or for urgent situations, so call the moment you discover a missed auth rather than waiting for the denial.
No, and payers say this explicitly on every approval letter. The claim must still match the authorization (same CPT, provider, site, date range, units) and the patient must still be eligible on the date of service. Auth plus failed eligibility is one of the most common and preventable denial combinations.
For Medicare Advantage, Medicaid, CHIP, and exchange plans covered by CMS-0057-F, payers must answer expedited requests within 72 hours and standard requests within 7 calendar days. Commercial employer plans are not bound by the rule, and complex specialty-drug auths there can still take two weeks or more.
A referral is permission from the primary care physician for a patient to see a specialist, mostly an HMO concept. Prior authorization is permission from the payer for a specific service or drug. A patient can have a valid referral and still need a separate auth for the MRI the specialist orders.
Sources & further reading
Reviewed by the ImmediCare Solutions RCM team
Certified billers and coders handling claims across 50+ specialties nationwide. This entry is reviewed against current payer policy and CMS rules. Last review: Jul 5, 2026.
Stop losing revenue to problems like this.
A free billing audit shows exactly where your practice is leaking money — no cost, no commitment.
