Utilization management (UM) sits at the center of one of healthcare’s most persistent tensions: ensuring appropriate, evidence‑based care without slowing access to it. In practice, that tension has made prior authorization one of the most administratively burdensome interactions between providers and health plans.
To address that burden, the Centers for Medicare & Medicaid Services (CMS) Interoperability & Prior Authorization (CMS‑0057-F) Final Rule mandates health plans to digitize medical policies and stand-up Fast Healthcare Interoperability Resources (FHIR®) APIs, among other requirements. These steps matter. They improve access to information, increase transparency, and standardize how data moves between payer and provider systems.
But digitizing medical policy is not the same as making it usable for automated prior authorization decision‑making. Many health plans are discovering that even after digitizing medical policies and implementing FHIR APIs, prior authorization turnaround times remain slow and provider frustration remains high.
Beyond Analytics: How Sellers Dorsey is Hard-Coding Value into Medicaid Policy [Video]
How to turn analytics into actual policy outcomes.
The reason is straightforward: digitization alone does not make medical‑necessity determinations executable by automated systems at scale.
Why medical policies need to go beyond digitization
Today, when a physician submits a prior authorization request, health plans determine medical necessity based on the medical policy governing that service. These policies define the clinical criteria required for coverage. However, physicians do not assess patients through the lens of policy criteria. They evaluate clinical need based on standards of care, a comprehensive review of systems, patient history, and alignment with evidence‑based outcomes.
This fundamental mismatch, between how providers assess patients and how health plans apply policy logic, is one of the biggest barriers to automating prior authorization decisioning. In response, many health plans, delegated prior authorization vendors, and even CMS have focused on digitizing medical policies to close the gap.
Survey on the Healthcare Financial Landscape Offers a Roadmap for Stakeholders
Zelis highlights how employers, payers, and consumers are integrating digital tools to manage healthcare costs.
But digitization alone doesn’t solve the problem.
Criteria must be human readable and machine readable
Medical policies are traditionally written in a formal legal-style, structured to define the clinical criteria for medical necessity. This structure often creates redundant, disjointed intake processes, often forcing clinicians to complete multiple, sequential forms when a single service is governed by multiple medical policies.
That approach doesn’t scale in an automated UM environment.
To work at scale, medical policies must function as executable logic, not just reference documents. They must support two audiences at the same time: clinicians, who need to see familiar clinical reasoning, and automated technology, which require clarity, structure, and repeatability to operate reliably.
In practice, this means translating policy guidelines into clear, clinically validated dynamic, decision-tree pathways. Because each pathway is validated by clinicians and Chief Medical Officers, they mirror how patients are evaluated. This makes attestations easier for providers and provides a logical expression for deterministic AI to find a response if the documentation exists. Clinical intent remains intact, but it’s translated into clear trees and criteria that machines and humans can follow, rather than legal-style policy language.
Translating policies this way requires organizations to:
- Break narrative policy text into explicit, structured decision-tree logic
- Consolidate overlapping policies at the service (CPT code) level in a way that is cohesive and easy to follow
- Organize criteria in the same sequence clinicians use to evaluate patients
- Separate clinical requirements from operational and business rules
- Maintain governance, versioning, and traceability for automation
When policies are translated into decision trees, automation can support, not replace, manual prior authorization submissions and reviews. Systems can guide providers through relevant questions, interpret inputs consistently, and escalate cases that truly require human judgment.
Traceability, version control, and review cadence are non‑negotiable
Translating policies so machines can execute is only half the equation. Once clinical logic is operationalized in automated systems, health plans must also be able to explain why a determination was made, which version of a policy was applied, and how that policy connects back to clinical evidence.
In an automated UM environment, traceability isn’t just about compliance; it’s about trust. Providers expect consistency across determinations. Regulators expect transparency. And internal clinical teams need confidence that policy logic is being applied as intended to reduce appeals and grievances.
That’s where strong policy governance becomes essential.
Effective policy governance requires more than well‑written content. It demands rigor in how policies are sourced, maintained, and evolved, including:
- Clear linkage to source evidence and clinical rationale
- A complete audit history of policy changes over time
- A defined, repeatable review cadence driven by time or emerging evidence
Without this structure, even well‑intentioned policy updates introduce unexplained variability. Automation amplifies those inconsistencies, eroding provider trust, increasing appeal volume, and exposing plans to regulatory and reputational risk.
When traceability and governance are embedded from the start, automation becomes defensible, scalable, and transparent, supporting faster decisions without sacrificing clinical integrity.
The path forward
Prior authorization is frustrating because it’s complex, and that complexity won’t be solved by technology alone. It will be solved by turning medical necessity criteria into clear clinical logic that both clinicians and automated systems can understand and apply consistently.
As interoperability expands and automation becomes expected, medical policy must do more than exist in digital form. When policies are structured into decision trees, so humans and machines interpret them the same way, they create the clarity, transparency, and consistency needed to support meaningful, scalable conversations between providers and utilization management teams.
Photo: Carol Yepes, Getty Images
Matt Cunningham, EVP of Product at Availity, spent nine years in the Army in light and mechanized infantry units, including the 2nd Ranger Battalion. He brought his Army operations experience to the healthcare industry and has been focused on solving the problem of prior authorizations and utilization management for the past 15+ years. He helped scale a services company from $20M to the largest healthcare benefit services company. Matt has served as Head of Call Center Operations, Director of Product Operations, Chief Information Officer, and lead integration efforts for mergers and acquisitions.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.