Prior auth AI that satisfies CMS, reduces appeals, and keeps humans in the loop where it matters.
The Challenge
CMS's 2024 prior authorization rule changes imposed new transparency and documentation requirements on Medicare Advantage plans and specialty pharmacy operators using automated decision-making. Cardinal Health's existing prior auth model produced approvals and denials without generating human-readable rationales, stored decision records in a format that wasn't queryable by the compliance team, and had no systematic mechanism to detect whether denial rates were drifting across demographic groups.
When the compliance team attempted to reconstruct decision records for a CMS audit, they discovered that approximately 30% of automated denial records could not be matched to the specific model version that produced them, making it impossible to verify that current model behavior was consistent with the version that had been reviewed internally.
The Solution
The deployment governance layer was configured to capture the full decision record — input features, model version, confidence score, and rule-based override conditions — for every prior authorization request at inference time. The explainability module generates a structured, plain-language rationale for each decision that can be surfaced to members in their denial notices without manual clinical reviewer involvement.
Bias detection runs on a rolling weekly basis across the full authorization decision set, measuring denial-rate disparities by race, gender, age cohort, and geography against established equity benchmarks. Drift outside established bounds triggers an automatic hold on the affected model and escalates to the medical director before further decisions are processed.
Every Decision, Every Version, Fully Reproducible
Model versioning was enforced at the deployment gate: no model reaches production without a registered version identifier, and every inference record is stamped with the exact version that produced it. When CMS requested documentation for a sample of prior auth decisions spanning 18 months, the compliance team exported the complete records — model version, input features, output, and clinical rule applied — in under two hours. The audit examiner noted it was the most complete response they had received from a specialty pharmacy operator in that examination cycle.
Algorithmic Fairness as a Standing Compliance Control
Prior authorization decisions are subject to anti-discrimination obligations under the ACA and CMS's equity guidance. The bias detection module treats fairness monitoring as a standing operational control, not a periodic audit. When denial-rate disparities exceed defined thresholds for any protected class, the system escalates automatically and logs the escalation as a compliance event, creating an auditable record of detection and response that satisfies regulators' requirements for ongoing monitoring.
Human-in-the-Loop at the Right Threshold
Not every prior auth decision should be automated. The risk-tiering configuration routes complex multi-condition requests and all denials for certain high-cost specialty therapies directly to clinical reviewers, with the model's recommendation and reasoning presented as a decision-support artifact — not as a binding output. Reviewers override or confirm with a single interaction that logs their reasoning, feeding back into model performance evaluation.
Results
Explainable denials with documented rationale reduced the grounds for successful member appeals.
Complete decision records and fairness monitoring documentation satisfied all examiner requests.
Version-stamped, queryable inference logs replaced manual record reconstruction.
Every prior auth decision carries a human-readable explanation generated at inference time.
See what Thndr AI can do for your team
Talk to our team about your specific AI governance challenges.
