Prior Authorization in 2026: How New CMS Rules and AI Are Changing the Worst Part of Practice

Ask any clinician what they hate most about practicing medicine in 2026, and prior authorization is near the top of every list. It's the process where, before you can deliver a treatment, test, or medication you've already decided your patient needs, you have to get permission from their insurance company — submitting documentation, waiting days for a response, and often resubmitting because something was missing. The American Medical Association estimates physicians spend roughly 13 hours per week on prior authorization activities. CMS estimates the process costs around $34,000 per provider annually.

The human cost is worse than the financial one. In a 2025 national provider survey, 97% of administrators and 93% of clinicians reported seeing prior authorization delays cause avoidable emergency care or hospitalizations, and 55% had witnessed patients abandon treatment entirely because of PA delays.

Two forces are reshaping this in 2026: a major federal regulation called CMS-0057-F that's forcing payers to modernize, and a wave of AI tools that automate the provider side of the process. This article breaks down what actually changed, what's coming, and how the AI tools fit in — written for practices trying to figure out what to do about the single most frustrating administrative burden in medicine.

Why prior authorization is so broken

To understand the fixes, you have to understand why the process is so painful in the first place.

Prior authorization is fundamentally a permission system. Before certain treatments, procedures, imaging studies, or medications, the payer requires the provider to demonstrate medical necessity and get approval. In principle, this controls costs and prevents unnecessary care. In practice, it has become a sprawling, inconsistent, largely manual process.

The mechanics are the problem. A manual prior authorization request takes an average of 24 minutes when conducted by phone, fax, or email, and about 16 minutes through a health plan portal. As of 2024, only 35% of health plans used fully electronic prior authorization processes — meaning the majority still ran on phone calls and faxes. Each payer has its own requirements, its own forms, its own criteria, and those requirements change constantly. A practice submitting a request often doesn't find out what documentation was missing until the request is denied, days or weeks later, at which point they resubmit and wait again.

The CAQH 2024 Index puts the manual cost of a single prior authorization at $10.97 for providers, dropping to $5.79 when fully electronic. Multiply the difference across hundreds of monthly authorizations and the savings scale to tens of thousands of dollars annually — before you even count the clinical cost of delayed care.

What CMS-0057-F actually requires

The biggest structural change to prior authorization in over a decade is a federal rule called CMS-0057-F — the CMS Interoperability and Prior Authorization Final Rule. It was released in January 2024 after nearly three years of rulemaking and more than 4,000 public comments, and its major provisions took effect January 1, 2026, with further requirements landing in 2027.

Here's what it requires, in plain terms.

Faster decision timelines. As of January 1, 2026, impacted payers must issue decisions on expedited (urgent) requests within 72 hours, and on standard (non-urgent) requests within seven calendar days. The 72-hour urgent window is down from a previous industry norm of 5 to 14 days. This is a dramatic compression.

Specific denial reasons. Payers must now provide a specific reason when they deny a prior authorization request, rather than a vague rejection. This makes appeals more straightforward and helps practices understand what to fix.

Electronic prior authorization APIs. Payers must implement standardized, FHIR-based APIs (the Prior Authorization API, Provider Access API, and others) that enable electronic submission and real-time status updates. The full API-driven interoperability requirements take effect January 1, 2027 — payers have until then to build and enhance these systems.

Public reporting. Payers must publicly report certain prior authorization metrics, including approval and denial rates and average decision times. This transparency lets practices compare how administratively burdensome different payers actually are.

Who's covered. The rule applies to federally funded health plans: Medicare Advantage organizations, Medicaid and CHIP fee-for-service programs, Medicaid managed care plans, and certain Qualified Health Plans on the federal exchanges (with some exclusions). It does not cover all commercial plans, though many commercial payers are modernizing in parallel.

A new clinician measure. CMS introduced an "Electronic Prior Authorization" measure for MIPS-eligible clinicians under the Promoting Interoperability performance category, creating an incentive for practices to adopt electronic PA.

One important nuance: the rule applies to payers, not directly to providers. But every practice billing affected payers benefits operationally, and should expect cleaner workflows from the payer side starting in 2026. The rule is the starting line, not the finish line — what practices build on top of it determines how much benefit they actually capture.

The 2026 vs 2027 timeline

It's worth being precise about timing, because the rule rolls out in phases.

January 1, 2026 (now in effect): Decision timeline requirements (72 hours urgent, 7 days standard), specific denial reason requirements, and public reporting of PA metrics for impacted payers.

January 1, 2027: The technical API requirements — the FHIR-based Prior Authorization API, Provider Access API, Payer-to-Payer API, and Patient Access API enhancements. This is when the full electronic, interoperable infrastructure is required to be operational.

So in 2026, the decision timelines and transparency requirements are live, but the seamless electronic infrastructure is still being built. Practices that wait for 2027 to think about this will be behind. The smart move is to prepare workflows now so you're ready to plug into the APIs as payers turn them on.

Where AI prior authorization fits

This is where AI tools enter the picture. The new CMS rule modernizes the payer side; AI tools modernize the provider side. They're complementary.

AI prior authorization software automates the traditionally manual provider workflow. When a clinician orders a treatment requiring approval, the software:

1. Extracts the relevant clinical data directly from the EHR
2. Compares that documentation against the specific payer's medical necessity criteria, using natural language processing to read clinical notes the way a human coder would
3. Identifies missing documentation before submission — flagging exactly what to add rather than waiting for a denial to reveal the gap
4. Submits the request electronically
5. Routes the completed request to the provider or designated staff for review through the EHR task queue

The most impactful versions work invisibly inside the existing EHR, so staff don't have to log into a separate portal or learn a new system. They order the treatment, and the AI handles the rest in the background.

There are two distinct approaches worth understanding:

Upstream / point-of-prescribing tools like Develop Health use real-time benefit checks through direct PBM integrations to surface coverage status, PA requirements, and out-of-pocket costs before the prescription is even written. The insight here is powerful: catching a PA requirement during the visit, while the patient is still in front of you, is worth hours of administrative follow-up compared to discovering it after the prescription is sent. Real-time benefit verification is the upstream trigger that makes everything downstream faster.

End-to-end workflow tools like Myndshft handle the full process across both medical and pharmacy benefits, maintaining rules for 600+ payers and reducing total PA workflow time from roughly 50 minutes to under 5. These focus on eliminating manual work throughout the entire process rather than just speeding up the initial recommendation.

A note on the payer-versus-provider distinction: some prominent AI PA platforms (like Cohere Health) are built for health plans, not providers — providers access them only through their insurers. For a practice evaluating tools to buy, the provider-facing options (Develop Health, Myndshft, and others) are the relevant category.

Does the AI actually work?

The evidence is genuinely encouraging, with appropriate caveats.

In a 2025 national survey of 200 US clinicians and office administrators, nearly universal trust emerged in using AI for prior authorization: 99% of clinicians and 96% of office administrators reported confidence in AI-driven PA. That's a striking level of acceptance for a technology that's still relatively new.

Reported efficiency gains are substantial: health plans and providers cite 40-55% reductions in provider time spent on PA, care delivery 70% faster in some deployments, and provider satisfaction in the 93-98% range. On the payer side, Cohere Health reports auto-approving up to 90% of requests for some health plan members, with the remainder routed to clinician review.

But there are real caveats worth keeping in mind:

AI can reinforce bias. Models trained on historical data may reproduce existing patterns of underuse or denial in certain populations unless carefully monitored. Responsible vendors emphasize transparency and human oversight specifically to mitigate this.

Human oversight remains essential. The credible platforms route uncertain or complex cases to human reviewers. "Fully autonomous" PA approval with no human in the loop is a compliance and clinical risk. Confidence threshold controls — where the AI handles high-confidence cases and escalates uncertain ones — are the responsible design pattern.

There's an "arms race" dynamic. As payers deploy AI to process (and sometimes deny) requests faster, and providers deploy AI to submit cleaner requests faster, some critics argue this accelerating automation doesn't fix the underlying problem of excessive PA requirements — it just makes both sides faster. There's truth to this. AI makes a broken process more efficient; it doesn't eliminate the process.

The gold-carding trend

One genuinely positive development worth noting: alongside the CMS rule and AI tools, major payers are reducing PA requirements outright.

Some payers have committed to eliminating significant portions of their outpatient PA requirements and launching "gold card" programs that waive prior authorization for providers with strong track records of following evidence-based guidelines. The logic: if a provider consistently orders appropriately, why make them ask permission every time? Gold-carding reduces administrative burden for high-performing practices and lets payer clinical reviewers focus on cases that actually need scrutiny.

For practices, this creates an incentive structure worth understanding. Consistent, well-documented, guideline-adherent ordering can eventually reduce your PA burden through gold-carding. The AI tools that help you submit clean, complete, evidence-backed requests may also help you build the track record that gets you gold-carded.

What practices should do now

A practical action plan based on where things stand in 2026.

Pull your PA data. Identify your highest-volume PA requirements and your most common denial reasons over the last quarter. This tells you where automation would have the biggest impact and which payers are most burdensome.

Check which of your payers are covered by CMS-0057-F. Medicare Advantage, Medicaid, CHIP, and certain exchange plans are covered. If a large share of your patients have covered plans, you should already be seeing faster decision timelines — hold payers accountable to the 72-hour and 7-day requirements.

Evaluate provider-side AI PA tools if your volume justifies it. For practices with significant PA volume, tools like Develop Health (point-of-prescribing) or Myndshft (end-to-end) can recapture meaningful staff time. For lower-volume practices, the manual process plus the new faster payer timelines may be sufficient for now.

Verify EHR integration before buying. The most valuable AI PA tools work inside your existing EHR. Before committing to any vendor, confirm your EHR is on their integration list. A PA tool that requires a separate portal loses much of its value.

Confirm HIPAA compliance and BAA. Any tool processing your clinical documentation is a business associate. Verify SOC 2 Type II certification, BAA availability, and audit-grade logging of both AI actions and human review decisions. (See our guide to what HIPAA compliance means for AI tools.)

Prepare for 2027. The full electronic API infrastructure arrives January 1, 2027. Practices that build PA-ready workflows now — structured documentation, clean ordering patterns, EHR-integrated tools — will plug into those APIs smoothly. Those that wait will scramble.

Track gold-carding opportunities. Ask your major payers whether they offer gold-card programs and what it takes to qualify. Reducing PA requirements entirely beats automating them.

What to ask AI prior authorization vendors

If you're evaluating tools:

1. Are you provider-side or payer-side? Make sure you're buying a tool you can actually deploy, not one you'd access through payers.
2. Does it work inside my EHR, or require a separate portal? Embedded is dramatically better.
3. How many payers' rules do you maintain, and are mine included? Payer coverage varies widely.
4. Do you handle medical PA, pharmacy PA, or both? Some tools do only one.
5. How do you handle documentation gaps? The best tools flag missing documentation before submission.
6. What's your human-in-the-loop design? Understand which cases get human review.
7. Are you SOC 2 Type II certified and FHIR Da Vinci PAS-ready for the 2027 transition? Future-proofing matters.
8. What's your pricing model? Some vendors use outcome-based pricing (you pay for approved authorizations); others use flat enterprise SaaS.

The bottom line

Prior authorization remains the most frustrating administrative burden in medicine, but 2026 is a genuine turning point. The CMS-0057-F rule is forcing payers to decide faster, explain denials, and build electronic infrastructure. AI tools are automating the provider side — catching PA requirements at the point of prescribing, flagging documentation gaps before denials, and cutting workflow time dramatically. And gold-carding offers a path to reducing PA requirements outright for high-performing practices.

None of this eliminates prior authorization. The honest framing is that the process is becoming faster and less manual, not disappearing. The arms race between payer AI and provider AI is real, and AI makes a broken process more efficient without fixing its root cause.

But faster and less manual is a real improvement over the status quo of faxes, phone calls, and week-long waits. For practices with meaningful PA volume, the combination of the new payer timelines and a provider-side AI tool can recapture a significant share of the 13 hours a week physicians currently lose to this process — and, more importantly, reduce the care delays that harm patients. The practices that prepare their workflows now, before the 2027 API requirements land, will be the ones that capture the most benefit.

For a directory of AI prior authorization tools and other healthcare AI software — with compliance details and practice-size suitability — see our AI Prior Authorization use case page and our full directory.

This article is informational only and does not constitute legal, compliance, or procurement advice. Regulatory requirements and vendor capabilities change frequently. Always verify current CMS requirements, vendor compliance, and EHR compatibility directly with authoritative sources and vendors before making decisions.