Health insurance prior authorization: how it works and how to fight it

Quick answer: Prior authorization (prior auth) is approval you must get from your insurer BEFORE receiving certain medical services. Without it, the insurer can deny the claim. Your doctor requests it; your insurer decides. If denied, you have a right to appeal, and most denials that get appealed are overturned. The Consolidated Appropriations Act of 2024 set new deadlines: 72 hours for urgent requests and 7 days for routine requests (effective for most plans in 2026).

Prior authorization exists because insurers want review authority over high-cost or frequently misused services before they commit to paying for them. From a patient perspective, it creates delays, paperwork, and sometimes denial of medically necessary care. Understanding how it works -- and knowing your appeal rights -- reduces its impact significantly.

What requires prior authorization

Prior authorization requirements vary by plan and change annually. Common categories requiring prior auth in 2026:

Specialist referrals (HMO plans): Referral from your primary care physician to a specialist is the most common prior auth trigger in HMO networks.

Elective surgery: Most non-emergency surgeries -- joint replacement, hernia repair, hysterectomy, cataract removal -- require prior authorization. Even procedures your doctor considers medically necessary need insurer approval.

High-cost imaging: MRI, CT scans, and PET scans frequently require prior auth, particularly for non-emergency presentations.

Brand-name prescription drugs: Step therapy requirements (trying a lower-cost generic first) and formulary prior auth apply to many brand-name and specialty medications.

Inpatient hospital admission: Planned inpatient stays often require prior auth; emergency admissions typically have a post-admission notification requirement instead.

Durable medical equipment (DME): Wheelchairs, CPAP machines, insulin pumps, and similar equipment require prior auth.

Behavioral health services: Intensive outpatient programs, partial hospitalization, and residential treatment for mental health and substance use commonly require prior auth.

Procedures your plan considers "experimental": Any procedure not yet widely established as standard of care may be flagged for review.

To find out specifically what requires prior auth under your plan, check your Summary of Benefits and Coverage or call your insurer's prior authorization line.

How the prior auth process works

1. Your doctor or their staff submits the request. This is not your responsibility as a patient, though you may need to ensure your provider submits it. The submission includes clinical notes, diagnosis codes, the proposed procedure or medication, and supporting documentation.

1. The insurer assigns a reviewer. For routine requests, a nurse or clinical reviewer evaluates the submission. Complex cases may go to a physician reviewer.

1. Decision timeline (2026 rules): Under new federal rules, insurers must respond within 72 hours for urgent cases and 7 calendar days for standard requests. Many state laws require faster turnaround.

1. Approved: The insurer issues an authorization number. Keep this number -- it is required for claim processing.

1. Denied or modified: The insurer denies the specific procedure or approves a less costly alternative. You receive written notice with the specific reason for denial and your appeal rights.

Reading the denial letter

Denial letters are written in insurance language but must include:

• The specific clinical reason for denial
• The clinical guideline or coverage determination used
• Your right to an internal appeal
• Your right to an independent external review (after exhausting internal appeals)
• The deadlines for filing each type of appeal

Keep the denial letter. The specific denial code and stated reason are the foundation of your appeal.

How to appeal a prior auth denial

Internal appeal (required first step):

Your insurer must review your appeal under a fresh set of eyes. Get your doctor to write a letter of medical necessity -- this is different from the initial submission and should directly address the denial reason point by point. Reference specific clinical guidelines (the same ones the insurer cited, or different ones). If your insurer denied based on "not medically necessary," your doctor's letter should cite the clinical guidelines that support the necessity.

Appeals succeed approximately 40-60% of the time when supported by substantive medical documentation.

Expedited appeal: For urgent situations (denial of care that, if not provided promptly, could cause serious harm), you can request an expedited internal appeal. Insurers must respond within 72 hours.

External review:

If your internal appeal is denied, you have the right to request an independent external review -- a review by a physician or clinical expert with no financial connection to your insurer. Under the ACA, external review decisions are binding on the insurer.

External review is the most powerful tool patients have against prior auth denials. Studies show external reviewers overturn insurer denials at rates of 40-60% depending on service type. If the care is medically important to you, use it.

State insurance department complaint:

If the insurer violates the timeline requirements or the process, file a complaint with your state insurance department. State regulators take timeliness violations seriously.

New 2026 rules: CMS prior authorization requirements

The Centers for Medicare and Medicaid Services (CMS) finalized rules requiring health plans to:

• Send prior auth decisions within 72 hours for urgent requests and 7 calendar days for standard requests
• Include specific reasons for denials in plain language
• Accept electronic prior auth requests via standardized API by January 2027
• Report prior auth metrics publicly (approval rates, denial rates, appeal overturn rates)

These rules apply to most commercial plans. Check whether your specific plan is covered.

For understanding your overall policy coverage and what services are excluded, see insurance policy exclusions and what does my insurance actually cover.

Frequently asked questions

Can I get prior authorization myself, or does my doctor need to do it?

Your doctor or their office must submit the prior authorization request -- it requires clinical documentation, diagnosis codes, and provider credentials that you do not have access to. Your role is to make sure your doctor knows that prior auth is required before the procedure is scheduled and to confirm the request has been submitted.

What happens if I have an emergency and cannot get prior auth first?

Emergency services cannot require prior authorization for stabilizing care. If you receive emergency care, your insurer must cover it at in-network rates regardless of whether prior auth was obtained. Most plans require notification within 24-48 hours of an emergency admission.

What if my doctor says prior auth is not required but the insurer denies the claim?

This is a documentation dispute between your provider and insurer. Your doctor can submit a retroactive authorization request with clinical justification. If denied, you can appeal. Your provider may also be willing to appeal on your behalf or waive the charge if the authorization failure was their error.

How long does prior authorization last?

Authorization approvals expire. Most authorizations for procedures are valid for 90-180 days; medication prior auths may be valid for 1 year. If the procedure or prescription is not used before the expiration, you need to obtain a new authorization.

Can my insurer revoke a prior authorization it already granted?

Technically, under the ACA's anti-rescission rules, an insurer generally cannot retroactively rescind a prior authorization for services already provided in good faith reliance on the authorization. Prospective revocation (before services are provided) can happen with advance notice. If your insurer attempts to retract prior authorization retroactively after you have received care, that is a potential ACA violation.

Paste your health insurance policy into ReadMyPolicy to understand what prior authorization requirements apply to your plan.