What is the 72-hour rule for Medicare Advantage?

MA plans must respond to expedited prior authorization requests within 72 hours. Expedited requests are used when a physician determines that standard authorization timelines may jeopardize the patient's health.

Can MA plans use artificial intelligence to deny prior authorizations?

No. MA plans cannot issue denial decisions based solely on artificial intelligence without human clinical review. All denials require documented human review by a qualified clinician with relevant medical expertise.

Medicare Advantage Prior Authorization Rules

What Are Medicare Advantage Prior Auth Rules

Medicare Advantage prior authorization rules, mandated by CMS-0057-F, establish strict timelines for approval decisions and require human clinical review. MA plans must respond to expedited requests within 72 hours and standard requests within 7 days. Plans cannot issue denials based solely on artificial intelligence; all decisions require documented review by a qualified clinician. Digital APIs must become operational by January 2027, enabling real-time authorization across healthcare systems.

Who It Affects

Medicare Advantage plans, medical review departments, clinical nurse reviewers, utilization management staff, and physicians all face these requirements. Patients depend on timely authorizations to access needed care. Hospital systems, specialty practices, and ambulatory surgery centers must submit requests through compliant channels. Administrative staff must track authorization timelines and escalate delayed decisions. Healthcare networks must integrate with plan APIs for seamless authorization exchange.

Key Requirements

Respond to expedited prior authorization requests within 72 hours
Respond to standard prior authorization requests within 7 days
Assign all authorization decisions to a qualified clinician for review
Do not issue denials based on artificial intelligence alone
Document the clinical reviewer's credential and specialty
Implement digital prior authorization APIs by January 1, 2027
Support FHIR-standard data exchange for authorization requests
Issue electronic notification of authorization decisions to providers and patients

Timeline and Enforcement

CMS-0057-F digital prior authorization requirements became effective January 1, 2026. Plans must transition to FHIR APIs by January 1, 2027. CMS enforces compliance through audits, plan oversight, and third-party verification. Non-compliance results in corrective action plans, potential enrollment suspension, and civil monetary penalties. State insurance departments review MA plan authorization performance in annual compliance audits.

How to Comply

Establish expedited and standard authorization request pathways with clear identification criteria
Train clinical reviewers on 72-hour and 7-day decision timelines
Implement metrics to track authorization decision timeliness
Ensure all denials include documented clinical reviewer credentials and rationale
Eliminate automated AI-only decision systems from authorization workflows
Partner with IT vendors to develop FHIR-compliant API infrastructure
Test API functionality with major healthcare system partners before January 2027
Monitor authorization performance through metrics dashboards and audit trails

Frequently Asked Questions

What distinguishes expedited from standard authorization?

Expedited authorization applies when a provider certifies that standard timelines may jeopardize patient health. Examples include urgent surgeries, life-threatening conditions, and emergency care. Standard authorization applies to all other services.

Who qualifies as a "qualified clinician" for authorization review?

A qualified clinician typically means a physician, nurse practitioner, or physician assistant with relevant specialty expertise related to the authorization request. The reviewer's credentials must be documented with the authorization decision.

What happens if an MA plan misses the 72-hour deadline?

Requests approved after 72 hours still require documentation of the delay. CMS considers repeated timeline violations a compliance concern, potentially triggering corrective action requirements and plan oversight.

Related Resources

CMS-0057-F Rule | Prior Authorization Rules | CO-197 Not Authorized | CO-50 Service Denied

Optimize your MA authorization workflows with Altair's compliance tools.

Get Started

This content is provided for informational purposes only and does not constitute legal or compliance advice. Consult with your medical review and compliance teams regarding specific authorization requirements. Altair by S7 Lab is not responsible for changes in CMS rules or their interpretation.