Case study · Healthcare

Top-10 health system halves prior-auth backlog.

A clinician-in-the-loop agent assembles PA packets from Epic via FHIR, checks payer rules, and drafts submissions, entirely inside a HIPAA-aligned environment, with the clinician approving every submission before it leaves.

50%

prior-auth backlog reduction

< 2 days

median PA turnaround (was 4)

HIPAA

BAA executed; PHI never leaves environment

100%

clinician-approved before submission

The problem

Prior auth: the work everyone hates and no one can skip.

A top-10 US health system was watching prior-authorization workload eat into clinician productivity, patient experience, and payer-relationship health. Each PA required pulling clinical notes from Epic, locating the relevant payer policy, assembling a packet (history, supporting labs, medical necessity language), drafting a submission in the payer's preferred format, sending it, and tracking the response. Volume was high, the work was variable, and the median turnaround had drifted to four days. Patients were waiting; clinicians were resentful; the PA staff was burning out.

The constraint that ruled out most off-the-shelf solutions: PHI cannot leave the health system's environment. Whatever the agent looked like, it had to run inside the HIPAA-aligned perimeter. No SaaS-to-OpenAI flows. No "we'll de-identify and ship it out." Real PA work touches real PHI by nature.

The approach

A clinician-in-the-loop agent that does the assembly, not the approving.

The agent's scope was explicit: do the data-assembly, payer-policy-check, and drafting work; never make the clinical decision. A clinician reviews every submission, edits if needed, and approves before anything goes to a payer. The agent shortens the path from "need a PA" to "ready to sign"; the clinician still holds the pen.

  • Workflow trigger. A clinician orders a procedure that triggers PA; the agent activates in the EHR-adjacent UI without leaving the clinician's workspace.
  • Data assembly. Pulls the relevant clinical history, recent imaging and lab results, prior-treatment trajectory, and medical-necessity language from the chart via Epic's FHIR endpoint. PHI handling per BAA.
  • Payer-rule lookup. Cross-references the patient's coverage and the procedure code against a maintained corpus of payer policies. Surfaces which criteria need to be met and which documentation supports them.
  • Submission draft. Generates the PA submission in the payer's preferred format, with each clinical assertion cited back to the source note or result.
  • Clinician approval gate. The packet, draft, and citations are presented to the ordering clinician for review. The clinician edits if needed, approves, and submits.

Architecture

  • LLM gateway. Anthropic Claude via AWS Bedrock in a HIPAA-eligible region, inside the health system's own AWS account. BAA in place with AWS; no model-provider data flow.
  • EHR integration. Read-only Epic FHIR endpoints with appropriate SMART-on-FHIR scopes; write operations go through Epic's standard order-entry interface so the audit trail lives where compliance expects it.
  • Payer-policy corpus. Maintained library of payer medical-policy documents (~200 top payers, ~2,000 procedure-specific policies), vector-indexed with Postgres + pgvector, updated weekly.
  • PHI controls. Per-clinician scoping; de-identification not used (it's not the right answer for prior auth); audit log captures every chart access with reason-for-access.
  • Eval harness. Versioned test set of historical PA cases with known outcomes, scored on draft quality and citation accuracy. Reviewed monthly by the PA director.

The result

Median turnaround under 2 days; backlog cut in half.

Median prior-auth turnaround dropped from 4 days to under 2. Backlog reduced by approximately 50% in the first three months of full rollout. Clinician sentiment moved measurably in the right direction in the post-launch survey, partly because the PA work that did still require their attention took meaningfully less time, and partly because the patient-experience knock-on of faster authorizations reduced inbound complaints.

Two operational changes mattered as much as the time savings:

  • Denials dropped. First-pass approval rates went up because the drafts assembled by the agent were more consistently complete, every cited assertion linked to a chart artifact, every payer-criterion explicitly addressed.
  • Appeals got faster. When a payer did push back, the original packet's citations and reasoning gave the appeal team a head start.

Patterns worth stealing

  • For PHI workflows, "data never leaves" isn't a feature, it's the architecture. Pick the model gateway (Bedrock HIPAA-eligible regions, Azure OpenAI in HIPAA-aligned accounts, or open-weight in-VPC) first. Everything else follows from that.
  • Citations make clinician approval fast. When every assertion in the draft links to its chart source, the clinician's review is "is the chart right and is the logic right", not "do I trust this synthesized claim." That's a different review entirely.
  • Don't replace the EHR's audit trail. Write through the EHR's normal interfaces. The system of record stays the system of record; the agent is an upstream drafter, not a parallel actor.

Prior auth, intake, documentation, or care coordination on your roadmap?

The clinician-in-the-loop pattern generalizes. We'll walk through the HIPAA-aligned deployment options for your specific environment before we ever quote.

Start a Conversation