Skip to main content

Authorization Management - Technical Specification

Prior authorization and service approval system

Purpose

The Authorization Management module handles the pre-approval of medical services for legal cases. Every appointment, service, treatment, and procedure requires an authorization number linked to the legal case. The system features an auto-approval backend service for Dates of Service (office visits) while managing complex authorization rules for specialized services. This module ensures services are approved before delivery and tracks utilization against authorized limits.

Key Concepts

TermDefinition
AuthorizationPre-approval for medical services
Authorization NumberUnique identifier for each authorization
Auto-ApprovalAutomatic authorization for routine services
DOS (Date of Service)Office visit dates that are auto-approved
Authorization PeriodValid date range for the authorization
Units/VisitsNumber of services authorized
UtilizationActual usage against authorized amount
Prior AuthorizationApproval required before service delivery
Retro AuthorizationApproval granted after service (exception)
Authorization StatusCurrent state (Approved, Pending, Denied, Expired)

User Roles

RoleDescriptionPermissions
Authorization SpecialistManages authorization requestsFull CRUD
Medical DirectorReviews complex authorizationsApprove, Deny
Case ManagerRequests authorizationsCreate, Read
ProviderViews authorizationsRead only
Claims ProcessorValidates auth for claimsRead only
System AdministratorSystem configurationAll permissions

Field Documentation - Authorization Entity

Field NameTypeRequiredDescriptionValidation RulesRelated Entity
IDStringYesUnique authorization IDAuto-generated CUIDPrimary Key
Authorization NumberStringYesHuman-readable auth numberFormat: AUTH-YYYY-XXXXXXX, unique-
Legal CaseLegalCaseYesAssociated legal caseMust be active caseLegalCase
PatientPatientYesPatient receiving servicesMust match case patientPatient
MRNStringYesMember Registration NumberFrom legal case-
Requesting ProviderClinicalProviderNoProvider requesting authValid providerClinicalProvider
Authorized ProviderClinicalProviderYesProvider authorized to renderMust be activeClinicalProvider
Authorized VendorVendorYesVendor authorizedMust be activeVendor
Service LocationVendorLocationNoSpecific location authorizedValid vendor locationVendorLocation
Authorization TypeStringYesType of authorizationEnum: Initial Eval, Follow-up, Therapy, Imaging, Surgery, DME, Other-
Service CategoryStringYesCategory of serviceEnum: Medical, Therapy, Diagnostic, Surgical, Equipment-
CPT CodesStringNoSpecific CPT codes authorizedComma-separated CPT codes-
Service DescriptionTextYesDescription of authorized servicesMax 1000 chars-
Units AuthorizedIntegerYesNumber of units/visitsPositive integer (1-999)-
Units UsedIntegerYesUnits consumedCalculated field, >= 0-
Units RemainingIntegerYesUnits availableCalculated: Authorized - Used-
Authorization Start DateDateTimeYesAuthorization effective dateCannot be before case start-
Authorization End DateDateTimeYesAuthorization expirationMust be after start date-
Date RequestedDateTimeYesWhen auth requestedAuto-set on creation-
Date ReviewedDateTimeNoWhen auth reviewedSet on status change-
Reviewed ByUserNoUser who reviewedValid user IDUser
Authorization StatusStringYesCurrent statusEnum: Pending, Approved, Denied, Expired, Cancelled-
Status ReasonStringNoReason for statusRequired for Denied-
Denial ReasonStringNoSpecific denial reasonRequired if Denied-
Auto ApprovedBooleanYesWas auto-approvedDefault false-
Auto Approval ReasonStringNoWhy auto-approvedSet by auto-approval engine-
PriorityStringYesRequest priorityEnum: Routine, Urgent, Emergency-
Clinical NotesTextNoClinical justificationMax 5000 chars-
Diagnosis CodesStringYesICD-10 codesComma-separated, valid ICD-10-
Medical NecessityBooleanYesMedically necessaryDefault true-
TPA Review RequiredBooleanYesNeeds TPA reviewFrom contract rules-
TPA Review StatusStringNoTPA review outcomeEnum: Pending, Approved, Denied-
TPA Review DateDateTimeNoWhen TPA reviewedIf TPA required-
TPA Reference NumberStringNoTPA tracking numberFrom TPA system-
Estimated CostDecimalNoEstimated service costPositive decimal-
Actual CostDecimalNoActual cost from claimsSum of related claims-
Related AuthorizationAuthorizationNoParent/related authFor extensions/modificationsAuthorization
Extension OfAuthorizationNoOriginal authorizationFor extensionsAuthorization
Modified FromAuthorizationNoPrevious versionFor modificationsAuthorization
RetroactiveBooleanYesApproved after serviceDefault false-
Retroactive ReasonStringNoWhy retro approvedRequired if retroactive-
Notification SentBooleanYesProvider notifiedDefault false-
Notification DateDateTimeNoWhen notifiedSet when sent-
AttachmentsDocument[]NoSupporting documentsMedical records, notesDocument (1:Many)
Created AtDateTimeYesCreation timestampAuto-generated-
Updated AtDateTimeYesUpdate timestampAuto-updated-
Created ByUserYesCreating userValid user IDUser
Updated ByUserYesUpdating userValid user IDUser
AppointmentsAppointment[]NoRelated appointments-Appointment (1:Many)
ClaimsClaim[]NoRelated claims-Claim (1:Many)

Workflows

Authorization Request Workflow

  1. Request Initiation

    • Select legal case
    • Verify patient eligibility
    • Choose service type
    • Select provider/vendor

  2. Service Details

    • Specify CPT codes or service description
    • Set number of units/visits
    • Define authorization period
    • Add clinical justification

  3. Auto-Approval Check

    • Check if service qualifies for auto-approval
    • Office visits (E&M codes) → Auto-approve
    • Initial evaluations → Auto-approve
    • Other services → Manual review

  4. Manual Review Process

    • Route to appropriate reviewer
    • Check medical necessity
    • Verify against guidelines
    • Review clinical notes

  5. Decision

    • Approve with conditions
    • Deny with reason
    • Request additional information
    • Refer to Medical Director

  6. Notification

    • Generate authorization number
    • Notify provider
    • Update case record
    • Send to patient if required

Auto-Approval Engine Workflow

  1. Service Evaluation

    IF service_type = 'Office Visit' AND provider_valid THEN
       Auto-approve
    ELSE IF service_type = 'Initial Evaluation' AND first_visit THEN
       Auto-approve
    ELSE IF cpt_code IN auto_approve_list THEN
       Auto-approve
    ELSE
       Manual review required

  2. Automatic Processing

    • Validate provider credentials
    • Check case status
    • Verify service parameters
    • Generate authorization number
    • Set appropriate limits

  3. Audit Trail

    • Log auto-approval reason
    • Record decision criteria
    • Track approval pattern
    • Monitor for abuse

Utilization Tracking Workflow

  1. Appointment Booking

    • Link appointment to authorization
    • Decrement available units
    • Check remaining balance
    • Alert if near limit

  2. Claim Processing

    • Match claim to authorization
    • Verify DOS within auth period
    • Update units used
    • Calculate remaining

  3. Extension Process

    • Monitor utilization
    • Alert at 80% usage
    • Process extension request
    • Link to original auth

Retroactive Authorization Workflow

  1. Exception Request

    • Document emergency/urgent situation
    • Provide clinical justification
    • Explain why prior auth not obtained
    • Submit supporting documentation

  2. Review Process

    • Verify emergency criteria
    • Check medical necessity
    • Review documentation
    • Make determination

  3. Approval/Denial

    • If approved, generate retro auth number
    • Link to existing claims
    • Document exception reason
    • Update financial records

Business Rules

Auto-Approval Rules

  • Office visits (CPT 99201-99215) auto-approved
  • Initial evaluations auto-approved (first visit only)
  • Maximum 12 office visits auto-approved per case
  • Auto-approval only for credentialed providers
  • DOS must be within case active period

Authorization Limits

  • Maximum authorization period: 6 months
  • Maximum units vary by service type:
    • Office visits: 12 per auth
    • Physical therapy: 24 visits
    • Chiropractic: 12 visits
    • Imaging: As specified
  • Extensions require new authorization

Validation Rules

  • Provider must be credentialed
  • Service must be within scope of practice
  • DOS cannot precede authorization start
  • Cannot exceed case financial limits
  • Diagnosis must support service

TPA Requirements

  • TPA review required based on contract
  • Certain CPT codes always need TPA
  • Dollar thresholds trigger TPA review
  • TPA decision is binding
  • TPA turnaround: 3 business days

Integrations

SystemIntegration TypePurpose
Legal Case ManagementDirect DatabaseCase validation
Provider ManagementDirect DatabaseProvider verification
Appointment SystemDirect DatabaseUtilization tracking
Claims ProcessingDirect DatabaseAuthorization validation
TPA SystemsAPI/EDIExternal review
Notification SystemEmail/FaxProvider notifications
Document ManagementFile SystemAttachment storage

Common Issues

IssueDescriptionResolution
Units ExceededService exceeds authorized unitsRequest extension
Expired AuthorizationDOS after expirationRetroactive auth or extension
Provider MismatchDifferent provider than authorizedUpdate authorization
Missing AuthService without authorizationCreate retro auth
TPA DelaysTPA review taking too longEscalation process

Screenshots Needed

  • Authorization Request Form
  • Auto-Approval Configuration
  • Authorization Search Grid
  • Authorization Detail View
  • Utilization Tracking Dashboard
  • Review Queue Interface
  • Extension Request Form
  • Retroactive Auth Wizard
  • TPA Review Status
  • Provider Notification Template

Performance Considerations

  • Auto-approval must be instant
  • Authorization lookup sub-second
  • Utilization calculation real-time
  • Bulk authorization processing
  • Historical auth data archival

Security Considerations

  • PHI protection for clinical notes
  • Audit trail for all decisions
  • Role-based approval limits
  • Provider access restrictions
  • Financial limit enforcement

Notes

  • Auto-approval rules configured per payer
  • Authorization numbers are sequential per year
  • Extensions maintain original auth number with suffix
  • TPA integration requirements vary by contract