What CMS Audits Add to Prior Authorization Transparency
Prior authorization transparency created a public record of what health plans report about their own decision-making. Denial rates, approval rates, appeal outcomes, and decision timelines are now part of the data environment. But payer-reported metrics are not the only public record that matters. CMS audits and Corrective Action Plans introduce a separate form of visibility: not what a plan reported about itself, but what regulators reviewed, questioned, cited, and required the plan to correct.
A Denial the Plan Had to Defend
In a conversation with a healthcare operations leader who has been through multiple Medicare Advantage audits, one example stood out: during a CMS audit, a plan was questioned for denying a hospital admission for an 82-year-old patient with multiple comorbidities. CMS marked the denial as a citation.
The case is useful because it makes the audit process more concrete. In public prior authorization reporting, a denial enters the data as part of an aggregate count. During an audit, the denial can become something else. CMS can examine the facts around the decision, ask why the plan denied the admission, and evaluate whether the denial was handled appropriately under the applicable requirements.
That distinction matters because Medicare Advantage populations include older and medically complex members. A hospital admission denial for an 82-year-old patient with multiple comorbidities is not only a utilization management decision in the abstract. It is a decision attached to a specific clinical situation, and in an audit setting, the plan may have to defend how that decision was made.
What Happens After a Citation
The citation was not the end of the issue. According to the operations leader, corrective actions had to be put in place after the audit finding, and CMS continued tracking the issue afterward.
That is where Corrective Action Plans become important. A CAP is not just a retrospective note that something went wrong. It can require the plan to address the issue, change internal processes, and demonstrate that the problem is being corrected. The audit finding can therefore become part of an ongoing regulatory process rather than a single isolated event.
This also changes how prior authorization performance can be evaluated. A reported denial rate may identify the volume or frequency of decisions. A citation and CAP history may identify where CMS found a compliance concern significant enough to require correction. Those are different forms of evidence, and they answer different questions.
Why Enforcement History Matters
Prior authorization reporting is based on plan-submitted data. CMS audits operate differently. They involve regulatory review of whether plans complied with program requirements, and the operations leader noted that CMS often knows exactly where plans tend to struggle. That is not incidental. It suggests audits are informed by known problem areas, not random selection alone, and that regulators arrive with a working understanding of where compliance problems tend to cluster.
That makes enforcement history a potentially important context for payer analysis. A plan’s published prior authorization metrics describe its reported activity during a period. Audit findings and CAPs describe where CMS required the plan to correct conduct or process failures. A high denial rate is not automatically proof that a plan is acting improperly. A low denial rate is not automatically proof that a plan is operating well. But if a plan reports a certain denial rate and there is a separate record of CMS concern, audit findings, or corrective action in related areas, those records are worth reading together, even if one does not directly explain the other.
Payer-reported data and CMS enforcement records come from different processes. Reading them together may offer a more complete view than either source can provide alone. As prior authorization transparency expands, the next challenge is not only collecting the numbers. It is determining which other public records help explain the environment those numbers came from.
The Prior Auth Report launches in late July with ongoing analysis of payer behavior, workflow burden, and the operational patterns emerging underneath prior authorization transparency data. If you want structured analysis delivered directly to your inbox as this reporting landscape evolves, the newsletter waitlist is below.