The Countdown to 72/7: How Plans Can Prepare for the 2026 Prior Authorization Deadlines

For years, prior authorization (PA) has been a symbol of healthcare’s administrative drag. Providers fax requests, chase approvals, and wait days—or weeks—for decisions. Patients, meanwhile, bear the cost of delay: disrupted treatment plans, postponed surgeries, and in some cases, preventable harm.

That status quo will not survive 2026.

Under CMS’s Interoperability and Prior Authorization Final Rule (CMS-0057-F), payers must meet strict turnaround standards: urgent requests decided within 72 hours, and standard ones within seven calendar days. For an industry accustomed to workflows that stretch far beyond those timelines, this represents a fundamental shift. The countdown has begun.

What’s Really at Stake

At its core, the new mandate is about more than speed. It’s about rebalancing the relationship between patients, providers, and payers. Physicians have long argued that PA undermines clinical autonomy and delays necessary care. Nearly 90% of physicians say prior authorization leads to care delays, and more than one in four report that it has led to serious adverse events—including hospitalizations.¹

By imposing the 72/7 standard, CMS is forcing payers to move from reactive, paperwork-heavy systems to real-time, digital workflows. Failure to adapt is not just a compliance risk—it’s a reputational one. Every denial, every delay, and every approval rate will soon be publicly visible. Members and providers will know which plans meet expectations and which fall short.

The Operational Challenge

For payers, the challenge is not theoretical — it’s operational. Prior authorization remains one of the most resource-intensive processes in healthcare, requiring armies of staff and expensive workflows to manage intake, clinical review, documentation, and appeals. Large national plans process millions of requests annually, with even modest inefficiencies magnified at scale into significant costs and compliance risks.

Recent analysis underscores the stakes. According to The Costly Lever of Prior Authorization, the average manual PA transaction costs payers $3.52 each; however, a fully electronic PA transaction costs a payer $0.05.² Multiplied across tens or hundreds of thousands of PAs per year, that difference becomes millions in needless administrative spend. Meanwhile, a Milliman study in Massachusetts estimated that reducing or eliminating PA for certain services could meaningfully reduce allowed costs for payers in commercial and Medicaid markets.³

The interlocking challenges can be summed up as:

1. Volume at scale — Processing millions of requests annually means even small workflow delays or manual-intensive steps can push plans past CMS’s 72-hour and 7-day limits, or inflate admin costs significantly.

2. Complexity of cases — Many requests require extensive documentation across multiple systems; manual routing, appeals, and follow-ups add both time and cost.

3. Transparency pressures — Starting in 2026, plans must not only meet deadlines but also publish performance data. Missed timelines or unclear denials will quickly erode trust with regulators, providers, and members. Public reporting would also expose costs and inefficiencies to scrutiny.

In other words: compliance with the rule is table stakes. Execution — at speed, at scale, and under public scrutiny — is existential.

Technology Is Necessary, but Not Sufficient

The 72/7 mandate is often framed as a technology problem: build APIs, adopt FHIR standards, automate intake. And while these are critical, technology alone won’t close the gap. The deeper challenge is aligning people, processes, and policy around new ways of working.

Consider intake. Optical character recognition (OCR) can digitize clinical documents, and natural language processing (NLP) can extract relevant details. But unless review workflows are redesigned to integrate those insights—triaging straightforward cases for auto-approval, surfacing complex ones for clinical review—the gains will be marginal.

Similarly, APIs enable real-time data exchange, but if provider portals remain clunky or staff training is neglected, friction will persist. As with most transformations, the bottleneck is rarely the tool. It’s the adoption.

The Strategic Imperative

The countdown to 72/7 is more than a compliance deadline; it’s a strategic forcing function. Plans that embrace it can reposition themselves as faster, more transparent, and more provider-friendly. Those that resist risk being labelled as laggards in a market where provider trust is already fragile.

The logic is straightforward:

• Faster approvals reduce provider friction, leading to stronger networks and fewer out-of-network escalations.

• Clear, consistent denials minimize appeal rates and litigation risk.

• Transparent performance reporting builds member confidence at a time when health plan trust lags behind most other industries.

Seen through this lens, the rule is not just a regulatory burden. It’s an opportunity to differentiate.

Turning Deadline into Advantage

So how can payers get from here to 2026 without stumbling? The path forward involves four priorities:

• Automate intake at scale – Replace manual data entry and faxes with OCR, NLP, and API-driven submissions. Free staff to focus on clinical judgment rather than paperwork.

• Embed clinical intelligence – Use AI/ML models to summarize records, flag missing information, and suggest next steps. Ensure final decisions remain clinician-led but accelerated.

• Redesign workflows – Build parallel processing models that can handle both high-volume routine cases and complex exceptions without bottlenecks.

• Invest in transparency tools – Create dashboards to track turnaround times, denial reasons, and approval rates in real time—before CMS and the public do.

Plans that integrate these capabilities will not only meet CMS deadlines but also reduce administrative waste, strengthen provider relations, and improve member experience.

The Bottom Line

The 72/7 mandate is coming fast. By January 2026, every payer will be judged not just by regulators but by the providers and patients who experience the impact of their decisions. Compliance will be visible. Delays will be public. And excuses will no longer be tolerated.

The question for payer CEOs is not whether they can meet the letter of the rule. It’s whether they can seize the spirit of it—to turn regulatory pressure into strategic advantage.

At Mizzeto, we help payers do exactly that. Our platform combines intelligent intake automation that cuts manual review times with clinical AI integration that surfaces the right insights for faster, more accurate decisions. We also build real-time dashboards that track turnaround performance against CMS benchmarks, ensuring plans don’t just meet the 72/7 mandate but prove it with data. From streamlining utilization management workflows to enabling secure, scalable data exchange, our solution OS designed to move payers beyond compliance into true operational advantage. The 72/7 clock is ticking. The time to act is now.

‍

SOURCES

1. 2024 AMA Prior Authorization (PA) Physician Survey
2. The Costly Lever of Prior Authorization
3. Potential Impacts on Costs and Premiums Related to the Elimination of Prior Authorization Requirements in Massachusetts

For decades, prior authorization has been the blunt instrument of utilization management. Every MRI, infusion, or elective surgery required the same gatekeeping, regardless of whether the ordering physician had a spotless track record or a history of questionable requests. The result : clogged pipelines, overworked nurses, and exasperated providers who felt they were being second-guessed at every turn.

Now, momentum is building toward a different model. Under CMS reforms and state-level initiatives like Texas’s gold-card law, payers are experimenting with exemption programs that reduce or eliminate prior authorization requirements for high-performing providers.¹ The idea is straightforward: if a provider’s approval rates are consistently north of 90 percent, why waste administrative energy on rubber-stamping? By shifting clinical oversight to where it’s most needed, payers can cut friction while maintaining safeguards against overuse.

But the simplicity of the pitch belies the complexity of execution. For payer CEOs, the key question is not whether to gold-card providers — it’s how to design programs that are defensible, fair, and scalable in an increasingly transparent regulatory environment.

The Policy Push Behind Gold-Carding

The concept of exempting low-risk providers is not new, but the regulatory winds have shifted. In 2023, CMS’s proposed WISeR (Work to Improve Standardization of Prior Authorization Requirements) framework explicitly encouraged payers to consider differential authorization pathways based on provider performance.² At the same time, several states — led by Texas— passed laws requiring insurers to exempt physicians from prior authorization if they meet high approval thresholds.

CMS has also signaled that “burden reduction” is now a formal policy objective. In fact, in the 2024 Interoperability and Prior Authorization Final Rule, the agency underscored its intent to reduce unnecessary PAs while strengthening transparency and data sharing.³ For payers, this is not just an option — it’s a compliance expectation wrapped in a market imperative.

Redefining Utilization Management as Risk Distribution

At its core, gold-carding reframes UM from a one-size-fits-all process into a system of risk distribution. High-performing providers are effectively “trusted” to order without friction, while oversight is concentrated on outliers. The potential benefits are significant:

• Faster patient access to care.
• Reduced provider abrasion and administrative cost.
• Reallocation of clinical staff time toward complex, high-risk cases.

But with those benefits come risks. Exemptions, if poorly designed, can lead to unchecked overuse, uneven enforcement, and reputational blowback if patients or regulators perceive favoritism.

The Design Challenge: Fairness, Defensibility, Trackability

Building a gold-card program that stands up to scrutiny requires rigor on three fronts:

1. Fairness     → Criteria for exemption must be objective, transparent, and consistently applied. Approval rate thresholds should be clearly defined, risk-adjusted for patient mix, and re-evaluated regularly. Otherwise, payers risk accusations of bias or anticompetitive behavior.
2. Defensibility     → Every exemption policy must be anchored in data that can withstand audit. With CMS now requiring public reporting of prior authorization metrics, payers will need to demonstrate that exempted providers still meet quality and cost benchmarks.
3. Trackability     → Exemptions cannot be “set and forget.” Payers need real-time dashboards to monitor ordering patterns, detect drift in provider behavior, and quickly revoke exemptions if abuse emerges.

This is where technology becomes central. Without robust analytics and interoperable data systems, exemption programs risk becoming unmanageable at scale.

Providers Welcome It — With Caveats

Unsurprisingly, provider groups have pushed hard for gold-carding. The American Medical Association has called excessive prior authorization a leading driver of physician burnout, with 86 percent of physicians reporting that PA delays care.⁴ From the provider’s perspective, exemption is overdue recognition of clinical expertise.

Yet even among clinicians, there are concerns. Some worry that tying exemptions strictly to approval percentages may penalize those who care for complex, high-risk populations, where denials are more common. Others point out that exemption does not reduce documentation burden unless paired with true interoperability — otherwise, the paperwork just shifts downstream.

The Strategic Choice for Payers

For payer executives, the decision is less about whether to gold-card and more about how to do it without destabilizing UM. Key choices include:

• Scope: Which service categories are safe to exempt (e.g., advanced imaging) versus too costly or risky (e.g., oncology drugs)?
• Frequency: How often should exemption eligibility be reassessed — annually, quarterly, or in real time?
• Transparency: How much of the exemption logic should be shared with providers, regulators, or even members?

Handled well, gold-card programs can become a strategic differentiator — improving provider relationships, reducing administrative waste, and aligning with CMS’s burden-reduction agenda. Handled poorly, they risk accusations of lax oversight, cost overruns, and regulatory penalties.

The Bottom Line

Gold-carding is more than a provider-pleasing gesture. It is a rebalancing of clinical risk — away from the blanket suspicion of all orders and toward targeted oversight of outliers. For payers, the opportunity is clear: exemption programs can cut costs, ease provider friction, and demonstrate compliance with CMS’s call for smarter, less burdensome UM.

But success depends on execution. Exemptions must be grounded in transparent criteria, backed by auditable data, and monitored continuously. That requires more than policy — it requires technology.

At Mizzeto, we help payers build precisely these capabilities: advanced analytics for provider performance, interoperable dashboards to monitor exemptions in real time, and UM platforms that align compliance with efficiency. For payer CEOs navigating the shift, the choice is not whether to distribute clinical risk — it’s whether to do so with the infrastructure to make it sustainable.

SOURCES

1. FAQs on Preauthorization Exemptions (“Gold Card” Act)
2. CMS WISER Model
3. CMS Interoperability and Prior Authorization Final Rule
4. AMA Survey Highlights Growing Burden of Prior Authorization on Physicians, Patients

For more than a decade, the Affordable Care Act (ACA)marketplaces have been a proving ground for U.S. health coverage. Enrollment has grown steadily—reaching 21.4 million people in 2024, the highest ever recorded since the ACA’s passage in 2010, according to HHS data.¹ But growth has also drawn scrutiny. Are networks sufficient? Are subsidies sustainable? And are consumers being steered into plans that fit their needs, or into products that maximize broker commissions?

In April 2024, the Centers for Medicare & Medicaid Services (CMS) finalized the 2025 Marketplace Integrity and Affordability Rule, a sweeping regulation designed to tighten oversight of ACA plans. For payers active in this space, the rule is far more than a compliance exercise. It is a stress test of operational discipline, affordability strategy, and long-term reputation.

Understanding the Rule: Guardrails for Growth

At its core, the rule establishes new guardrails to protect members and restore public trust in ACA coverage. Among its most notable provisions:

• Network adequacy requirements are being strengthened, including time-and-distance standards for provider access.
• Agent and broker oversight is expanded, with CMS cracking down on misleading marketing and enrollment practices.
• Premium alignment and subsidy rules are clarified to prevent distortions from “silver loading” and other pricing maneuvers.
• Risk adjustment methodology is refined to limit gaming and improve fairness across plans.
• Special enrollment protections are broadened, particularly for vulnerable populations transitioning between coverage.

Together, these rules reflect a single objective: ensuring that ACA marketplaces are not only growing, but doing so in a way that is affordable, accessible, and trustworthy.

Implications for Payers

The immediate effect of the rule is to raise the baseline expectations for payers. Network adequacy, for instance, is no longer a matter of marketing claims—it will require demonstrable compliance with uniform national standards. That puts pressure on provider contracting, data accuracy, and real-time monitoring systems. Plans that have relied on narrow networks as a lever to control costs may find those models increasingly difficult to sustain.

Risk adjustment is another pressure point. The ACA marketplace has always depended on risk adjustment to stabilize competition and prevent cherry-picking of healthier members. CMS’s refinements signal that aggressive coding strategies—so familiar in Medicare Advantage—will not be tolerated in the same way here. Instead, payers will need to build risk adjustment approaches that are analytically rigorous, transparent, and audit-ready. That will require investment not just in analytics, but in governance and compliance infrastructure.

The new guardrails on agent and broker behaviour strike at the heart of distribution strategy. Complaints about misleading marketing have surged in recent years—more than 90,000 in 2023 alone, according to CMS data.² The new rule makes clear that CMS will not tolerate abusive practices. For payers, this means doubling down on compliance programs, tightening oversight of third-party distribution, and potentially investing in direct-to-consumer channels that reduce reliance on brokers altogether.

And then there is affordability. Subsidies remain the lifeblood of marketplace enrollment—according to Kaiser Family Foundation(KFF), as of 2025, 92% of ACA Marketplace enrollees receive a subsidy (Advanced Premium Tax Credit).³ But CMS’s new scrutiny of premium alignment and silver loading is a signal that creative pricing strategies are reaching their limits. CFOs will need to model subsidy flows with greater precision, ensuring that premiums are sustainable while remaining compliant with evolving federal rules.

Strategic Connections: More Than Compliance

Stepping back, the through line of this regulation is trust. CMS is asking payers to run their ACA business with the same operational rigor already expected in Medicare Advantage and Medicaid managed care. For executives, this has three interrelated consequences.

First, reputation management becomes inseparable from compliance. Marketplace plans are highly visible, and violations—whether inadequate networks or aggressive broker tactics—can quickly draw media and regulatory scrutiny. A lapse here is not just a legal risk; it is a brand risk.

Second, operational scalability is no longer optional. Stricter adequacy standards, enrollment oversight, and risk adjustment rules require infrastructure that can flex with growth. Manual workarounds may suffice for a few thousand members, but they will not withstand enrollment at the scale the marketplaces now represent.

Third, regulatory convergence is accelerating. What happens in ACA will not stay in ACA. CMS is deliberately harmonizing standards across programs, and the lessons learned in marketplace compliance will almost certainly shape the expectations for Medicare Advantage, Medicaid managed care, and even commercial exchange products. In other words, this rule is not just a one-off correction; it is a preview of where payer regulation as a whole is heading.

From Regulation to Strategy

For payer CEOs, the task now is not to build a compliance checklist but to seize the opportunity for long-term advantage. That means investing in provider data infrastructure to ensure that network adequacy can be demonstrated in real time, not after the fact. It means designing risk adjustment programs that can withstand audit without undermining competitive positioning. It means deploying analytics to model premium and subsidy interactions with precision, building pricing strategies that are resilient to regulatory change. And it means rethinking distribution oversight—not simply to police brokers, but to redesign member acquisition in ways that emphasize transparency and trust.

This is not just an operational mandate; it is a strategic one. The payers that embrace these changes will differentiate themselves not only in the ACA marketplace but across all lines of business. They will be seen as organizations that can scale growth while maintaining affordability, access, and compliance—qualities that regulators, providers, and members all increasingly demand.

The Bottom Line

The 2025 Marketplace Integrity and Affordability Final Rule is about more than patching gaps in oversight. It is CMS’s blueprint for a more consumer-centered insurance market—one where affordability, access, and transparency are non-negotiable. For payers, compliance is necessary, but it is not sufficient. The real opportunity lies in treating the rule as a catalyst: to clean up distribution, strengthen networks, and align pricing strategies with sustainable growth.

Payers who approach the rule narrowly, as a burden, will face mounting costs, reputational risk, and potential market exit. But those who meet it with vision will not only pass the integrity test; they will emerge stronger, with the infrastructure, credibility, and agility to lead in a converging regulatory environment.

At Mizzeto, we specialize in helping payers make that leap—from compliance to leadership. Our solutions in provider data management, risk adjustment analytics, and enrollment oversight are designed to help plans not just meet CMS requirements, but reimagine their core operations for resilience and growth.

The test of integrity is here. The question is not whether payers can comply, but whether they can transform.

SOURCES

1.  Nearly 24 million Consumers Have Selected Affordable Health Coverage in ACA Marketplace. With Time Left to Enroll

2. 2025 Marketplace Integrity and Affordability Final Rule | CMS

3. How much and why ACA Marketplace premiums are going up in 2026

Prior authorization has long been a symbol of administrative drag in U.S. healthcare—delaying care, frustrating providers, and increasing costs. Over 90 percent of U.S. physicians report that prior authorization causes delays in patient care—and nearly 90 percent say it contributes to professional burnout.¹ Now, a sweeping CMS rule finalized in 2024 is set to upend the status quo. The Interoperability and Prior Authorization Final Rule (CMS-0057-F)² doesn’t just mandate API adoption—it compels payers to reengineer how they handle requests, data, and transparency across the board.

The End of Manual Prior Authorization

For decades, prior authorization (PA) has relied on outdated methods—fax machines, phone calls, email threads—resulting in administrative waste and delayed care. In fact, nearly a quarter of U.S. physicians report that prior authorization has led to serious adverse events, including hospitalizations or life-threatening delays.³ The CMS rule marks the beginning of the end for these practices.

Announced in January 2024, CMS-0057-F mandates the adoption of modern, API-driven infrastructure to automate and streamline PA and health data exchange. The rule applies to:

• Medicare Advantage organizations

• Medicaid and CHIP (both FFS and managed care)

• Qualified Health Plans (QHPs) on the Federally Facilitated Exchanges

Commercial plans are not currently included; however, the rule is expected to influence broader industry standards over time.

What the Rule Requires: From Compliance to Capability

By January 1, 2027, payers must move from fragmented systems to a unified, API-driven infrastructure as required by CMS’s final rule. At the heart of this transition is the adoption of FHIR-based APIs, which will transform prior authorization from a manual, siloed process into an interoperable, fully digital workflow.

The rule mandates several APIs designed to create seamless data exchange across the healthcare ecosystem. Providers will be able to electronically submit prior authorization requests, check documentation requirements, and receive real-time updates or decisions—eliminating the need for faxes, phone calls, and disconnected portals. To further streamline care delivery, in-network providers must also be granted digital access to a patient’s claims, encounter, clinical, and prior authorization history—empowering them to make informed decisions at the point of care.

In addition, payers must support secure, automated data sharing both with other payers and with patients. When members switch plans, their clinical and prior authorization data must move with them, ensuring continuity of care without administrative delays. Patients themselves will benefit from expanded access to their own health and prior authorization data, promoting transparency and enabling them to engage more actively in their care decisions.

New Timelines. New Pressures.

The rule does not just digitize prior authorization—it accelerates it. Urgent requests must be resolved in 72 hours, standard requests within 7 calendar days. Every denial must include a specific, actionable reason. Additionally, beginning in 2026, payers must publicly post prior authorization metrics on their websites, such as approval/denial rates and average turnaround times. This means internal inefficiencies will soon be externally visible, putting reputational pressure on payers to perform.

These are not just technical deadlines; they are operational mandates that affect staffing, workflows, and long-term scalability.

A Mandate for Real Interoperability

Under the hood, this rule is about much more than prior auth. It is part of a larger federal push to tear down data silos and create a healthcare ecosystem that behaves more like a modern, digital industry.

Payers must not only modernize systems but also:

• Align with USCDI (U.S. Core Data for Interoperability)

• Integrate with provider EHR systems using SMART on FHIR

• Track and document clinical decision logic in structured, shareable formats

• Enable secure, permissioned data sharing with third-party apps and provider organizations

This is not plug-and-play IT. It is a strategic replatforming of how payers operate at their core.

The Risk of Falling Behind

Payers who approach this rule as a checkbox exercise—focusing only on minimum compliance—risk more than regulatory penalties. They risk damaging provider relationships due to slow or unreliable PA workflows as well as public reputational harm via poor performance metrics. Further risks include losing market share to more tech-forward competitors; and an increased operational cost due to inefficient legacy systems and manual workarounds

In contrast, those who embrace the shift stand to gain significant advantages—lower administrative burden, faster service turnaround, and stronger provider alignment.

Turning Regulation into Transformation

To meet the demands of CMS-0057-F and thrive in an increasingly digital healthcare ecosystem, payers must rethink how their systems handle prior authorization and data interoperability—from the ground up. This means building scalable, standards-based APIs that support automated prior authorization submissions, payer-to-payer data exchange, and real-time access for both providers and patients. These APIs must be secure, modular, and capable of integrating with existing platforms—without introducing unnecessary complexity.

Modernizing prior authorization also requires full end-to-end workflow automation. From intake and clinical review to adjudication and provider notification, each step must be digitized and streamlined to meet strict CMS timelines without increasing administrative burden. This is especially critical in achieving the mandated turnaround times—72 hours for urgent requests and seven calendar days for standard cases—while maintaining accuracy and consistency.

Equally important is seamless provider integration. By connecting directly with provider EHRs and enabling SMART on FHIR capabilities, payers can reduce manual follow-ups and foster real-time, context-aware collaboration with clinical teams. This not only improves efficiency but also strengthens provider relationships, which will be critical as performance metrics become public and increasingly scrutinized.

Transparency must also extend to how decisions are communicated. Payers need systems that can generate clear, standardized denial reasons—structured in a way that supports both compliance and clinician understanding. Meanwhile, CMS’s public reporting requirements demand real-time visibility into operational performance. Intuitive dashboards, aligned with federal standards, can help internal teams monitor key metrics while also meeting external transparency obligations.

Finally, the underlying architecture must be built for more than today’s rule—it should lay the foundation for future regulatory shifts, data sharing innovations, and scalable interoperability across the healthcare continuum.

The Bottom Line

CMS-0057-F marks a pivotal shift in how payers must operate. Prior authorization can no longer remain a manual, reactive process. It must become real-time, interoperable, and patient-centred.

Mizzeto specializes in delivering precisely these kinds of solutions—combining automation, streamlined prior authorization, clinical care review capabilities, and a unified utilization management intake process. We help payers not only meet regulatory requirements, but also reimagine their core operations for greater efficiency, scalability, and long-term impact.

The payers who act now, those who build modern infrastructure, streamline workflows, and enable intelligent automation, will not just comply with the rule. They will gain a lasting advantage in an industry that is rapidly evolving.

‍

Sources

1. AMA Survey Highlights Growing Burden of Prior Authorization on Physicians, Patients.

2. CMS Interoperability and Prior Authorization Final Rule.

3. Fixing prior auth: First, speed up payers’ response times.

‍