Sign in Subscribe
6 min read

Healthcare's AI Rules Govern One Job That Was Always Two

In one state, an AI agent can renew prescriptions but cannot deny anyone's care. After a decade in specialty pharmacy, I see why: prior authorization was always two jobs, paperwork and clinical judgment, and the new laws keep regulating the word instead of the work.

In Utah, an autonomous AI agent renews people's prescriptions on its own. Regulators there cleared it to handle 192 different chronic-condition medications with no human signature required, quietly keeping patients on the drugs they depend on. That same year, the same legislature went the opposite way on prior authorization. When AI helps review one of those requests, any denial now has to come from a licensed person, not the software. One state. One technology. Two opposite answers.

Prior authorization is the approval an insurer requires before it will cover certain treatments. For many medications it is a routine step in the prescription lifecycle. The criteria behind it come from clinical guidelines that flag when an expensive or specialized drug deserves a closer look. It is also where a large share of the system's friction collects. So why would one legislature hand AI the keys to refill a prescription on its own, yet insist a human stay in charge the moment that same software might deny a patient's care?

Utah's split runs along an access-versus-risk line. Renewing a stable patient's medication is mostly a question of access, so the state let the agent move fast. Denying care is a question of risk, so it kept a human accountable. That instinct is sound, but it stops one level too high. Even inside a single process like prior authorization, AI is still not one decision, and until the laws taking shape across the country see that, they will keep regulating a word instead of the work underneath it.

Every State Is Writing Its Own Rules

In the last two years, AI in prior authorization has jumped from conference panels to legislation in statehouses across the country. And in traditional political fashion, no two states have landed in the same place. California's Physicians Make Decisions Act keeps AI from being the sole basis for denying or delaying care. A licensed professional still has to make the medical-necessity call, the judgment that a treatment is genuinely needed. Georgia took a different path, passing a law that lets insurers use AI in prior authorization to automate routine work and ease the paperwork load. Utah added a disclosure rule of its own, requiring insurers to say when AI is part of the review at all. Dozens more states sit somewhere in between, each writing its own version of how AI interacts with this part of the healthcare system.

Those laws look like a country that cannot make up its mind. But almost all of them are arguing about the same wrong question, how far AI should reach across prior authorization as one undivided process. That framing is the real problem. Prior authorization is not a single act to wave through or rein in. It is several jobs bundled together, most of them routine and only a few of them clinical. A law that cannot tell those apart ends up treating all of it the same way.

The Yes Was Always Coming

Underneath the disagreement, the states do share one rule. Whatever a law says about AI, it stops short of letting software deny care on its own. A person has to stand behind any refusal. That common ground is real, but it settles only a small piece of what prior authorization does. Most requests never reach a real clinical judgment. The bigger story is the part the debate keeps stepping over.

A December 2025 white paper from the National Association of Insurance Commissioners puts approval rates for prescription-drug prior authorizations at around 90 percent. Nine in ten requests end in a yes. After more than a decade on the technology and operations side of specialty pharmacy, where the most expensive and complex drugs almost always require this step, that number is no surprise. And it changes what prior authorization really is and what it means. If nine in ten requests are approved anyway, most were never a clinical gate. They are administrative throughput, paperwork moving between systems while everyone waits for a stamp that is already coming.

Running that nearly-automatic process still costs a fortune in time. A 2024 American Medical Association survey, the research the NAIC drew on, found that doctors and their staff spend about 13 hours a week on prior authorizations. Thirteen hours a week, feeding a process that says yes nine times out of ten. Most of that time is pulled straight from patients, who wait while the paperwork clears. So why not scrap prior authorization altogether? Because the criteria underneath it do real work. Clinicians write them to catch the cases where an expensive or risky treatment deserves a second look, and that judgment is worth protecting. The waste is everything wrapped around it, the faxing, the re-keying, the chase for one missing field.

Automate that, and the yes that was always coming arrives in minutes instead of days. The thirteen hours go back to patients. The human stays where the judgment is real, on the small share of cases that genuinely need one. That is the line worth drawing, and it is exactly the line these laws get wrong.

When a Blank Field Counts as a Denial

Under the hood, much of what gets counted as a denial is not one. A prior authorization can come back rejected because someone left the patient's weight off the form. Nothing clinical happened. No reviewer weighed the treatment against the criteria and said no. A required field was blank, so the system kicked it back. The NAIC names this directly, noting that incorrect or missing patient information can delay a request or produce an unexplained denial. The record still calls it a denial, but it is really a clerical gap, the kind of gap software should catch and fix before a person ever opens the file.

Now compare that to a real clinical denial, a clinician reading a complicated case and deciding the treatment does not meet medical necessity. That is a judgment call, and it carries weight a missing data field never could. Yet most of the laws on the table treat the two as the same act, because both run on software and get filed under the same word. Govern them together and there is no good setting. Loosen the rules to clear paperwork and you weaken oversight on the denials that need it. Tighten them to protect patients and the clerical work that should take seconds drags for days. Every one of these laws makes the same mistake. It writes a single rule for a single word, AI, when that word covers both a clerical task and a clinical decision.

A pharmacy that fills prescriptions across state lines now follows a different AI rule in each one. Every rule has its own disclosure language and its own definition of what even counts as AI. The burden skips the largest, best-resourced players and lands on the providers and pharmacies already stretched thin. Fifty versions of a question no one has framed correctly are overhead dressed up as oversight.

Healthcare Knows How to Build Inside the Lines

Legislation will keep reshaping how AI works in healthcare, state by state and year by year, and prior authorization is only what happens to be in front of us right now. None of that is a reason for pessimism. Healthcare is adept at working in a regulated environment. This is the industry that learned to innovate inside HIPAA and FDA review, under decades of rules far heavier than a disclosure form, and the innovation will continue.

What makes me optimistic is not a hope that the rules get lighter. It is what AI is genuinely good at. The friction in this whole story, the thirteen hours, the bounced forms, the waiting that lands on a patient, is exactly the kind of waste the technology clears best. Aim AI at the administrative half of prior auth and you strengthen patient protection, because the time handed back flows to the people the process exists to serve. The optimism here is pro-patient.

And if you want more access for people, change the system. You do not slow down the one tool that creates speed just to keep the pace where it has always been.

Whether AI belongs in healthcare was always the wrong frame. The real question lives one level down, inside the process, where administrative throughput and clinical judgment turn out to be two different jobs that happen to share a name. Good governance automates the throughput and keeps the human on the judgment. Get that line right, and AI does what it should, reduce friction across the healthcare journey and improve the experiences we all go through.

Published by:

Santosh Savel

Enjoy this? Get it in your inbox every Tuesday.

Practical AI workflows. No hype. No spam. Just receipts.

Subscribe Free

You might also like...

16
Jun

Your AI Rollout Is Stalling on Your Org Chart

Your best AI idea is probably stuck in someone's inbox, and the reason is structural, not technical. My team stopped waiting for the org chart to catch up and built a new operating model on top of it instead.
5 min read
09
Jun

The Cost of Using AI Is Moving From Dollars to Discipline

I hit my AI session limit mid-thought, already paying for the hundred-dollar plan, with no way forward but to pay more. Paying would have fixed that night, not the habit. The cost of using AI well is shifting from dollars to discipline, and here are the three habits that kept me building.
5 min read
02
Jun

The Data Center Fight Is More Complicated Than the Headlines

I keep coming back to the gap behind the loudest voices in the data center fight. The costs are real and immediate, the upside is still mostly unproven, and one Maine mill town is quietly showing the rest of us a better way to build.
6 min read
26
May

Time Is the Most Important Currency

For four weeks my schedule erased the time I normally use to build the newsletter. It still shipped because the AI systems I built when I had room are doing the work I no longer have time to do manually. That is how you bank time when the calendar disappears.
4 min read
19
May

Automation Is the Consolation Prize

I built two AI agents that save me hours every week. They work. They are also the consolation prize, and most companies are quietly building the same one.
5 min read

Before you go...

Get one practical AI workflow in your inbox every Tuesday. Free. No spam. Just receipts.

Subscribe Free