JMIR Publications

ABSTRACT

Background Artificial intelligence is increasingly embedded in prior authorization (PA) and utilization management (UM) systems across commercial and Medicare Advantage health plans. Emerging evidence, including American Medical Association survey data showing 94% of physicians report PA negatively impacts clinical outcomes, and Senate investigative findings linking AI-assisted adjudication to denial rates up to 16 times higher than typical benchmarks, indicates that AI-driven PA is amplifying existing harms rather than correcting them. Despite regulatory attention from the Centers for Medicare & Medicaid Services (CMS) and the Office of Inspector General (OIG), no standardized compliance framework explicitly governs the deployment of AI in PA decision-making. Objective This paper argues that existing healthcare compliance infrastructure, including OIG compliance program guidance, HIPAA nondiscrimination requirements, CMS coverage determination standards, and internal audit mechanisms, provides a largely underutilized foundation for governing AI-driven PA systems. We propose a structured Algorithmic Accountability Framework (AAF) to help health plan compliance officers and executives navigate uncertainty in AI-enabled utilization management. Methods Drawing on regulatory guidance, published denial rate analyses, American Medical Association survey data, and organizational compliance program design principles, we identify five governance domains where existing compliance infrastructure can be applied or extended to AI PA systems: (1) algorithm transparency and documentation, (2) clinical validity and human oversight, (3) disparate impact monitoring, (4) appeals process integrity, and (5) vendor oversight and contractual accountability. We further integrate a patient-agency lens drawn from the Prepare/Verify/Protect framework, positioning patients as an underutilized accountability mechanism in AI-driven PA governance. Results/Discussion The AAF maps each governance domain to existing regulatory obligations and operational controls that most health plans have in place today. We argue that the systemic misclassification of AI PA tools as IT or operational efficiency systems, rather than high-risk compliance matters, is the primary organizational barrier to adequate governance. Compliance officers, not data science or IT teams, hold the cross-cutting authority needed to own AI PA governance. Patient complaint, grievance, and appeal data, disaggregated by AI involvement, constitute an underutilized error-detection layer that supplements internal compliance monitoring.