Prior authorization is the single biggest administrative burden in healthcare. Physicians spend an average of 14 hours per week on PA-related tasks. Specialty drugs costing $30,000–$100,000 per treatment sit in limbo while payers review submissions. And when a PA gets denied on first pass, the appeals clock starts adding 90+ days before a patient can access care.
For health tech companies building RCM tools, clinical workflow products, and specialty pharmacy platforms, prior auth submission is the core problem. Your customers need it fast, accurate, and at scale. This guide covers how prior authorization submission actually works, which method is worth automating, and what teams building production PA automation have learned the hard way.
The Three Ways to Submit a Prior Authorization
Every prior authorization request travels through one of three channels to reach the payer.
Phone: a staff member calls the payer's provider services line and works through the PA request verbally. Fax: the provider faxes a completed PA form to the payer's intake number and waits days for a determination back. Payer portal: the provider logs into the payer's web portal, fills a structured form, and gets a reference number and preliminary status in real time.
Portal submission is the channel we'll focus on for the rest of this guide.
Why Payer Portals Are the Right Channel to Automate
Phone and fax have well-understood problems: they're slow, manual, and produce unstructured outputs. Payer portals are different in ways that matter for engineering teams.
Real-time status clarification. Portal submissions get an immediate reference number and often a same-session status. Your system knows whether the PA is approved, pended for clinical review, or needs additional documentation without polling a fax machine or waiting for a callback. For platforms tracking PA status across dozens of patients, this is transformative.
Structured data in, structured data out. Portal forms accept typed inputs ICD-10 codes, CPT codes, drug NDCs, dates rather than free text in a fax or voice read-back. The response is structured too: reference numbers, determination codes, review timelines. This makes downstream workflow automation tractable.
Lower cost per case. Manual phone and fax processing costs $10–$15 per PA in staff time. Portal automation, once built, costs a fraction of that. For platforms processing thousands of PAs monthly, this margin matters.
Required by some payers. Carelon (formerly Carelon Behavioral Health), which represents 38% of first-pass volume for some providers, requires portal submission for certain drug types and clinical scenarios. Fax isn't an option. Phone is slow. For these cases, portal automation isn't a preference it's the only path to scalable submission.
Why Payer Portals Resist Automation
If payer portals are clearly the right channel, why isn't everyone automating them?
The short answer: these portals were built for humans, not machines. And the ways they resist automation are specific and instructive.
Anthem's prior auth workflow looks nothing like Cigna's. United Health has three different portals depending on the plan type. Carelon has conditional branching logic that changes the entire form structure based on drug selection. CoverMyMeds generates different clinical questions for the same drug depending on the payer configuration, the patient's diagnosis, and what you've already answered.
This isn't accidental. Each payer has built their own criteria into their portal. What information they require, in what format, with what conditional logic, is a function of their medical policy and medical policy changes.
A prior auth form on Carelon isn't a static PDF. It's an interactive decision tree. Select "CPAP supplies" instead of "continuous glucose monitor" and you don't just see a different field you see a completely different form structure. Answer "yes" to "Has the patient tried formulary alternatives?" and new fields appear asking which alternatives, at what doses, for how long.
One specialty pharmacy platform building PA automation found that dropdown elements on some portals contain 700+ options. The correct option for a given patient isn't always obvious from the label. Selecting the wrong one doesn't just fill the wrong field it may trigger a different clinical pathway, leading to a first-pass denial.
You cannot test prior authorization automation against a fake patient on a real payer portal. Payers don't provide sandbox environments for automation testing. Every test is a live submission or a manual walkthrough. This means bugs in your automation surface in production, on real patient data, with real clinical consequences. A script that worked for the first 50 submissions breaks on submission 51 because a payer quietly updated their portal UI.
Major payer portals run bot detection. UHC uses Shape Security. Others use Cloudflare, CAPTCHA challenges, or behavioral fingerprinting. Headless browser sessions with default configurations get flagged. On top of that, sessions time out. A complex PA submission involving 20+ form interactions can take longer than a portal's session timeout window. And concurrent sessions on the same credential multiple patients being submitted simultaneously can cause session conflicts.
For platforms managing credentials across multiple providers and multiple payer portals, the credential management problem alone is significant: per-provider credentials, 2FA codes (TOTP, SMS, email OTP), security questions, and rate limiting per payer.
Automating Prior Auth Portal Submissions
Agentic browser automation is the right approach. The problem is everything described above: the dynamic forms, the redirects, the chained requests, the MFA, the anti-bot measures that differ across every portal. Building this yourself is a significant ongoing investment, not a one-time project. And every session runs against live patient data, so getting it wrong isn't just an engineering problem.
If you want to get prior auth submissions running without building the portal layer yourself, Simplex can get your first submissions running in 10 minutes. Hit our endpoints, we handle the portals, the maintenance, and the anti-bot. You own the clinical logic.