Prior Auth Transparency Is Live. Most of It Isn't Usable.

CMS required health plans to publish prior authorization metrics for the first time ever. Approval rates. Denial rates. Decision timelines. Appeal outcomes. All of it, publicly available, by March 31, 2026.

The reporting deadline has passed. The data now technically exists.

So I built a database to track it across 1,300+ health plan entries. What I found was far messier than the mandate implied.

What CMS Actually Required

Before getting into what plans published, it helps to understand what they were supposed to publish.

Under the 2024 CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F), impacted payers, including Medicare Advantage organizations, Medicaid managed care plans, CHIP managed care entities, and qualified health plan issuers on the federal exchanges, were required to publicly post the following metrics for calendar year 2025 by March 31, 2026:

The percentage of standard prior authorization requests approved. The percentage denied. The percentage approved after appeal. The percentage of expedited requests approved and denied. Average decision timeframes.

That is a specific, defined list. Not vague. Not open to interpretation. A plan either published those numbers or it did not.

Most have not.

What the Data Actually Shows

Over 90% of plans in the dataset have not published usable prior authorization metrics. But that number only tells part of the story, because non-compliance is not one thing. It is several things, and they are worth separating.

Category 1: No page exists at all.

Some plans have nothing. No URL, no page, no attempt. The requirement exists, the deadline passed, and the page does not. This is the most straightforward category, and it is the largest one.

Category 2: A page exists but contains the wrong data.

This is where it gets interesting. Some plans have published something, just not prior authorization metrics. Machine-readable pricing files. Provider directories. General transparency pages that technically exist but contain none of the required fields. When you open the link, there is no approval rate. No denial rate. No decision timeline. No appeal outcome. The requirement gets satisfied on paper. The data does not exist.

Category 3: A page exists but is functionally inaccessible.

Some pages fail to load consistently. Some return errors. A page that cannot be accessed by the public is not a public page, regardless of what the URL says.

Category 4: The data exists but is not machine-readable or comparable.

Even among plans that published the right metrics, the format varies wildly. Some published clean HTML tables. Some published nine-page PDFs with metrics buried in footnotes. Some published numbers without definitions, so you cannot tell whether their denial rate includes partial denials, administrative denials, or only clinical denials. The number exists. What it means is unclear.

This is where the gap between a publication standard and a usability standard becomes real.

The Concentration Problem

Then there is the issue that changes how you read the compliant plans entirely.

Among the plans that have published usable data, a disproportionate share traces back to a single underlying source. UnitedHealthcare, Optum, Peoples Health, and related entities frequently reference the same prior authorization reporting page across dozens of separate contract IDs. Every contract that points to that page gets counted as a separate published plan in a surface level tracker.

On paper: broad coverage across many plans.

In practice: one dataset, counted many times.

This is not necessarily a violation. A payer can legally centralize reporting across contracts. But it means the number of published plans is not the same as the number of unique usable datasets. Those are very different things, and conflating them produces a distorted picture of how much actual information is available to the public.

The Prior Auth Index does not count it that way. When multiple contracts point back to the same underlying source, that dataset is represented once. Not once per contract ID.

Why This Matters Beyond the Numbers

For patients, the transparency requirement was supposed to make plan comparison possible. Which plan approves more requests? How long do decisions take? What happens when something gets denied? These are not abstract questions. They are the questions people ask when they are choosing coverage or fighting a denial. The data was supposed to start answering them. For the vast majority of plans, it does not.

For providers and healthtech builders, the dataset that exists is mostly empty and partially distorted. The plans that have published usable data are not necessarily the plans creating the most administrative burden. The ones with the heaviest PA volume may be exactly the ones that have not published anything.

The structural problem is this: the mandate set a publication standard, not a usability standard. A placeholder page satisfies the same regulatory requirement as a clean, complete, machine-readable table. Until CMS defines what usable looks like and enforces against it, the incentive is to publish something rather than something meaningful. That distinction is what The Prior Auth Index exists to surface.

What This Actually Means

The current state of prior authorization transparency is not simply a refusal to comply. In many cases, plans are attempting to assemble reporting pipelines from fragmented legacy systems that were never designed to produce this data publicly. For smaller plans especially, the engineering lift is real. The deadline was not realistic for everyone.

But the result is the same regardless of the reason. A mandate that required transparency produced a dataset that is mostly unavailable, partially duplicated, and difficult to interpret without significant cleanup work.

Published does not mean usable. Usable does not mean comparable. And comparable does not mean the whole story.

We are at step one. The data is starting to exist. Making it mean something is the work that comes next. That is what The Prior Auth Index is here to do.

The Prior Auth Index tracks prior authorization transparency data across 1,300+ health plans and is updated as new data becomes available. If you want ongoing analysis of prior authorization transparency data in your inbox, the newsletter launches in July. The waitlist is below.