osmodaresearch·labs
pricingexamplesget started
get started
  1. Home
  2. /Case Studies
  3. /Healthcare · Prior Auth

from osmoda research · healthcare

Prior authorizations filed in four minutes, not forty-five.

tofu pulls the chart, fills the form, files it. Cigna, Aetna, UHC — submitted via CoverMyMeds, Surescripts, or the new CMS-0057-F FHIR endpoint. PHI never leaves your tenant. Every action lands in a SHA-256 hash-chained audit ledger your compliance officer can replay.

Spawn a clinic agentHIPAA controls →

TL;DR

  • • 4 min per filing vs 45 min manual baseline; $0.18 in compute replaces ~$13.40 in staff time per PA [AMA 2024; CAQH Index]
  • • Practicing US physicians spend ~13 hrs/week on PAs and file ~39/week; 40% of practices employ PA-only staff [AMA 2024]
  • • tofu reads the EMR, drafts the payer form, and submits via CoverMyMeds, Surescripts, or Availity
  • • SHA-256 ledger gives each filing a tamper-evident HIPAA §164.312 audit trail; EU-1 keeps PHI in-region
  • • Built ready for the CMS-0057-F Prior Authorization API mandate effective Jan 1, 2026 (FHIR R4 endpoints)

1. The pain — what PA costs your practice today

The 2024 AMA Prior Authorization Physician Survey found practicing US physicians spend roughly 13 hours per week on prior authorizations, processing an average of 39 PAs each, and 40% of practices now employ at least one staff member who works on PAs full-time. CAQH's CORE index puts the labor cost of a manual PA at approximately $11–$13.40 per filing, and 89% of physicians say the workload contributes meaningfully to burnout. Roughly 93% report that PA causes care delays, with 82% saying patients sometimes abandon treatment outright.

The legacy stack is a clinic worker with two browser tabs: an EMR (Epic, athenahealth, eClinicalWorks) and a payer portal (CoverMyMeds, Surescripts, Availity). Each PA is a copy-paste, attach-PDF, fax-and-pray loop. Olive AI raised $832M promising to automate this, then shut down in October 2023 after failing to make it work end-to-end.

Now the regulator is moving. The CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F) requires impacted Medicare Advantage, Medicaid, CHIP, and FFE QHP payers to implement Patient Access, Provider Access, Payer-to-Payer, and Prior Authorization FHIR APIs, with operational provisions live by January 1, 2026 and API conformance by January 1, 2027. Practices that automate against the new endpoints will leave practices still faxing in the dust.

CoverMyMeds

McKesson's network — largest ePA for pharmacy PAs. Great coverage, but humans still do the typing, tracking, and appeals.

Surescripts PA Portal

Replaced CoverMyMeds inside several Blues plans on Aug 1, 2025. Same problem — staff still drives the form.

Availity

Multi-payer clearinghouse for medical PAs. Each portal still needs a logged-in human and an attached chart packet.

Olive AI

Healthcare RPA unicorn that promised end-to-end PA automation. Shut down October 2023 after $832M raised.

2. The workflow — how osmoda runs a PA

  1. 1 · soot wakes on the EMR's "PA needed" worklist webhook and hands the patient context to tofu. The watchdog (6-second median wedge recovery) makes sure no PA is silently dropped from the queue.
  2. 2 · tofu calls the EMR FHIR endpoint (Epic, athenahealth, Cerner) using a typed fhir.read.encounter tool, pulls dx codes, recent labs, and treatment history, and structures them into the payer's required PA template.
  3. 3 · naga gates the outbound submission: KEYD signs the payer-portal credential request without exposing the secret to the LLM, and naga checks the §164.312 access policy before any PHI leaves the box.
  4. 4 · tofu posts the filing to CoverMyMeds, Surescripts, or the new CMS-0057-F PA FHIR endpoint, attaches the supporting clinicals as PDF, and writes the submission receipt to the SHA-256 hash-chained ledger as one immutable event.
  5. 5 · lantern tails the payer status webhook, reconciles approvals/denials, drafts the appeal letter on denial using the payer's stated reason, and exports a per-filing audit bundle on request.

3. Why it works

Sovereignty

PHI cannot tour third-party AI vendors quietly. osmoda runs on a dedicated NixOS server you control, with EU residency by default in Frankfurt EU-1 and on-prem self-hosting available under Apache-2.0. KEYD never hands the LLM your payer credentials — the agent requests a signed action and the vault performs it — which maps cleanly onto §164.312(d) entity authentication and §164.312(a)(2)(i) unique user ID.

Workflow integrity

PA denials are appealed for years, and "the bot did it" is not a defense. Every FHIR read, every form submission, every payer response is appended to a SHA-256 hash-chained ledger usable directly for SOC 2 Type II evidence and OCR audits. Atomic NixOS deploys mean any model or prompt change is instantly rollback-able if a payer rejects a new template.

Economics

At ~$13.40 in staff time per manual filing and 39 PAs per physician per week, a 10-physician group is spending well over $250K/year on PA labor alone. osmoda runs the same filing in 4 minutes for $0.18 in compute. Even budgeting heavily for human review, the math collapses the work to one FTE per region instead of one per practice.

FAQ

How does tofu stay HIPAA-compliant when handling PHI?

PHI never leaves your tenant. osmoda runs on a dedicated NixOS box (self-hosted or in EU-1 Frankfurt), KEYD vaults all payer credentials and signs requests so the LLM never sees them, and every PHI access is appended to a SHA-256 hash-chained audit ledger. That covers the §164.312 access-control, audit-control, integrity, and transmission-security standards in one substrate.

Will this still work after the CMS-0057-F mandate kicks in?

It is built for it. CMS-0057-F requires impacted payers to expose FHIR-based Prior Authorization APIs, with operational deadlines from Jan 1, 2026 and API conformance by Jan 1, 2027. tofu speaks FHIR R4 natively and ships with the Da Vinci PAS and CRD/DTR profile shapes, so the same agent that posts to CoverMyMeds today will hit the payer's PA API tomorrow.

What happens when a payer denies the PA?

lantern reads the denial reason from the payer response, pulls the original clinical justification, drafts a Level 1 appeal with the cited medical-necessity criteria, and queues it for clinician sign-off. The full chain — original filing, denial, appeal draft, clinician edit — is one continuous audit record, not three disconnected portals.

Stop paying $13.40 to file what your agent should be filing for $0.18.

Spawn a clinic agent →
osmodaresearch·labs

A studio where the work actually gets done. Set up helpers however you want. Open source. Your data, your server, your terms.

Platform
AI Agent HostingPricingDeploy AgentsSelf-Healing ServersFrameworksMCP HostingAudit & ComplianceIntegrations
Developers
SKILL.mdAgent CardAPI DocsPlans APIGitHubGuidesTemplatesGlossary
Learn
AI Agents HubUse CasesComparisonsAlternativesMigration GuidesSolutionsCase StudiesChangelog
Blog
AI Business OperatorAll PostsCreate an AI AgentSpawn on osModaBest Hosting 202615 Agent ExamplesStart an AI AgencyRun Agent 24/7
Solutions
FintechHealthcareE-CommerceInsuranceRecruitingLogisticsReal Estate
live · v1.3.0built within Vilnius© 2026 osmoda research · osmoda labs · Apache-2.0