Problem
Prior authorization for advanced imaging is the single largest drag on oncology workflow. Payer policies are buried in 40-page PDFs, change quarterly, and vary by plan. Clinicians and their staff spend hours per case re-reading documents they read last month, and patients wait days for a yes/no that should take minutes.
In 2024, Medicare Advantage processed 52.8 million prior authorization requests and denied 4.1 million. The system is not denying care because it is clinically inappropriate. It is denying care through attrition, because only 11.5% of providers ever appeal. Sources: ASTRO 2024; KFF/CMS January 2026; AMA 2024.
The denial rate is not a measure of clinical appropriateness. It is a measure of how many providers have time to fight back.
The insight
Inside that system is a more specific failure. Cigna, through its clinical review arm EviCore, denies PET scans for Stage IIB breast cancer. The American College of Radiology rates that same scan a 9 out of 9 ("Usually Appropriate") for exactly that patient. Same patient. Same scan. Guideline says yes. Payer says no.
That is not an administrative disagreement. It is a clinical contradiction. In our first extraction of just eight payer policy PDFs, we found 14 of these contradictions across eight insurers. No existing tool had ever identified them systematically, and no product compared payer policy against ACR or NCCN guidelines.
The same logic applies across cancer types. Below is a prostate case: the payer requires prior authorization for PSMA PET, but ACR rates the scan 9/9 and the patient's PI-RADS 4 score indicates high probability of clinically significant cancer. OncoAuth flags the contradiction automatically:
Approach
We modeled payer policies as a structured knowledge graph rather than free text. A retrieval layer translates clinician input (cancer type, stage, prior workup, suspected metastasis) into the canonical clinical concepts referenced by each plan, then walks the graph to a determinative result with a citation back to the source PDF.
- Policy ingestion pipeline normalizes payer PDFs into a versioned graph
- Retrieval layer maps free-text clinical input to canonical concepts
- Determinative output with line-level source citations
- Audit log of every query for compliance and review
The architecture is deterministic lookup, not generative AI. Every output is traceable to a published ACR, NCCN, or payer document. The Claude API is used only to extract and structure data from payer PDFs, not to make clinical decisions. No hallucination risk.
The architecture is modular. Each ACR scoring system (PI-RADS for prostate, BI-RADS for breast, Lung-RADS for lung, LI-RADS for liver, TI-RADS for thyroid) follows the same integration pattern, so adding a cancer type is a data task, not an engineering task.
The workflow is four steps: select the cancer type and stage, enter the insurance plan, choose the imaging test, and receive an instant color-coded result.
Key features
Contradiction detection
Cross-references payer criteria against ACR and NCCN guidelines. Flags when denials conflict with clinical evidence. 14 contradictions found across 8 insurers.
Biomarker contradiction
New in v0.6: catches cases where a payer accepts NCCN imaging but denies NCCN biomarkers (Stockholm3, 4Kscore, PHI, SelectMDx, ExoDx) for the same patient.
PI-RADS v2.1 integration
ACR prostate imaging scores mapped to coverage status. PI-RADS 4 or 5 with a denied scan triggers an automatic contradiction flag. No competitor does this.
Delay Harm Score
Proprietary 0 to 100 scale quantifying patient risk from PA delays, built on NCI SEER survival data and stage migration probability. DHS 100 = critical urgency.
The Delay Harm Score in action. For a PI-RADS 4 prostate case with a 10-day expected delay, OncoAuth calculates a DHS of 100 (critical), pulls SEER survival data, and generates an appeal letter pre-loaded with the clinical evidence:
Why now
Four regulatory and technical forces converged in 2026 that made this tool possible:
- CMS-0057-F took effect March 2026, requiring insurers to publicly report denial rates for the first time. Accountability is now mandatory.
- FHIR API mandate (January 2027) creates the technical integration surface OncoAuth is built to connect with, replacing fax and PDF workflows.
- The FIND Act, which passed congressional committee in May 2024, pushes federal coverage of PSMA PET for prostate cancer, validating the prostate-first strategy.
- Regulatory clarity: OncoAuth qualifies as Clinical Decision Support under the 21st Century Cures Act. No FDA 510(k) required. No PHI stored.
What I learned and what's next
I owned the product end to end: policy-to-guideline matching schema, four-color classification system, Delay Harm Score methodology, closed beta with practicing oncologists, regulatory positioning under the Cures Act, and the pitch at BiteLabs Demo Day at Jones Day, Miami. First line of code to live beta in eight weeks.
The biggest lesson: the hard problem in prior authorization is not automation. It is that payer policies actively contradict published clinical guidelines, and no tool was surfacing those contradictions before the denial arrived. That insight shaped every design decision: deterministic over generative, citations over predictions, provider-side over payer-side. Next is validating against real-world PA outcomes in community oncology and expanding the contradiction dataset to breast, lung, and colorectal imaging.