12 questions every payer should ask every AI prior authorization vendor.
The standard is evidence — a sample audit artifact, a production metric reported under regulatory oversight, a public patent filing. Descriptions of capabilities do not substitute for evidence of capabilities. Print this page. Take it into your next vendor meeting.
Are you deployed in production today?
What to look for: Name the customers, regulatory programs, or commercial contexts. Pilots and roadmap commitments do not count. A vendor that cannot name production deployments has nothing to verify against.
Are you a CMS WISeR Participant?
What to look for: Six participants are publicly named. Ask which state and which Medicare Administrative Contractor (MAC) jurisdiction. "WISeR-positioned" and "WISeR Participant" are not the same thing — the first is marketing language; the second is a federal designation with reportable performance.
Does your system ever issue a clinical coverage denial without licensed physician review?
What to look for: Federal law requires physician review of any adverse coverage determination on clinical grounds. Ask whether this is enforced architecturally (the code has no pathway to bypass it) or through configuration policy (a flag could be toggled). Ask separately how administrative non-affirmations (enrollment gaps, duplicates, frequency limits) are routed and whether that pathway is configurable.
Is citation per-criterion, per-determination, or document-level?
What to look for: Request a sample audit artifact from a production case. Per-criterion citation — each coverage policy criterion independently supported with bound evidence — is the standard CMS validated under WISeR. If the artifact you receive shows document IDs and a clinical narrative but does not show evidence bound to each individual criterion, the system is not producing per-criterion citation regardless of marketing language.
Are workflows on a shared agent substrate?
What to look for: "Integrated platform" can mean common branding over separately-built products, or genuine substrate sharing. Ask at the data-model level whether prior authorization, utilization management, payment integrity, and risk adjustment workflows share the same agents and audit ledger, or whether the platform is a marketing wrapper over acquired products.
How many patents have you filed on the architecture?
What to look for: Public filing record only — USPTO publications are verifiable. Vendors positioning on AI capabilities without IP backing have shorter-horizon competitive moats. Buyers concerned about vendor longevity should weight this signal accordingly.
What is your CMS-0057-F deployment status?
What to look for: In production at a named payer, in build, or on roadmap? If in production, the named payer should be specified. CMS-0057-F's FHIR API mandate (January 1, 2027) means vendors built against this requirement avoid migration; vendors retrofitting do not.
Do you support pharmacy benefit PA at sub-second response?
What to look for: CMS-0062-P's October 1, 2027 deadline requires a distinct architecture from medical PA, including NCPDP SCRIPT integration. Most medical PA vendors do not have a pharmacy ePA product. If the vendor has one, ask for the architecture brief and the response-time benchmarks.
What does the audit trail look like at the determination level?
What to look for: Tamper-evident? Cryptographically signed? Reconstructable to the exact rule pack version in effect at the moment of each determination? Many systems can produce an audit log; few can produce a reconstructable, version-bound audit trail that survives external scrutiny.
What independent third-party validations exist?
What to look for: Gartner, Everest Group, NelsonHall, KLAS, Black Book — with specific category and date. "Recognized by industry analysts" is not a validation; "Named to Gartner Market Guide for Intelligent Prior Authorization, February 12, 2026, ID G00803711" is.
Can modules be deployed individually or only as a full platform?
What to look for: Modular procurement matches modular budgets. Ask what a phased adoption looks like technically — which modules can be deployed independently, what integration work is shared across modules, and how pricing scales as scope expands.
What is the three-year total cost of ownership?
What to look for: The headline subscription number is not the TCO. Request inclusive figures covering integration, customization, training, and ongoing tuning across a three-year window. The TCO question separates vendors who price for production from vendors who price for the pilot.
This is one section of a longer framework. The companion piece walks through the legal and architectural foundations of the AI PA category — the coverage policy assessment vs. care allocation distinction, the 2026 regulatory window, per-criterion citation architecture, and how physician review is enforced architecturally rather than by configuration. Read the full framework →
Genzeon Platforms · Building the Healthcare Brain · Published May 20, 2026 · This is not legal, financial, regulatory, or procurement advice.