'/%3e%3cpath%20d='M534.104%20592.554C517.522%20607.15%20492.036%20605.65%20479.37%20587.55C432.827%20521.038%20409.925%20440.343%20415.135%20358.545C420.344%20276.748%20453.298%20199.61%20507.904%20139.54C522.764%20123.194%20548.234%20124.939%20562.83%20141.521L608.023%20192.862C622.619%20209.444%20620.638%20234.536%20607.101%20251.994C581.387%20285.156%20565.941%20325.498%20563.237%20367.978C560.53%20410.458%20570.733%20452.433%20592.032%20488.59C603.245%20507.624%20602.027%20532.765%20585.445%20547.361L534.104%20592.554Z'%20fill='url(%23paint1_linear_154_257)'/%3e%3cpath%20d='M404.368%20499.661L455.381%20493.203L438.013%20356L387%20362.458L404.368%20499.661Z'%20fill='white'/%3e%3cpath%20d='M349%20408.709L355.956%20459.657L492.983%20440.947L486.026%20390L349%20408.709Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_154_257'%20x1='170'%20y1='492.5'%20x2='449'%20y2='508.5'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236648E0'/%3e%3cstop%20offset='1'%20stop-color='%23413AC9'/%3e%3c/linearGradient%3e%3clinearGradient%20id='paint1_linear_154_257'%20x1='429'%20y1='384'%20x2='549.5'%20y2='380.5'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%235B51FF'/%3e%3cstop%20offset='1'%20stop-color='%233428E6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
Automating Prior Authorization in Healthcare: Architecture and Cost
How to build RPA bots that automate prior authorization submission and status tracking across payer portals — architecture, HIPAA requirements, and what can't be automated.
The Prior Authorization Problem
Prior authorization (PA) requires clinics to get insurance company approval before providing certain procedures, medications, or referrals. For high-volume practices, PA requests consume hours of staff time daily — logging into payer portals, submitting clinical documentation, checking status, and managing denials.
Most PA workflows are deterministic: same codes, same documentation type, same portal navigation. They're exactly what RPA bots are designed for.
What Can Be Automated
- Status checks on submitted PA requests
- Eligibility pre-checks before submitting
- Form submission for standard procedures (orthopedic, imaging, DME, specialty pharmacy)
- Denial notification retrieval and routing to the right staff queue
- Re-submission of denied requests after appending additional documentation
What Cannot Be Automated
- Clinical judgment calls — whether to submit at all, what documentation to include
- Complex appeals requiring physician narrative letters
- Phone-based PA requests (some payers still require calls for specific codes)
The Bot Architecture
Each major payer has its own portal with its own navigation flow. The bot suite is organized as one script per payer with a shared library for common operations (login, session management, file upload).
from playwright.async_api import async_playwright
from typing import TypedDict
class PARequest(TypedDict):
member_id: str
procedure_code: str
diagnosis_codes: list[str]
requesting_provider_npi: str
documentation_path: str
async def submit_aetna_pa(request: PARequest) -> str:
async with async_playwright() as p:
browser = await p.chromium.launch(headless=True)
page = await browser.new_page()
await page.goto("https://navivityportal.aetna.com")
await page.get_by_label("Username").fill(get_credential("aetna_username"))
await page.get_by_label("Password").fill(get_credential("aetna_password"))
await page.get_by_role("button", name="Sign In").click()
await page.get_by_role("link", name="Request Authorization").click()
await page.fill("#member-id", request["member_id"])
# ... procedure code, diagnosis, documentation upload
await page.get_by_role("button", name="Submit Request").click()
await page.wait_for_selector(".confirmation-number")
return await page.inner_text(".confirmation-number")
Role-based selectors (get_by_label, get_by_role) survive portal redesigns. CSS ID selectors don't. See the eligibility verification automation guide for a detailed breakdown of why this distinction matters in production.
HIPAA Requirements
PA bots handle PHI: member IDs, procedure codes, diagnosis codes, and clinical documentation files. The pipeline must satisfy HIPAA technical safeguards:
- Bot credentials stored in AWS Secrets Manager (never in code or environment variables)
- Documentation files encrypted in transit and at rest (KMS-encrypted S3)
- Audit log of every submission, status check, and outcome
The same Lambda + Secrets Manager + encrypted S3 pattern used in the dental RPA billing reference architecture applies here.
Denial Analytics
When every PA result is stored as structured data, you can analyze denial patterns by payer, procedure code, and provider — turning a reactive task into a proactive workflow optimization signal. This layer integrates directly with custom Practice Management software.
The RPA Billing Automation service covers prior authorization, eligibility verification, and claim status — built and maintained as a single bot suite.
Related Service
RPA Billing Automation
Deep-dive into our engineering approach, capabilities, and technical specifications.
Written by Sheharyar Amin
Founder & Lead Engineer, Opexia