A big thanks to Vitali Khvatkov at Linked In for highlighting a CMS RFI on 'Prior authorization" with specific attention to the nightmare it creates for clinical laboratories. (See also a blog by Brendan Keeler). (See also a CMS announcement and Fact Sheet.)
Find the April 14, 2026, Fed Reg page here:
Go straight to the 173-page proposal here. April 14, 2026, 91 FR 19890-20062.
https://www.govinfo.gov/content/pkg/FR-2026-04-14/pdf/2026-07205.pdf
Comment by June 15.
The word Laboratory occurs 42 times, mostly in the RFI section, Section III, Part E, page 20014-16. This concerns whether labs have special added burdens when confronted with prior authorization portals and denials.
What CMS Asks For [AI Corner - Claude Opus 4.7]
####
CMS Prior Authorization RFI on Labs: What CMS Said, and What They Didn't
CMS has opened a Request for Information on prior authorization for laboratory tests (bundled with DMEPOS) inside its larger interoperability rule.
The lab RFI lives at Section III.E of CMS-0062-P, published at 91 FR 19890 on Tuesday, April 14, 2026. The framing matters: CMS is openly acknowledging — in the Federal Register, with citations — that lab prior auth in the commercial and MA worlds is generating real harm. That acknowledgment is the soft underbelly worth pressing on in comments.
Comment Deadline
Comments are due June 15, 2026, filed under code CMS-0062-P via regulations.gov (preferred).
What CMS Specifically Called Out
The "patient is already in the chair" problem. CMS describes the canonical workflow — ordering provider writes the order, patient walks to the in-house draw station, specimen collected same day — and notes that nobody in that chain knows whether prior auth is required until the claim denies weeks later. When the lab discovers auth was needed, "it may not be authorized to start the process itself" because some payers refuse to accept requests from labs. This is the most pointed operational concern in the RFI. The DOS makes this even worse.
MA plans misusing the Date of Service (DOS) policy. The most legally substantive paragraph in the RFI deserves close reading. CMS states that some MA plans are denying prior auth on the grounds that specimen collection has already occurred, which sets the so called "date of service" in the past - perhaps a week before the ordering dock even meets the patient to order the service to start a PA. That PA is already expired, per the 14 day rule DoS.
CMS cites the Part B lab DOS policy at 42 CFR 414.510(a). CMS then says — in unusually direct language — that "this practice of relying on the DOS policy to deny prior authorization is not compliant with rules in the MA program." The agency explains why: DOS is a FFS billing policy, doesn't set the scope of MA basic benefits under 42 CFR 422.101(c)(1), and applying it to deny prior auth for services not yet performed would be "wholly inconsistent" with 42 CFR 422.138(b). (Read: a billing rule can't make the actual date of service be weeks before the test was ordered and run!).
For labs losing these denials, that paragraph is a regulatory hall pass to push back now, not after the rule finalizes.
Inconsistent documentation standards. CMS flags that "some MACs and MA plans may not accept a test requisition form (TRF) or a physician attestation as valid medical documentation" — a longstanding lab grievance now memorialized as a CMS concern.
For more on TRF see a recent court case.
Lab dependence on the ordering provider. CMS recognizes that labs don't furnish the underlying encounter and depend on the ordering provider to initiate prior auth, creating communication gaps when the provider doesn't know auth is required or submits inadequate documentation. (This is a problem in CERT and other audits, too.)
A quietly important footnote. Labs are 'providers' and have standing to be actors in the prior auth process. Footnote 399 reminds payers that under 42 CFR 422.566(c)(1)(ii), "MA plans must allow laboratories to initiate prior authorization requests because a laboratory is a 'provider' that furnishes, or intends to furnish, services to the enrollee." Labs told by MA plans they have no standing now have a citation.
The lab-specific questions posed. Six are explicitly lab-relevant: overall impact on care and burden, consequences of broader TRF acceptance, frequency of post-collection denials, the role of laboratory benefit managers (LBMs), automation opportunities, and workforce impacts. The LBM question is the one to circle — it's the first time in recent memory CMS has invited public comment specifically on LBM practices.
What Labs Should Comment On That CMS Didn't Highlight
This is where the comment letters will diversify and get interesting. CMS framed the RFI narrowly enough that several germane issues sit outside the agency's talking points.
Genetic and molecular testing as a distinct regime. The RFI treats lab tests as a monolith, but molecular and genetic testing — hereditary cancer panels, pharmacogenomics, NIPT, MAAAs, companion diagnostics — operates under a fundamentally different prior auth regime. The harshest LBM behaviors (Z-code requirements, medical policies lagging clinical guidelines by years, restrictive ordering specialty rules) concentrate here. A letter that doesn't draw this distinction risks letting CMS think that just automating P.A. will cure all problems.
Gold carding. CMS doesn't mention it, despite state laws and commercial pilots. Labs have a distinctive angle: the ordering provider is typically gold-carded, but does the operational benefit flows downstream to the lab? What will a lab-relevant version of gold-carding look like.
Standing orders, reflex, and protocol-driven testing. Hospital and reference labs run substantial volumes under standing orders, reflex algorithms, and clinical pathways (reflex cultures, tumor markers, sepsis bundles). Prior auth is fundamentally incompatible with this model — the ordering decision is encoded in a protocol over time, not a per-patient clinician moment. CMS's "patient in the chair" framing captures only the simplest case.
EKRA and the lab's inability to ship resources upstream. Other industries respond to prior auth pressure by offloading administrative work onto sales channels or providers. Labs cannot — EKRA, AKS, and state laws sharply constrain what a lab can pay or offer to assist with provider-side auth burden. CMS should hear that this is a regulatory constraint, not a business choice, and it shapes which solutions are feasible.
Prior-auth automation must be built for labs, not just for imaging and DME. CMS’s rule leans heavily on electronic prior-authorization tools, but those tools were largely designed around services like imaging, procedures, and durable medical equipment.
Lab testing has different data needs: the exact test ordered, LOINC/CPT coding, specimen type, diagnosis codes, LCD/NCD coverage rules, reflex testing logic, and sometimes ABN-related information. Labs should tell CMS that “electronic prior authorization” will not help much unless the required data fields actually fit laboratory workflows. Otherwise, the industry may simply get a faster, shinier portal that still denies the claim for the same old reasons.
Tidbit: There's an alphabet soup here for imaging P.A. I can't touch - Da Vinci PAS/CRD/DTR, IG...
The medical-necessity-determined-after-the-fact paradox. For many tests, future medical necessity literally cannot be determined until some kind of preliminary result is in hand (the thing that leads to reflex, confirmatory, trend analysis, etc). Prior auth requires necessity to be established before the service. This isn't a turnaround-time problem — it's an ontological mismatch between the prior auth model and how diagnostic medicine actually works.
Retroactive denials and recoupment. A significant share of lab prior-auth pain is not the front-end denial but post-payment recoupment months or years later, often via third-party payment integrity vendors. The RFI is framed entirely around the prospective decision.
Reference-lab and out-of-network dynamics. When a hospital sends a specialty assay to a national reference lab, the patient's payer relationship is with the hospital, the ordering provider may be in-network, and the reference lab often isn't. Prior auth in this setting is a three- or four-party negotiation. CMS's framing assumes two "face to face" parties.
Actual harm data. CMS cites general surveys (AMA, KFF, Careviso) in footnotes, regarding harms of P.A. CMS doesn't call out lab-specific adverse outcomes data. The agency record is built from what commenters submit, and right now it's thin. Labs with internal data on auth-related cancellation rates, days-to-decision by payer, or appeal overturn rates should consider including aggregate, de-identified figures. Or if you know of any publications on adverse events caused by lab P.A., upload it to CMS.
LBM transparency and conflicts. CMS asked the LBM question neutrally. A substantive comment should press on specifics: LBM ownership ties to payers or competing labs, opaque medical policy development, lack of appeals paths independent of the LBM, and denial rates used as vendor KPIs.
One closing note. CMS is unusually candid in this RFI about MA plan behavior. Phrases like "may be misusing prior authorizations" and "not compliant with rules in the MA program" don't appear in Federal Register text by accident — they're signals the agency is building a record. Comments supplying specific, citable examples of the behaviors CMS describes will shape what shows up in the next round of MA program rulemaking, separate from this interoperability rule. That's the leverage hidden inside an RFI, and labs treating this as a paperwork exercise will be leaving real influence on the table.
___
BTW Bring your magnifying glass - CMS has some interesting footnotes down there in the fine print.
