A 14-hospital US health system replaced its faxed-and-phoned prior authorization process with xyner agents — turning a 7-day wait into a 12-minute decision while maintaining HIPAA-grade audit.
A top-20 US health system was running a 320-FTE prior-authorization operation with average turnaround of 6 business days, a 28% initial-denial rate, and rising clinical-team frustration as physicians spent unbillable time on PA workflows.
Deployed a Prior-Authorization Agent connected to the EHR (Epic), payer portals, formulary database and the clinical documentation system, with HIPAA-grade audit and PHI redaction enforced on every outbound payer call.
PA turnaround cut from 6 days to under 2; initial-denial rate down from 28% to 17%; approximately 40% of physician PA-related effort eliminated; appeals workload reduced by 35%.
A top-20 US integrated health system
Prior authorization across all commercial payers
From contract signature to full rollout.
The deployment runs in the health system's HIPAA-aligned private cloud with a single-tenant data plane; PHI never leaves the system's perimeter, and all model calls go to HIPAA-eligible model endpoints in the same region.
Reads the clinical note, identifies the proposed service/medication, looks up the relevant payer's PA requirements, assembles clinical evidence from the EHR, and drafts the submission.
First-class connectors to the major US commercial payers' PA APIs and portals, with fallback to fax-based PA where APIs aren't available.
Policy-aware RAG indexed on each payer's medical policy, formulary and PA criteria — retrieval bounded by payer and date.
Cases requiring clinical judgment route to the system's clinical-review nurses with the assembled evidence and proposed submission for approval.
On initial denial, an appeals agent assembles additional evidence, drafts the appeal letter citing the relevant policy clause, and routes for clinical sign-off.
Every PHI touchpoint is captured; every payer interaction is logged; PHI is redacted on any model call that doesn't require it.
A 10-week pilot focused on three high-volume service lines (cardiology, oncology, advanced imaging) before scaling to the full PA portfolio.
Deploy in HIPAA private cloud; configure HIPAA-eligible model endpoints; complete BAA paperwork with relevant providers; deploy single-tenant data plane.
Integrate Epic, major payer portals, the formulary database, and the appeals workflow system; configure RBAC inheritance from the system's identity provider.
Configure the PA agent against the three pilot service lines; load payer medical policies and PA criteria into the RAG layer; complete first round of clinical-safety testing.
Agents run alongside the PA team for two weeks; go live with clinical approval on all submissions for the three pilot service lines.
Add service lines incrementally; expand to more payers; introduce the appeals agent.
Full PA portfolio coverage; autonomy thresholds calibrated for low-complexity routine PAs; humans focus on high-complexity and appeals.
Healthcare AI is under intense scrutiny — HIPAA, HITECH, the HHS AI strategy, payer-readiness requirements. Every component was designed for the audit conversation.
PHI tagged at write-time; access-checked at read-time; redacted on any outbound call that doesn't require it; minimum-necessary enforced at retrieval.
Every clinical recommendation requires a citation chain to the clinical guideline, formulary or evidence base. No ungrounded clinical reasoning ever ships.
All PA submissions and appeals are reviewed by a licensed clinical reviewer before submission for the first 90 days; thresholds recalibrate based on demonstrated quality.
Every PHI touchpoint and every payer interaction is captured with timestamp, requester, payload hash and outcome. Audit packs export on demand for HIPAA reviews.
Payer interactions are rate-limited and respectful of payer-side terms; flagged or rejected submissions trigger root-cause analysis, not retry-loops.
Three lessons for other health systems considering agentic AI in revenue-cycle and clinical-administrative workflows.
Prior auth was a clear case: high volume, well-defined success criteria (approval/denial), measurable cycle time. Choose workflows where 'better' is obviously definable.
Clinical and operational leadership co-designed the agent behaviour and the hand-off thresholds. The deployment ran into zero clinical-safety pushback because the clinicians had built it.
Every model call goes through a redaction layer at the platform — not in app code. This is the single biggest derisking decision for a healthcare AI deployment.
Tell us your sector. A senior xyner partner will walk you through a tailored plan.