Medicaid prior authorization
Medicaid prior authorization is a utilization-management control under which a state Medicaid agency, or a managed care organization (MCO) acting on its behalf, must approve a service, medication, or item before it is delivered in order for it to be eligible for payment. It is a coverage and payment gatekeeping step tied to medical necessity, not a clinical decision to treat. Because Medicaid is jointly funded by federal and state governments and administered by each state, the specific services that require authorization, the submission channels, and the review timeframes differ by state, by program, and by whether the beneficiary is enrolled in fee-for-service (FFS) or managed care. Providers confirm current requirements through the applicable state Medicaid agency or plan and treat authorization as a distinct step from eligibility verification and claim submission.
Updated 7 min read
On this page
Key takeaways
- Medicaid prior authorization requires approval before a designated service, drug, or item is furnished, and the requirement exists to confirm medical necessity and coverage rather than to authorize care itself.
- Which services require authorization, how requests are submitted, and how quickly they are decided vary by state, by program, and by whether the beneficiary is in fee-for-service or managed care.
- In managed Medicaid, the enrollee's MCO — not the state agency — typically sets and administers authorization rules, so providers identify the correct payer before submitting.
- An authorization is not a guarantee of payment; eligibility, timely filing, coordination of benefits, and matching billed services to authorized units still apply.
- Federal EPSDT protections for beneficiaries under 21 can affect how authorization and medical-necessity review are applied to children's services.
What Medicaid prior authorization means
Prior authorization is a form of utilization management in which the payer reviews a proposed service against its coverage and medical necessity criteria before the service is rendered. Under Medicaid, this control is authorized within the federal-state framework but implemented at the state level, which is why practices treat it as a state-and-plan-specific requirement rather than a uniform national rule. The general concept mirrors prior authorization across other payers, but the covered service lists, forms, and portals are set by each Medicaid program.
An approved authorization confirms that the payer agrees a service meets its criteria at the time of review. It does not by itself guarantee payment, because a claim must still clear eligibility verification, timely filing, coordination of benefits, and coding requirements before it is paid.
Authorization is not eligibility
Who administers authorization: FFS versus managed care
The single most important determination before submitting a request is which entity owns the authorization rules. In fee-for-service Medicaid, the state agency or its contracted utilization-management vendor reviews requests. In managed Medicaid, the beneficiary's managed care organization sets its own covered-service lists, criteria, forms, and timeframes within the bounds of its state contract. The distinction between fee-for-service and managed Medicaid therefore drives where and how a request is filed.
| Dimension | Fee-for-service Medicaid | Managed Medicaid (MCO) |
|---|---|---|
| Who sets the rules | State Medicaid agency or its UM contractor | The enrollee's contracted health plan |
| Where requests are filed | State program portal or designated vendor | Each plan's provider portal or intake channel |
| Service lists and criteria | Published by the state program | Set by the plan within its state contract |
| Where to confirm current rules | State Medicaid agency | The specific MCO's provider resources |
Both models operate within federal Medicaid requirements, but day-to-day authorization details vary by state and plan and change over time.
Confirm the right plan first
How authorization requests are typically handled
While the specifics differ by program, the general flow of a Medicaid authorization request follows a recognizable sequence. Documentation expectations, decision timeframes, and expedited (urgent) pathways are defined by the applicable state or plan.
Identify the requirement
Determine whether the specific service, drug, or item requires authorization under the beneficiary's current program or plan, since lists differ and are periodically updated.Confirm the responsible payer
Establish whether FFS or a named MCO administers the benefit on the date of service, and locate that payer's intake channel.Assemble supporting documentation
Gather the clinical information the payer uses to assess medical necessity. General guidance appears in gathering documentation for authorization.Submit through the required channel
File via the portal, form, or electronic pathway the payer designates. Many programs increasingly support electronic prior authorization.Track the decision and units
Record the authorization number, approved units, and validity dates, then reconcile them against billed services. See matching authorized units to billed services.
When a request is denied, programs generally provide review options that may include a peer-to-peer discussion and formal appeal rights. The available steps, deadlines, and beneficiary protections are defined by the state and plan.
EPSDT and other Medicaid-specific considerations
Certain Medicaid features shape how authorization and medical-necessity review apply. Under EPSDT — Early and Periodic Screening, Diagnostic, and Treatment — federal law establishes broad coverage obligations for beneficiaries under 21, which can affect how services for children are reviewed and approved. Providers consult program guidance on EPSDT billing for how these protections interact with authorization.
Because Medicaid is a payer of last resort, other coverage is generally billed first, and third-party liability rules can influence when Medicaid authorization is required. For dual-eligible beneficiaries, the interaction between Medicare and Medicaid affects which payer's authorization process applies to a given service.
Variation is the rule
Why authorization matters for the revenue cycle
Authorization failures are a frequent and largely preventable source of a denial. A missing, expired, or mismatched authorization can lead to non-payment even when the service was medically appropriate. Building authorization checks into front-end workflows reduces avoidable write-offs and rework.
- Missing authorization when one was required for the service or setting.
- Authorization obtained from the wrong payer after a change between FFS and an MCO.
- Billed units or dates that exceed or fall outside the approved range.
- An authorization that lapsed before the service was rendered.
Related patterns appear in common Medicaid billing denials and in broader guidance on authorization-related denials. Practices that standardize verification, documentation, and tracking generally see fewer authorization-driven denials over time.
Frequently asked questions
Does every Medicaid service require prior authorization?
No. Only designated services, drugs, items, or settings require authorization, and those lists vary by state, by program, and by plan. Many routine services do not require it. Providers confirm the current requirement for a specific service through the applicable state Medicaid agency or the beneficiary's managed care plan.
Who reviews the request — the state or the health plan?
It depends on the delivery model. In fee-for-service Medicaid, the state agency or its utilization-management contractor reviews requests. In managed Medicaid, the beneficiary's managed care organization administers authorization under its state contract. Identifying the responsible payer on the date of service is the first step before filing.
Does an approved authorization guarantee payment?
No. An authorization confirms the payer's agreement that a service meets its criteria at review, but the claim must still satisfy eligibility, timely filing, coordination of benefits, coding, and unit-matching requirements to be paid. Authorization and payment are separate determinations.
How long does a Medicaid authorization decision take?
It depends on the program and delivery model. For managed Medicaid, federal regulations set outer limits on how quickly plans must decide standard and expedited authorization requests, but the specific timeframes, allowable extensions, and criteria for expedited handling vary by state and plan and can change over time. Fee-for-service timeframes are defined by the state program. There is no single figure that applies to every service or program, so providers verify current timeframes and urgent-request options with the specific program or plan and rely on the authoritative source at Medicaid.gov.
How does EPSDT affect authorization for children?
EPSDT establishes broad federal coverage obligations for Medicaid beneficiaries under 21, which can affect how medical-necessity review and authorization are applied to children's services. The precise interaction is defined by each state program and is confirmed through its EPSDT guidance.
Related glossary terms
Key terms that appear throughout Medicaid authorization workflows.
Related reading
Continue with related topics across the Medicaid and prior authorization clusters.
Fee-for-service vs. managed Medicaid
How the delivery model determines which payer administers authorization rules.
Medicaid managed care organizations
How MCOs set and administer benefits, including utilization management.
Prior authorization under Medicaid
A closer look at authorization concepts within the Medicaid context.
Common Medicaid billing denials
Frequent denial reasons, including authorization-related failures.
Verifying Medicaid coverage
Confirming eligibility and coverage before authorization and billing.
