US Medical BillingRevenue cycle solutions
Medicaid billing

Medicaid prior authorization

Medicaid prior authorization is a utilization-management control under which a state Medicaid agency, or a managed care organization (MCO) acting on its behalf, must approve a service, medication, or item before it is delivered in order for it to be eligible for payment. It is a coverage and payment gatekeeping step tied to medical necessity, not a clinical decision to treat. Because Medicaid is jointly funded by federal and state governments and administered by each state, the specific services that require authorization, the submission channels, and the review timeframes differ by state, by program, and by whether the beneficiary is enrolled in fee-for-service (FFS) or managed care. Providers confirm current requirements through the applicable state Medicaid agency or plan and treat authorization as a distinct step from eligibility verification and claim submission.

Updated 7 min read

On this page

Key takeaways

What Medicaid prior authorization means

Prior authorization is a form of utilization management in which the payer reviews a proposed service against its coverage and medical necessity criteria before the service is rendered. Under Medicaid, this control is authorized within the federal-state framework but implemented at the state level, which is why practices treat it as a state-and-plan-specific requirement rather than a uniform national rule. The general concept mirrors prior authorization across other payers, but the covered service lists, forms, and portals are set by each Medicaid program.

An approved authorization confirms that the payer agrees a service meets its criteria at the time of review. It does not by itself guarantee payment, because a claim must still clear eligibility verification, timely filing, coordination of benefits, and coding requirements before it is paid.

Authorization is not eligibility

Who administers authorization: FFS versus managed care

The single most important determination before submitting a request is which entity owns the authorization rules. In fee-for-service Medicaid, the state agency or its contracted utilization-management vendor reviews requests. In managed Medicaid, the beneficiary's managed care organization sets its own covered-service lists, criteria, forms, and timeframes within the bounds of its state contract. The distinction between fee-for-service and managed Medicaid therefore drives where and how a request is filed.

How authorization responsibility generally differs by delivery model
How authorization responsibility generally differs by delivery model
DimensionFee-for-service MedicaidManaged Medicaid (MCO)
Who sets the rulesState Medicaid agency or its UM contractorThe enrollee's contracted health plan
Where requests are filedState program portal or designated vendorEach plan's provider portal or intake channel
Service lists and criteriaPublished by the state programSet by the plan within its state contract
Where to confirm current rulesState Medicaid agencyThe specific MCO's provider resources

Both models operate within federal Medicaid requirements, but day-to-day authorization details vary by state and plan and change over time.

Confirm the right plan first

How authorization requests are typically handled

While the specifics differ by program, the general flow of a Medicaid authorization request follows a recognizable sequence. Documentation expectations, decision timeframes, and expedited (urgent) pathways are defined by the applicable state or plan.

  1. Identify the requirement

    Determine whether the specific service, drug, or item requires authorization under the beneficiary's current program or plan, since lists differ and are periodically updated.
  2. Confirm the responsible payer

    Establish whether FFS or a named MCO administers the benefit on the date of service, and locate that payer's intake channel.
  3. Assemble supporting documentation

    Gather the clinical information the payer uses to assess medical necessity. General guidance appears in gathering documentation for authorization.
  4. Submit through the required channel

    File via the portal, form, or electronic pathway the payer designates. Many programs increasingly support electronic prior authorization.
  5. Track the decision and units

    Record the authorization number, approved units, and validity dates, then reconcile them against billed services. See matching authorized units to billed services.

When a request is denied, programs generally provide review options that may include a peer-to-peer discussion and formal appeal rights. The available steps, deadlines, and beneficiary protections are defined by the state and plan.

EPSDT and other Medicaid-specific considerations

Certain Medicaid features shape how authorization and medical-necessity review apply. Under EPSDT — Early and Periodic Screening, Diagnostic, and Treatment — federal law establishes broad coverage obligations for beneficiaries under 21, which can affect how services for children are reviewed and approved. Providers consult program guidance on EPSDT billing for how these protections interact with authorization.

Because Medicaid is a payer of last resort, other coverage is generally billed first, and third-party liability rules can influence when Medicaid authorization is required. For dual-eligible beneficiaries, the interaction between Medicare and Medicaid affects which payer's authorization process applies to a given service.

Variation is the rule

Why authorization matters for the revenue cycle

Authorization failures are a frequent and largely preventable source of a denial. A missing, expired, or mismatched authorization can lead to non-payment even when the service was medically appropriate. Building authorization checks into front-end workflows reduces avoidable write-offs and rework.

  • Missing authorization when one was required for the service or setting.
  • Authorization obtained from the wrong payer after a change between FFS and an MCO.
  • Billed units or dates that exceed or fall outside the approved range.
  • An authorization that lapsed before the service was rendered.

Related patterns appear in common Medicaid billing denials and in broader guidance on authorization-related denials. Practices that standardize verification, documentation, and tracking generally see fewer authorization-driven denials over time.

Frequently asked questions

Does every Medicaid service require prior authorization?

No. Only designated services, drugs, items, or settings require authorization, and those lists vary by state, by program, and by plan. Many routine services do not require it. Providers confirm the current requirement for a specific service through the applicable state Medicaid agency or the beneficiary's managed care plan.

Who reviews the request — the state or the health plan?

It depends on the delivery model. In fee-for-service Medicaid, the state agency or its utilization-management contractor reviews requests. In managed Medicaid, the beneficiary's managed care organization administers authorization under its state contract. Identifying the responsible payer on the date of service is the first step before filing.

Does an approved authorization guarantee payment?

No. An authorization confirms the payer's agreement that a service meets its criteria at review, but the claim must still satisfy eligibility, timely filing, coordination of benefits, coding, and unit-matching requirements to be paid. Authorization and payment are separate determinations.

How long does a Medicaid authorization decision take?

It depends on the program and delivery model. For managed Medicaid, federal regulations set outer limits on how quickly plans must decide standard and expedited authorization requests, but the specific timeframes, allowable extensions, and criteria for expedited handling vary by state and plan and can change over time. Fee-for-service timeframes are defined by the state program. There is no single figure that applies to every service or program, so providers verify current timeframes and urgent-request options with the specific program or plan and rely on the authoritative source at Medicaid.gov.

How does EPSDT affect authorization for children?

EPSDT establishes broad federal coverage obligations for Medicaid beneficiaries under 21, which can affect how medical-necessity review and authorization are applied to children's services. The precise interaction is defined by each state program and is confirmed through its EPSDT guidance.

Related glossary terms

Key terms that appear throughout Medicaid authorization workflows.

Ready to improve your revenue cycle?

Explore our services and knowledge base to see how we can help.