The Hidden Rule Makers Behind Prior Auth and Claim Denials: How InterQual, MCG, HealthEdge, Zelis, Lyric, and Optum’s CES Write the Criteria Payers Use to Reject Care and Why That’s Where Real Reform
Quick Links: Knowledge Base, Podcast, and Social
Knowledge Base — search and filter every article and podcast episode by topic, section, and keyword: kb.onhealthcare.tech
Listen to the Podcast — every article is also available as an audio episode. Free subscribers get the public episodes; paid subscribers get the full archive including subscriber-only episodes. Listen on Apple Podcasts, Spotify, or browse all episodes on the Substack Podcast page.
For paid subscribers — your subscription unlocks the entire research archive (538+ deep-dives), every paid podcast episode, and full search inside the Knowledge Base. To listen to paid episodes in Apple or Spotify, link your Substack subscription via the show settings on those platforms (instructions inside the Substack app under Subscriptions → Podcast).
For free subscribers — free posts and free podcast episodes are always public on Apple/Spotify and Substack. Upgrade any time at onhealthcare.tech/subscribe to access the paid archive and paid episodes.
Follow on Social — X · YouTube · TikTok · Instagram
Video Preview
Podcast
To listen to paid episodes in Apple or Spotify, link your Substack subscription via the show settings on those platforms (instructions inside the Substack app under Subscriptions → Podcast).
Table of Contents
Abstract
The wrong villain
Who actually writes the prior auth rules
The claim editing oligopoly nobody talks about
The contingent fee problem
When the rule maker also owns the payer
AI just poured gasoline on it
What CMS-0057 and the state bills keep missing
Where reform has to actually land
Thesis: payers absorb the political and reputational damage for prior auth (PA) and claim denials, but the rules that drive most of those denials are written and sold by a small cluster of tech vendors that almost nobody outside the UM and payment integrity world thinks about.
PA criteria: roughly two products, InterQual (Optum-owned via the Change deal) and MCG (Hearst-owned), sit underneath medical necessity decisioning at most commercial, Medicaid MCO, and MA plans in the country. KLAS puts InterQual around 60% share and MCG around 30%.
Claim editing: Optum’s CES, Lyric (the old ClaimsXten line spun out of Change as a DOJ divestiture), HealthEdge (with Source and Burgess), and Zelis dominate the auto-deny, repricing, and payment integrity layer.
Economics: a meaningful slice of payment integrity vendors get paid on contingency (often 15-30% of “savings”), which is a bounty on denials, not a fee for accuracy.
Conflict: Optum owns InterQual, owns CES, owns rev cycle assets, and UHG owns UHC. Same corporate parent on both sides of the same denial.
OIG (2022) found 13% of sampled MA PA denials and 18% of payment denials met Medicare coverage rules. Senate PSI (2024) flagged UHC PA denial rates for post-acute care more than doubling from 2019 to 2022 as automation rolled out.
AI: Lyric, Cohere, Cotiviti, EXL, and a wave of startups now run NLP/LLM overlays on unstructured documentation. Denials at sub-second latency, millions per day.
Policy: CMS-0057-F (Jan 2024 final rule) covers FHIR APIs, turnaround clocks, metric reporting (2026, API by Jan 2027). It does not touch the criteria layer or the contingency economics.
Reform has to go upstream to the vendor layer, not just the payer layer.
The wrong villain
Everyone has a payer story. The MA plan that denied mom’s SNF days. The commercial plan that wanted three failed conservative therapies before an MRI. The Medicaid MCO that decided 23 hours of obs was clinically equivalent to inpatient. The instinct is to point at the logo on the denial letter, and that instinct is half right. The plan signed the letter. The plan is on the hook with state insurance regulators. The plan gets the brand damage when ProPublica writes the piece. But peel back one layer and the plan didn’t write the criteria, didn’t build the engine, often doesn’t even adjudicate the edge cases on its own software. A vendor did. Two vendors, really, for prior auth. A handful for claim editing. And these vendors don’t take the brand hit, don’t sit in front of a state senate hearing, don’t get mentioned by name in the explanation of benefits. They just collect the check.
That’s not a conspiracy theory, it’s how UM infrastructure gets built. A mid-size health plan does not have the clinical staff or the regulatory cover to write its own level of care criteria for 4,000 DRGs and 9,500-ish CPT codes. So it licenses a product, plugs it into its UM workflow, and treats the output as if it were carved on a stone tablet. Same on the claims side. A claims platform doesn’t ship with an opinion on whether modifier 25 was appropriate or whether 76942 should bundle into 20610. It calls out to an edit engine. The edit engine has the opinion. The edit engine sends back a deny. The payer ratifies and moves on to the next 4 million claim lines that day.
Calling that a “payer decision” is technically true and substantively misleading. It’s like calling a 737 MAX crash an airline decision. The airline operated the plane, sure, but it bought the airframe, the avionics, and the certification package from someone else and is not in a great position to relitigate any of that mid-flight.
Who actually writes the prior auth rules
