Five days ago, the clock ran out.
On March 31, 2026, every Medicare Advantage organization, Medicaid program, CHIP plan, and Qualified Health Plan issuer on the federal exchange was required to publicly report their prior authorization metrics. Approval rates. Denial rates. How long decisions take. How often appeals overturn denials. Basic accountability data that patients and providers have never had access to.
We wanted to know: did anyone actually do it?
So we built an automated pipeline and checked all 1,296 impacted payers in the United States. We crawled their websites, searched for compliance pages, probed their FHIR endpoints, and scored every single one.
The short answer: almost nobody did it.
86% of Payers Got an F
Out of 1,296 payers we assessed, 1,114 showed zero evidence of publishing their required prior authorization data. Not a PDF buried in a legal section. Not a half-baked compliance page. Nothing.
| Grade | Payers | Share | What It Means |
|---|---|---|---|
| A | 7 | 0.5% | Full machine-readable metrics published |
| B | 110 | 8.5% | Metrics page found with PA data |
| C | 0 | 0.0% | - |
| D | 65 | 5.0% | Minimal PA content discoverable |
| F | 1,114 | 86.0% | No evidence of compliance |
Only 9% of payers showed any meaningful effort toward compliance. Seven payers - just seven out of nearly 1,300 - earned an A.
Who Actually Complied?
The standouts are not who you’d expect. The biggest payers in the country are mostly absent. Instead, the honor roll is dominated by small state Medicaid programs that quietly did the right thing.
Grade A payers (full machine-readable data):
- Utah Medicaid - published metrics
- Wisconsin Medicaid - published metrics
- Wyoming Medicaid - published metrics
- Sendero Health Plans (TX) - a small nonprofit QHP issuer in Texas that outperformed every Fortune 500 health insurer
Utah, Wisconsin, and Wyoming also earned A grades for their CHIP programs, using the same reporting infrastructure.
UnitedHealth Group is the only major commercial payer with discoverable PA metrics, earning B grades across its contracts. Their interoperability page exists and contains PA data, though it’s not fully machine-readable.
Everyone else? Crickets.
The Wall of Shame
These are the largest payers in the country by enrollment, and none of them have published discoverable PA metrics:
| Payer | Enrolled | Grade |
|---|---|---|
| WellCare (Centene) | 8,889,493 | F |
| Aetna Medicare (CVS Health) | 4,243,140 | F |
| Humana | 3,796,299 | F |
| Humana (second contract) | 2,668,252 | F |
| Centene / Sunshine Health (FL) | 2,500,000 | F |
| L.A. Care Health Plan | 2,400,000 | F |
| UnitedHealthcare Community (NY) | 2,200,000 | F |
| Fidelis Care (NY) | 2,100,000 | F |
| Centene / Ambetter (TX) | 2,000,000 | F |
| Molina Healthcare (CA) | 1,900,000 | F |
These ten payers alone cover over 32 million Americans. None of them could be bothered to publish a transparency report that CMS gave them over two years to prepare for.
Compliance by Payer Type
QHP issuers on the federal exchange showed the highest compliance rate at 20%. Medicare Advantage - the largest category with 975 contracts - managed just 7%. Not a single Medicaid managed care organization complied.
| Payer Type | Total | Compliant | Rate |
|---|---|---|---|
| Qualified Health Plans | 184 | 37 | 20% |
| CHIP | 51 | 4 | 8% |
| Medicare Advantage | 975 | 72 | 7% |
| Medicaid FFS | 56 | 4 | 7% |
| Medicaid Managed Care | 30 | 0 | 0% |
The FHIR Readiness Picture Is Even Worse
The January 1, 2027 deadline for FHIR-based prior authorization APIs is nine months away. We tested 48 FHIR endpoints across the payer landscape.
- 27 are live with basic FHIR R4 capability
- Zero have implemented Da Vinci PAS profiles (the prior-authorization-specific standard)
- Not a single payer is API-ready for electronic prior auth
This is the API mandate that’s supposed to transform how prior auth works. Nine months out, nobody has started.
What CMS Required
The reporting obligation is straightforward. CMS-0057-F requires payers to publicly report eight metrics for medical items and services (excluding drugs):
- A list of all items and services requiring prior authorization
- Percentage of standard PA requests approved
- Percentage of standard PA requests denied
- Percentage approved after appeal
- Percentage where the timeframe was extended and then approved
- Percentage of expedited requests approved
- Percentage of expedited requests denied
- Average and median time from submission to decision
CMS suspended the health equity breakdown and plan-level service category granularity in June 2025, reducing the burden even further. Payers only need to report aggregate numbers. And still, the vast majority didn’t bother.
There’s also no centralized CMS portal for this data. Each payer publishes on their own website, which means there’s no single place to look - and no easy way for CMS to verify compliance at scale.
How We Did This
We built a comprehensive automated pipeline:
- Payer registry: 975 MA contracts from CMS CPSC data (March 2026), 184 QHP issuers from the Plan Attributes PUF (PY2026), all 56 state Medicaid programs, 51 CHIP programs, and 30 major Medicaid MCOs
- Website crawler: Checked known compliance page URLs and common transparency paths on each payer’s website, searching for PA metrics keywords and machine-readable data indicators
- FHIR endpoint tester: Probed 48 endpoints from the ONC Lantern directory for capability statements and Da Vinci profile support
- Scoring: 0-3 scale for metrics reporting (weighted 70%) and FHIR readiness (weighted 30%), mapped to letter grades
All scores reflect what we could discover through public web crawling. Some payers may have published data in locations our crawler didn’t reach. If you know of corrections, let us know.
The full interactive scorecard with filtering and search is available at artificerhealth.com/compliance.
What Happens Now
Prior authorization touches over 50 million determinations per year in Medicare Advantage alone. It’s the single biggest source of administrative friction in American healthcare. Physicians report care delays, staff burn hours on fax machines and phone trees, and patients wait while payers sit on decisions.
CMS gave payers a simple ask: tell the public how your prior auth system actually performs. Two years of lead time. A standardized template. Reduced reporting requirements after the June 2025 suspension.
And 86% of them ignored it.
The lack of enforcement mechanisms is part of the problem. CMS didn’t create a central submission portal, didn’t publish a compliance tracker, and hasn’t announced any enforcement actions. Payers calculated - probably correctly - that there would be no consequences for ignoring the rule.
That calculus should change. This data should be public. Patients deserve to know which payers approve quickly and which ones stall. Providers deserve to know what they’re up against. And CMS needs to decide whether its rules actually mean anything.
We’ll keep tracking. The FHIR API mandate hits in January 2027. We’ll be watching.
This analysis is updated regularly. See the full interactive data at artificerhealth.com/compliance. Artificer Health is building the platform to eliminate prior authorization friction for physicians and practices. Learn more or apply for our pilot program.