How to Track Medicaid Authorizations Without Losing Revenue

You provided the session. Your clinician documented it. Billing submitted the claim. Then it bounced because the authorization expired three days ago.

Now you’re chasing an appeal instead of focusing on clients. If you’ve been there, you’re not alone. An HHS Office of Inspector General review found over 2 million prior authorization denials across Medicaid managed care organizations, with denial rates as high as 41% at some plans.¹ A huge chunk of those? Preventable authorization lapses.

Here’s the thing: 87% of providers still rely on manual systems to track Medicaid authorizations. Spreadsheets, sticky notes, shared calendars.² For behavioral health practices juggling multiple MCOs, that’s a recipe for missed deadlines and lost revenue.

This post breaks down why authorization tracking falls apart, what the new CMS rules mean for your workflow, how to spot the warning signs, and what a working system actually looks like.

Why Medicaid Authorization Tracking Falls Apart

The problem isn’t that your staff forgets. It’s that the system is designed to be confusing.

Each Medicaid MCO sets its own authorization requirements, submission methods, and renewal timeframes. A practice in Charlotte billing four MCOs is effectively managing four different systems with four different portals, forms, and rules. No universal standard exists for prior authorization in behavioral health.³

Behavioral health makes it worse. IOP programs might require reauthorization every 7 days. Therapy gets authorized in blocks of 12 or 20 visits. Psychiatric medication management follows a completely different set of rules. One practice, three service lines, three authorization workflows.

Then there’s the knowledge-silo problem. Your billing specialist “just knows” which MCO needs what. She tracks it in her head, a spreadsheet only she understands, or a system of colored tabs in a binder. When she takes vacation or leaves the practice, the whole thing collapses.

The cost isn’t abstract. Every session delivered without valid authorization is revenue at risk. Appealing a single denial burns 30-45 minutes of staff time. Multiply that across a caseload, and you’re looking at hours of preventable admin work every week.

What the New CMS Rules Mean for Authorization Tracking

The regulatory ground shifted in January 2026. CMS-0057-F now sets federal timelines for Medicaid managed care PA decisions: 7 calendar days for standard requests, 72 hours for expedited. Payers must provide specific denial reasons too, not just generic “not authorized” rejections.⁴

The continuity of care provision matters even more for behavioral health. When a patient switches Medicaid plans mid-treatment, the new plan must honor existing prior authorizations for 90 days.⁴ But here’s the catch: you need clean documentation proving the auth existed. If your tracking system is a spreadsheet that nobody updated, good luck.

Looking ahead, payers must implement FHIR-based electronic PA APIs by January 2027.⁴ That means EHR-to-payer authorization workflows will eventually become automated. Practices with EHR-integrated authorization tracking will be ready. Practices still faxing auth requests won’t be.

Payers also now have to publicly report PA metrics annually: approval rates, denial rates, average decision times. Transparency is coming. And it gives your practice data to hold MCOs accountable.

Faster payer responses only help if your practice can submit requests promptly and track the responses in real time. The new rules reward organized practices.

Five Signs Your Authorization Tracking Is Costing You Money

Quick self-assessment. If two or more of these apply, your current system has gaps:

1. Claims denied for expired authorizations more than once this quarter. That’s not a fluke. It’s a pattern. If it’s happened twice, you’ve got a system problem, not a people problem.

2. Nobody can check remaining authorized sessions without digging. If a clinician asks “how many sessions does this client have left?” and the answer takes more than 10 seconds, your tracking is too slow.

3. You’ve delivered services before discovering auth was never obtained. This one stings the most. The session happened, the note was written, and the claim will be denied. No appeal possible.

4. Reauthorization requests go out late. You’re renewing after expiration instead of before it. That gap means sessions in limbo.

5. You’re spending 30+ minutes per patient on authorization admin. Per patient. Across your full caseload, that adds up fast.

Here’s a grounding stat: 30% of claim denials trace back to coverage verification issues, errors that manual processes create and automated systems prevent.²

If you recognized your practice in two or more of those signs, your current method (whether it’s a spreadsheet, a whiteboard, or someone’s memory) has limits.

How to Build a Medicaid Authorization Tracking System That Works

Three approaches, with honest trade-offs for each:

Manual tracking (spreadsheet or shared doc). This works for solo practitioners or very small practices with 1-3 clinicians and 1-2 MCOs. Build a spreadsheet with columns for client name, payer, auth number, service codes, units authorized, units used, expiration date, and renewal-by date. Set calendar reminders 3 days before each expiration. It’s free and better than nothing. But it breaks once you hit 50+ active auths or add a third MCO. Human error scales with volume.

EHR-integrated authorization management. This is the approach that scales. What good looks like: authorization details live inside the client record. Units auto-decrement as sessions get documented. The system alerts staff when auths approach expiration. Real-time eligibility verification runs before each session. Billing can’t submit a claim without a valid auth attached. Everything in one place, visible to clinicians, billing, and front desk.

Third-party PA automation tools. Dedicated platforms handle PA submission and tracking. They can work for high-volume practices. But they add another system, another login, another vendor. Data lives outside your EHR, which means manual reconciliation. For behavioral health practices already juggling fragmented tools, another layer isn’t always the answer.

Regardless of approach, a few best practices apply:

• Set expiration alerts 3 days before, not the day of, not the day after
• Verify eligibility at every encounter, not just intake
• Designate one auth point-of-contact per MCO, but document everything in a shared system (never in one person’s head)
• Review auth status weekly in a standing 15-minute huddle

How PIMSY Handles Medicaid Authorization Tracking

PIMSY’s authorization management module, available on Professional and Platinum plans, was built for exactly this problem. It’s not a bolt-on or third-party integration. Auth tracking lives inside the same system where you schedule, document, and bill.

Here’s what that means in practice:

• Enter auth details once. Payer, auth number, service codes, units authorized, effective dates: all tied to the client record.
• Units auto-decrement. Every time a clinician documents a session, remaining authorized units count down automatically. No manual tallying. No wondering “did someone update the spreadsheet?”
• Expiration alerts fire before it’s too late. Staff get notified as auths approach their end date, with enough lead time to submit renewals before there’s a gap.
• Real-time eligibility verification. Before a session starts, PIMSY checks whether the client’s Medicaid coverage is active. Catches lapses before they become denied claims.
• Chart deficiency tracking. Missing auth? It shows up alongside other documentation gaps in one dashboard.

The behavioral health angle matters here. Authorization rules for individual therapy, group therapy, psychiatric medication management, IOP, PHP, and residential programs are all different. A primary care EHR retrofitted for behavioral health treats them the same. PIMSY doesn’t.

Once auth is confirmed, claims route through PIMSY’s clearinghouse integrations (Claim MD, Office Ally, Trizetto, or Waystar) for faster, cleaner submission.

Consider a 15-clinician practice in Raleigh that moved from spreadsheet-based auth tracking to PIMSY’s built-in module. The practice manager stopped spending Friday afternoons manually checking auth statuses. Reauth requests started going out on time. Authorization-related denials dropped.

Stop Chasing Authorizations, Start Managing Them

Every expired authorization is a claim you can’t collect and a session your clinician can’t bill for. Manual tracking doesn’t scale, and the new CMS rules are raising the stakes.

The practices that come out ahead aren’t the ones working harder on authorization admin. They’re the ones whose systems do the tracking for them: flagging expirations, counting units, verifying eligibility before the session starts.

As FHIR-based PA APIs roll out in 2027, EHR-integrated Medicaid authorization management won’t just be nice to have. It’ll be table stakes.

Want to see how PIMSY handles Medicaid authorization tracking for behavioral health practices? Request a demo and we’ll walk you through it.

—

Sources

¹High Rates of Prior Authorization Denials by Some Plans and Limited State Oversight – HHS OIG

²Prior Authorization Challenges Facing Behavioral Health – Adonis

³Prior Authorization in Medicaid – MACPAC (August 2024)

⁴CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F)