Automating PA Override Approvals
A resubmitted claim can carry override fields that assert “authorization already exists, apply it” — a 420-DK Submission Clarification Code, a 461-EU Prior Authorization Type Code, and a 462-EV Prior Authorization Number Submitted. The decision this page settles is which of those overrides an engine may apply automatically, moving a PENDING case straight to OVERRIDDEN, and which must never be trusted from the wire and instead have to route to a human clinical reviewer. Get the gate too loose and the engine rubber-stamps unreviewed fills — plan leakage and a clinical-safety miss; get it too tight and it buries the review queue with overrides that a policy could have cleared deterministically. The gate below classifies each override type, verifies that any referenced authorization actually exists, and recomputes member cost share in Decimal before it lets the claim re-price. It sits inside Prior Authorization Routing Automation and consumes the same case the trigger rules opened with reject 75.
The Override Classification Decision
Not every override is equal. Some are pointers to authorization the plan already granted — a 462-EV PA number the system itself issued — and those can be verified and auto-applied. Others are clinical assertions made at the point of sale — “medically necessary,” “therapy change” — that a payload cannot self-authorize and that must reach a reviewer. The gate’s job is to sort submissions into three buckets: auto-approve after verification, reject as malformed, or route to clinical review.
| Override submitted | Field values | Verification | Disposition |
|---|---|---|---|
| System-issued PA number | 461-EU=1, 462-EV present |
462-EV resolves to a live APPROVED/OVERRIDDEN authorization for this (member, GPI) |
Auto-approve → OVERRIDDEN |
| Copay exemption | 461-EU=4 |
Plan policy permits a zero cost-share edit for this GPI | Auto-approve → recompute copay to 0.00 |
| Compound clearance | 420-DK=08 |
Every ingredient NDC is on-file and covered | Auto-approve if all covered, else review |
| Therapy change | 420-DK=05 |
Clinical assertion; no deterministic proof on the wire | Route to clinical review |
| Medically necessary | 420-DK=07 |
Clinical assertion; requires reviewer judgment | Route to clinical review |
| Medical certification | 461-EU=2 |
Off-system certification | Route to clinical review |
| Unknown / unmapped | any unrecognized code | — | Reject 75, no auto-apply |
The rule that keeps this safe: auto-approval is only ever a verification of something the plan already decided, never a new decision. A 462-EV number is trusted only when it dereferences to a live authorization the PA system itself issued for this exact member and therapeutic class; a bare number on the wire proves nothing. Everything that requires clinical judgment — the 420-DK values that assert a medical fact — routes to review regardless of how the claim is formatted. Which drugs need authorization at all is decided upstream in Step Therapy & Prior Auth Trigger Rules; this gate only governs how an asserted override is honored.
Figure: The override gate — malformed codes reject with 75, clinical-assertion codes route to review, and only a policy-eligible override whose 462-EV resolves to a live authorization auto-applies OVERRIDDEN and recomputes copay.
Step-by-Step Implementation
The gate is built in four moves: parse and validate the override codes, apply the policy classification, verify any referenced authorization, then emit an audit event and recompute copay.
1. Validate the override codes. Reject anything that is not a recognized 420-DK/461-EU value before doing any work; a malformed override is reject 75, not a review.
from decimal import Decimal, ROUND_HALF_UP
from enum import Enum
from typing import Optional
from pydantic import BaseModel, field_validator, ConfigDict
CENTS = Decimal("0.01")
# 420-DK Submission Clarification Codes eligible for automated handling.
AUTO_SCC = {"08"} # 08 = process compound (verify ingredients)
REVIEW_SCC = {"05", "07"} # 05 therapy change, 07 medically necessary
# 461-EU Prior Authorization Type Codes.
AUTO_PA_TYPE = {"1", "4"} # 1 = prior auth pointer, 4 = copay exemption
REVIEW_PA_TYPE = {"2"} # 2 = medical certification
class Disposition(str, Enum):
AUTO = "AUTO_APPROVE"
REVIEW = "CLINICAL_REVIEW"
REJECT = "REJECT"
class OverrideRequest(BaseModel):
model_config = ConfigDict(extra="forbid")
member_token: str # opaque; 302-C2 stripped upstream
gpi: str # therapeutic class, not raw 407-D7 NDC
scc_420dk: Optional[str] = None # 420-DK Submission Clarification Code
pa_type_461eu: Optional[str] = None # 461-EU Prior Authorization Type Code
pa_number_462ev: Optional[str] = None # 462-EV PA Number Submitted
base_copay: Decimal # tier copay before override, Decimal
@field_validator("base_copay")
@classmethod
def _quantize(cls, v: Decimal) -> Decimal:
return v.quantize(CENTS, rounding=ROUND_HALF_UP)2. Classify against the policy set. Map the submitted codes to a disposition. Anything not explicitly auto-eligible falls to review or reject — the default is never “approve.”
def classify(req: OverrideRequest) -> Disposition:
scc, pa_type = req.scc_420dk, req.pa_type_461eu
if pa_type in REVIEW_PA_TYPE or scc in REVIEW_SCC:
return Disposition.REVIEW # clinical assertion: never auto
if pa_type in AUTO_PA_TYPE or scc in AUTO_SCC:
return Disposition.AUTO # eligible, pending verification
return Disposition.REJECT # unrecognized override3. Verify the referenced authorization and recompute copay. An auto-eligible override still has to dereference: a 461-EU=1 pointer must resolve its 462-EV to a live authorization, and a 461-EU=4 copay exemption recomputes the member cost share to 0.00. Verification failure downgrades to review, it never approves.
import json
import logging
from dataclasses import dataclass
from typing import Callable
logging.basicConfig(format="%(message)s", level=logging.INFO)
logger = logging.getLogger("pa_override")
@dataclass(frozen=True)
class OverrideOutcome:
disposition: Disposition
new_copay: Optional[Decimal]
reason: str
def apply_override(
req: OverrideRequest,
auth_is_live: Callable[[str, str, str], bool], # (member, gpi, 462-EV) -> bool
) -> OverrideOutcome:
disp = classify(req)
if disp is Disposition.REJECT:
outcome = OverrideOutcome(disp, None, "unrecognized_override")
elif disp is Disposition.REVIEW:
outcome = OverrideOutcome(disp, None, "clinical_assertion")
elif req.pa_type_461eu == "4":
# Copay exemption: recompute cost share to zero in Decimal.
outcome = OverrideOutcome(disp, Decimal("0.00"), "copay_exemption")
elif req.pa_number_462ev and auth_is_live(
req.member_token, req.gpi, req.pa_number_462ev
):
outcome = OverrideOutcome(disp, req.base_copay, "verified_authorization")
else:
# Auto-eligible but the referenced authorization did not verify.
outcome = OverrideOutcome(Disposition.REVIEW, None, "auth_not_live")
_audit(req, outcome)
return outcome
def _audit(req: OverrideRequest, outcome: OverrideOutcome) -> None:
# PHI GUARDRAIL: tokens + codes + outcome only; never 302-C2, 310-CA, payload.
logger.info(json.dumps({
"event": "pa_override",
"member_token": req.member_token,
"gpi": req.gpi,
"scc_420dk": req.scc_420dk,
"pa_type_461eu": req.pa_type_461eu,
"disposition": outcome.disposition.value,
"reason": outcome.reason,
"new_copay": None if outcome.new_copay is None else str(outcome.new_copay),
"reject_code": "75" if outcome.disposition is Disposition.REJECT else None,
}))The copay figure crosses the wire as a quantized Decimal string; the recompute defers the full tier arithmetic to Tier Mapping & Copay Calculation Logic, so a float never touches cost share. The auth_is_live callback is injected so verification hits the PA system of record rather than trusting the wire.
Verification and Testing Pattern
Pin two properties: a clinical-assertion code never auto-approves, and an unverifiable pointer downgrades to review rather than applying.
import pytest
def live_ok(m, g, n): return True
def live_no(m, g, n): return False
def req(**kw):
base = dict(member_token="MTOK_1", gpi="27100010100320", base_copay=Decimal("40.00"))
return OverrideRequest(**{**base, **kw})
def test_medically_necessary_routes_to_review():
out = apply_override(req(scc_420dk="07"), live_ok) # 420-DK 07 assertion
assert out.disposition is Disposition.REVIEW
def test_verified_pointer_auto_approves():
out = apply_override(req(pa_type_461eu="1", pa_number_462ev="PA9001"), live_ok)
assert out.disposition is Disposition.AUTO
assert out.new_copay == Decimal("40.00")
def test_unverifiable_pointer_downgrades():
out = apply_override(req(pa_type_461eu="1", pa_number_462ev="PA9001"), live_no)
assert out.disposition is Disposition.REVIEW # never auto without a live auth
def test_copay_exemption_zeroes_cost_share():
out = apply_override(req(pa_type_461eu="4"), live_ok) # 461-EU 4
assert out.new_copay == Decimal("0.00")
def test_unknown_code_rejects_75():
out = apply_override(req(scc_420dk="99"), live_ok)
assert out.disposition is Disposition.REJECTtest_unverifiable_pointer_downgrades is the load-bearing one: it proves a 462-EV number that does not dereference to a live authorization can never buy an auto-approval, only a review.
Gotchas and PHI Guardrails
- A PA number is not proof.
462-EVis trusted only whenauth_is_liveconfirms it against the PA system of record for this exact(member, GPI). A number that decodes to another member’s authorization must fail verification, never cross-apply. - Default is never approve. Every unmatched branch falls to
REVIEWorREJECT. A new420-DKvalue shipped by a switch must not silently pass because the allowlist did not name it. - Idempotent application. Applying the same verified override twice must leave the case
OVERRIDDENonce — dedup on the override event id so a resubmit does not stack two audit approvals or double-recompute copay. - Copay is
Decimal, quantized. Exemptions and recomputes useROUND_HALF_UPto cents. A float0.0versusDecimal("0.00")divergence is a reconciliation defect downstream. - Override conflicts with review. If a claim asserts an auto-override while a reviewer is mid-decision on the same case, the transition table in Prior Authorization Routing Automation makes the committed event win and the loser hit an illegal-transition guard, so the two never both apply.
- PHI in logs. Log
member_token,gpi, the submitted codes, and the disposition. Never log302-C2Cardholder ID,310-CAPatient Name, the free-text clinical note behind a420-DK=07, or the raw claim — those belong to the PHI-scoped review service, per Security & Compliance Boundaries for Claims Data.
Related
- Prior Authorization Routing Automation — the state machine whose
PENDING → OVERRIDDENtransition this gate governs. - Step Therapy & Prior Auth Trigger Rules — the upstream logic that decided the drug needed authorization in the first place.
- Tier Mapping & Copay Calculation Logic — the
Decimalcost-share arithmetic an override recompute defers to. - Syncing PA Appeal Status Across Systems — how an applied override propagates back to the PA system and portals without drift.
← Back to Prior Authorization Routing Automation