acilox / solutions / authora
🩺 AI Copilots & Automations

Authora

Healthcare prior-authorization agent that de-identifies the chart, decomposes the payer's own policy into criteria, judges each one met / unmet / unknown against cited clinical evidence, and assembles a submission-ready packet — predicting approval probability on a calibrated scale, drafting the appeal when a denial is overturnable, and gating everything behind a clinician attestation.

0
Uncited "met" criteria
100%
Criterion citations
100%
Appeal yield on overturns
<60s
Demo to value, no API keys

Why this exists

Prior authorization is the friction tax on American healthcare: a clinic's staff spend hours per request assembling chart evidence against a payer's opaque medical-policy criteria, denials arrive for packets that were actually complete, and the appeal that would overturn them often never gets written because nobody has the time. It is high-volume, deadline-bound, and unforgiving — a missed criterion or an unsupported claim gets the request denied, and PHI mishandling is a HIPAA event. Generic summarizers can't help: they don't decompose the specific policy, can't cite the evidence for each criterion, and will happily assert a criterion is "met" with nothing behind it. Authora reads the payer's own policy, breaks it into criteria, judges each against de-identified clinical evidence with a citation for every "met", predicts approval on a calibrated probability rather than a vibe, and drafts the appeal when a denial looks overturnable — with a clinician attestation as the non-skippable gate before anything is submitted.

How it's wired together

clinical

auto

hitl

custom agent loop

decompose
policy criteria

judge evidence
met / unmet / unknown · cite

reflect
strip uncited met

predict
coverage + approval probability

chart notes

imaging

labs / meds

de-identify
Safe-Harbor · 18 identifiers

select policy
payer × CPT · exact then hybrid

AuthScope
typed contract
criteria · citations · packet
approval prob · appeal · confidence

policy engine
first-match-wins

attest + submit
clinician-gated packet

staff / appeal queue
weak denial · low confidence

audit log
hash-chained + calibration

Authora architecture overview

How it works, end-to-end

  1. Safe-Harbor de-identification on every evidence record

    A de-identifier applies the HIPAA Safe-Harbor rules — eighteen identifier classes plus age aggregation over eighty-nine — to every clinical evidence record at ingest, and the console shows the redaction count. PHI protection is a property of the pipeline, not a manual step someone can forget.

  2. Policy selection, then criteria decomposition

    The agent selects the governing medical policy by payer × CPT — an exact match pushed to an indexed lookup, with hybrid retrieval as the backstop — and decomposes it into its constituent criteria, counting each required item and one slot per one-of group so completeness is measured against the policy's real structure.

  3. Judge each criterion met / unmet / unknown, with citations

    For every criterion the agent searches kind-scoped clinical evidence and judges it met, unmet, or unknown — where 'unknown' (no evidence of that kind exists) is deliberately distinct from 'unmet' (looked and it isn't there). Every 'met' binds the evidence that supports it through a citation join; the reflect pass strips any 'met' it can't cite, so the guardrail — zero uncited met criteria — holds by construction.

  4. Calibrated approval probability, not synthetic confidence

    Two probabilities are kept separate: chart coverage (which drives the packet band) and payer-approval probability (coverage × a per-payer approval prior). The eval scores the approval prediction with a reliability curve, expected calibration error, and a Brier score, and gates overconfident-wrong predictions — a high-confidence approval that was actually denied — at zero.

  5. Decide — attest, appeal, or staff

    A first-match-wins policy routes each request: an overturnable denial drafts an appeal, a weak denial or a low-confidence or incomplete packet routes to staff, and a complete, well-supported request goes to clinician attestation. Attestation is the non-skippable human gate; nothing reaches a payer without it. Every decision writes a hash-chained audit row recording the approval and overturn probabilities.

  6. Exposed as MCP tools for any assistant

    A read-only MCP server exposes requests, the AuthScope, the selected policy, an evidence search, and the appeal draft to any MCP host, so another agent can inspect a prior-auth without touching the submission path. Run it with `authora mcp`.

The choices that matter

Decision

No "met" without a citation — enforced, not requested

A criterion can only be marked met if it binds the evidence that supports it; the reflect pass deletes any met claim it can't cite, and the eval gates uncited-met at zero. In prior auth an unsupported 'met' is exactly what gets a packet denied — or worse, submitted on a claim that isn't true — so the guardrail is structural.

The judge-then-reflect passes cost extra model calls and latency. Non-negotiable for anything a clinician has to attest to.

Decision

Calibration is measured, and overconfidence is gated

Separating chart coverage from payer-approval probability lets the prediction be scored honestly with a reliability curve, ECE, and Brier — and the overconfident-wrong gate ensures a confident approval that was denied is treated as a failure. A probability nobody calibrated is theatre; staff need to trust the number to triage by it.

Real calibration needs per-payer priors and a labelled outcome set. That's the price of a probability worth acting on.

Decision

De-identification is a pipeline property

Safe-Harbor redaction runs on every evidence record at ingest with a visible count, rather than depending on anyone remembering to scrub PHI. The safest place for a HIPAA control is the one path everything flows through.

Regex-class Safe-Harbor is conservative and can over-redact. Over-redaction is the correct direction to err with PHI.

Decision

Mock-first, deterministic, one corpus for demo and eval

A heuristic mock model, deterministic embeddings, and a single labelled corpus that seeds both the demo and the ground truth run the whole platform in under a minute with no API keys — and the demo and backtest can't drift. The moment a real key is set, the same loop runs against Claude and live payer feeds.

Heuristic output trails a frontier model until the key is configured. It locks the shape and lets any evaluator reproduce it instantly.

Built on

Python 3.12FastAPI · UvicornSQLAlchemy 2.0 · AlembicPostgreSQL 16 · pgvectorRedis · RQPydantic v2 · structlogHTMX · Jinja2Safe-Harbor de-id · PyYAMLAnthropic SDK · sentence-transformers