Healthcare prior-authorization agent that de-identifies the chart, decomposes the payer's own policy into criteria, judges each one met / unmet / unknown against cited clinical evidence, and assembles a submission-ready packet — predicting approval probability on a calibrated scale, drafting the appeal when a denial is overturnable, and gating everything behind a clinician attestation.
Prior authorization is the friction tax on American healthcare: a clinic's staff spend hours per request assembling chart evidence against a payer's opaque medical-policy criteria, denials arrive for packets that were actually complete, and the appeal that would overturn them often never gets written because nobody has the time. It is high-volume, deadline-bound, and unforgiving — a missed criterion or an unsupported claim gets the request denied, and PHI mishandling is a HIPAA event. Generic summarizers can't help: they don't decompose the specific policy, can't cite the evidence for each criterion, and will happily assert a criterion is "met" with nothing behind it. Authora reads the payer's own policy, breaks it into criteria, judges each against de-identified clinical evidence with a citation for every "met", predicts approval on a calibrated probability rather than a vibe, and drafts the appeal when a denial looks overturnable — with a clinician attestation as the non-skippable gate before anything is submitted.
A de-identifier applies the HIPAA Safe-Harbor rules — eighteen identifier classes plus age aggregation over eighty-nine — to every clinical evidence record at ingest, and the console shows the redaction count. PHI protection is a property of the pipeline, not a manual step someone can forget.
The agent selects the governing medical policy by payer × CPT — an exact match pushed to an indexed lookup, with hybrid retrieval as the backstop — and decomposes it into its constituent criteria, counting each required item and one slot per one-of group so completeness is measured against the policy's real structure.
For every criterion the agent searches kind-scoped clinical evidence and judges it met, unmet, or unknown — where 'unknown' (no evidence of that kind exists) is deliberately distinct from 'unmet' (looked and it isn't there). Every 'met' binds the evidence that supports it through a citation join; the reflect pass strips any 'met' it can't cite, so the guardrail — zero uncited met criteria — holds by construction.
Two probabilities are kept separate: chart coverage (which drives the packet band) and payer-approval probability (coverage × a per-payer approval prior). The eval scores the approval prediction with a reliability curve, expected calibration error, and a Brier score, and gates overconfident-wrong predictions — a high-confidence approval that was actually denied — at zero.
A first-match-wins policy routes each request: an overturnable denial drafts an appeal, a weak denial or a low-confidence or incomplete packet routes to staff, and a complete, well-supported request goes to clinician attestation. Attestation is the non-skippable human gate; nothing reaches a payer without it. Every decision writes a hash-chained audit row recording the approval and overturn probabilities.
A read-only MCP server exposes requests, the AuthScope, the selected policy, an evidence search, and the appeal draft to any MCP host, so another agent can inspect a prior-auth without touching the submission path. Run it with `authora mcp`.
A criterion can only be marked met if it binds the evidence that supports it; the reflect pass deletes any met claim it can't cite, and the eval gates uncited-met at zero. In prior auth an unsupported 'met' is exactly what gets a packet denied — or worse, submitted on a claim that isn't true — so the guardrail is structural.
The judge-then-reflect passes cost extra model calls and latency. Non-negotiable for anything a clinician has to attest to.
Separating chart coverage from payer-approval probability lets the prediction be scored honestly with a reliability curve, ECE, and Brier — and the overconfident-wrong gate ensures a confident approval that was denied is treated as a failure. A probability nobody calibrated is theatre; staff need to trust the number to triage by it.
Real calibration needs per-payer priors and a labelled outcome set. That's the price of a probability worth acting on.
Safe-Harbor redaction runs on every evidence record at ingest with a visible count, rather than depending on anyone remembering to scrub PHI. The safest place for a HIPAA control is the one path everything flows through.
Regex-class Safe-Harbor is conservative and can over-redact. Over-redaction is the correct direction to err with PHI.
A heuristic mock model, deterministic embeddings, and a single labelled corpus that seeds both the demo and the ground truth run the whole platform in under a minute with no API keys — and the demo and backtest can't drift. The moment a real key is set, the same loop runs against Claude and live payer feeds.
Heuristic output trails a frontier model until the key is configured. It locks the shape and lets any evaluator reproduce it instantly.