kolm
get started
health-insurance · templates · prior-auth-review

Prior authorization reviewer

A kolm template that reads clinical notes and CPT codes, maps them against medical-necessity criteria, and outputs a structured prior-auth recommendation. PHI is redacted before any inference. The criteria-mapping is auditable, the K-score gate is locked at 0.95, and every call ships a 4-ring HMAC receipt your medical director can re-verify offline.

template id
prior-auth-review
k-score gate
≥ 0.95
seed examples
12 anonymized
held-out eval
180 cases

Input & output spec

One request per authorization. The reviewer reasons over clinical notes against your plan-specific medical-necessity criteria and returns a recommendation with the matched criteria list.

input

{
  "auth_request_id":    "PA_2026_009823",
  "member_id":          "<redacted>",
  "requesting_provider": "1234567893",
  "requested_cpt":      ["70553"],   // MRI brain w/ contrast
  "diagnosis_icd10":    ["G43.909", "R51"],
  "clinical_notes":     "<PHI-bearing clinical summary>",
  "prior_treatments":   ["trial_NSAID", "trial_triptan"],
  "urgency":            "routine",
  "plan":               "PPO-Gold-2026"
}

output

{
  "recommendation":    "Approve",    // or "Deny" / "Request more info"
  "criteria_met":      ["PA-MRI-BRAIN-3.1", "PA-MRI-BRAIN-3.4"],
  "criteria_unmet":    [],
  "redacted_summary":  "60d migraine refractory to NSAID + triptan trial; rule-out indication met.",
  "confidence":        0.92,
  "requires_md_review": false,
  "appeal_letter_url": null
}

4-ring receipt schema

Every prior-auth decision ships a receipt your medical director and external auditors can re-verify offline. The chain proves the input clinical context, the criteria mapping, the recommendation, and the seal.

ring 01 · pre-image
auth_id + member_hash + cpt + icd10
tenant-rotated HMAC
ring 02 · derived
criteria_set_hash + plan_rules_hash
criteria_version bound
ring 03 · execution
recommendation + criteria_met[] + confidence
judge_id signed
ring 04 · seal
SHA-256(ring1..3) · verify endpoint
offline-verifiable

Verify command: kolm verify --hash <receipt_hash>. Runs locally against the seal, no network required.

BAA fast-track

Health plans on a BAA see kolm production-ready in two business days. The customer-hosted bridge runs in the tenant network boundary; PHI is processed there and never crosses our infrastructure; the audit log is yours to keep.

how it works

# 1. Sign the BAA (legal-team turnaround)
[ DocuSign · 48 hours typical · mutual NDA in same envelope ]

# 2. Provision the bridge in your VPC
$ kolm bridge install \
    --provider aws \
    --region us-east-1 \
    --baa <baa-id>

# 3. Compile this template against your seed examples
$ kolm compile --spec prior-auth-review.spec.json \
    --examples ./your-anonymized-auths.jsonl \
    --gate 0.95 \
    --out prior-auth.kolm

what we sign

- HIPAA Business Associate Agreement
- HIPAA Security Rule §164.308 (admin safeguards)
- HIPAA Security Rule §164.310 (physical safeguards)
- HIPAA Security Rule §164.312 (technical safeguards)
- Breach Notification §164.404
- Subcontractor flow-down (none — kolm holds no PHI)
- Audit-log retention (6 years, your S3 bucket)

Get the template

Two ways to take this live. Self-serve with the sample artifact, or kick off a BAA conversation if you need PHI day one.

Start with this template Talk to a human about BAA Download spec JSON

The spec is a portable JSON file. Drop it into kolm compile --spec with your anonymized seed examples to build a private .kolm tagged LicenseRef-kolm-default-1.0 by default; pass --license to tag it differently.

Five more templates for health plans

01 · template
claims-adjudication
03 · template
fraud-detector
04 · template
member-support-triage
05 · template
risk-adjustment-coder
06 · template
provider-credentialing
index
all health-insurance