United Healthcare: A Case Study for Compliance Professionals – Part 2

Prior authorization has become one of the most scrutinized operational processes in healthcare. What was once framed as a utilization management tool is now regularly examined through the lenses of access to care, clinical appropriateness, transparency, and regulatory compliance. In our recent podcast, we used UnitedHealthcare as a case study—not because it is unique, but because it illustrates how systemic compliance risks can emerge when cost containment mechanisms outpace governance, clinical oversight, and accountability.

This discussion is not about assigning liability. It is about understanding how prior authorization programs, particularly for high-impact treatments like insulin and post-acute care, create compliance exposure when foundational safeguards are weak or misaligned.

Prior Authorization Is No Longer Just an Operational Issue

From a compliance standpoint, prior authorization sits at the intersection of multiple regulatory regimes: Medicare Advantage requirements, ERISA obligations, state insurance laws, consumer protection standards, and emerging expectations around algorithmic decision-making. Regulators increasingly view prior authorization not simply as an administrative function, but as a determinant of access to medically necessary care.

When approvals are delayed, denied, or overturned at high rates, the question quickly shifts from process efficiency to compliance integrity.

The “Peer” Medical Director Problem

One of the most concerning issues we identified is the reliance on so-called “peer” medical directors to make or affirm coverage decisions. In theory, peer-to-peer review is intended to ensure clinical rigor. In practice, it raises serious compliance questions:

• Clinical mismatch: Medical directors reviewing cases are not always trained or board-certified in the relevant specialty. A generalist may be evaluating oncology protocols, endocrinology treatment plans, or complex post-acute care decisions.

  
  

• Independence and incentives: These reviewers are employed by, or contractually aligned with, the health plan whose financial interests are directly affected by the decision.

  
  

• Documentation gaps: Treating providers often receive limited clinical rationale for denials, complicating appeals and undermining transparency requirements.

From a compliance perspective, this creates risk under Medicare Advantage rules requiring coverage decisions to be based on medical necessity and accepted standards of care, not generalized internal criteria.

Insulin Access and the Compliance Lens

Insulin coverage highlights how prior authorization failures translate into real-world harm. Insulin is not elective care. Delays or denials can result in emergency department visits, hospitalizations, and long-term complications—outcomes that are both clinically dangerous and economically inefficient.

Compliance concerns include:

• Inconsistent application of coverage criteria

• Barriers that effectively restrict access, even when coverage technically exists

• Disparate impact on vulnerable populations, including seniors and individuals with chronic disease

  
  

When access barriers disproportionately affect high-risk populations, regulators may view the issue as more than poor administration—it becomes a potential violation of program integrity obligations.

Algorithms, Automation, and Accountability

UnitedHealthcare has faced public scrutiny over the use of automated and algorithm-driven review tools to support utilization management decisions. While automation itself is not prohibited, compliance risk arises when:

• Algorithms override treating physicians without individualized review

• Known error rates are not meaningfully addressed

• Denial patterns suggest systemic bias toward cost containment rather than clinical appropriateness

• 
  

From a governance standpoint, the key compliance question is not whether automation is used, but how oversight, validation, and escalation are structured.

A Broader Pattern of Compliance Exposure

When viewed holistically, prior authorization issues do not exist in isolation. They sit alongside other areas of regulatory attention, including Medicare Advantage billing practices, marketing conduct, data security failures, and antitrust scrutiny

United Healthcare

Together, these issues suggest a common compliance theme: scale without sufficient control infrastructure creates risk.

For compliance professionals, this underscores an important lesson. Even sophisticated organizations can develop blind spots when operational growth outpaces governance maturity.

Why This Matters for Compliance Leaders

This case study offers several takeaways for health plans, managed care organizations, and providers alike:

• Clinical expertise matters. Peer review must actually be peer-based.

• Transparency is a compliance requirement, not a courtesy.

• Appeal reversal rates are a red flag, not a nuisance metric.

• Automation requires governance, validation, and human oversight.

• Access to care is increasingly viewed as a compliance outcome, not merely a utilization metric.

Final Thought

UnitedHealthcare is not alone in facing these challenges. What makes it a useful case study is scale, visibility, and the convergence of multiple compliance risk areas in one organization. For compliance professionals, the lesson is clear: prior authorization programs must be designed with the same rigor, documentation standards, and accountability structures as any other high-risk compliance function.

If not, what begins as a cost-control strategy can quickly become a regulatory liability.

Watch the full episode above or listen everywhere you find your podcasts!