CO-197 is a Claim Adjustment Reason Code (CARC) that means “Precertification/authorization/notification absent.” The payer required prior authorization, precertification, or notification before the service was provided — and that requirement was not met. The claim is denied because the approval that should have been in place before treatment was either missing, expired, invalid, or not properly linked to the claim.
CO-197 is a utilization management denial. It is not a pricing adjustment (that is CO-45), not a data completeness issue (that is CO-16), and not a medical necessity rejection (that is CO-50). CO-197 specifically means the payer’s authorization rules were not satisfied — regardless of whether the service was clinically appropriate or correctly coded.
The AMA’s prior authorization research reports that 90% of physicians say prior authorization delays patient care. CO-197 is where that administrative burden shows up on the ERA.
In this article, we’ll be exploring:
- The five most common triggers for CO-197
- The Medicare vs Medicare Advantage authorization gap
- When retroactive authorization can rescue a denied claim
- Which specialties face the highest CO-197 volume
- How to resolve and appeal CO-197 denials
What triggers CO-197 denials?
CO-197 fires when the payer’s adjudication system checks for an authorization on file and does not find one — or finds one that does not match the claim. The failure almost always originates before the service was delivered, even though it surfaces after the claim is submitted.
Missing authorization entirely
The service required prior auth, but no authorization was ever requested.
The scheduling or front-desk team either did not know auth was required for that service, did not have time to submit the request, or assumed the service was exempt.
The claim reaches the payer with no auth reference, and CO-197 fires automatically.
Expired authorization
The auth was obtained, but the authorization validity period ended before the procedure was performed.
Surgical rescheduling is the most common cause — the original surgery date falls within the auth window, but the rescheduled date does not. The auth expired, and no one obtained a new one.
CPT mismatch between auth and claim
The authorization was approved for one CPT code, but the claim was submitted with a different code — because the procedure changed intraoperatively, the code was revised, or an additional service was performed that was not included in the original auth request. The payer’s system matches the auth to the claim by CPT code, and the mismatch triggers CO-197.
Provider or facility mismatch
The authorization was approved for a specific rendering provider or facility. The service was performed by a different provider (covering physician, locum tenens) or at a different location.
The payer’s system checks the NPI or facility on the claim against the auth record, and the mismatch triggers the denial.
Notification requirement not met
Some payers require notification (not full prior authorization) for certain services — inpatient admissions, observation status, post-acute transfers. The notification was not submitted within the required timeframe. Even when clinical authorization existed, missing the notification requirement separately triggers CO-197.
Which specialties face the most CO-197 denials?
Authorization requirements are not distributed evenly across specialties. Payers concentrate prior auth rules on high-cost services — which means certain specialties see CO-197 at disproportionately high rates.
| Specialty | Common auth-required services | Why CO-197 is frequent |
| Radiology | MRI, CT, PET scans | Most commercial plans require imaging auth through third-party review (e.g., eviCore, AIM) |
| Orthopedics | Joint replacement, spine surgery, arthroscopy | Surgical precertification with detailed clinical criteria |
| Oncology | Chemotherapy infusions, specialty drugs | Drug-specific auth with treatment protocol requirements |
| Cardiology | Stress tests, catheterizations, advanced imaging | Multiple auth-required services per patient episode |
| DME suppliers | CPAP, wheelchairs, braces | Equipment auth with medical necessity documentation |
| Behavioral health | Inpatient psychiatric, residential treatment | Visit-count authorization with frequent recertification |
Practices in these specialties that do not have dedicated authorization staff or automated auth-tracking systems face the highest CO-197 exposure — because the volume of auth-required services exceeds what billing teams can manage manually.
How do you fix a CO-197 denial?
CO-197 is one of the most frequently appealable denial codes because the underlying question is whether authorization existed or should have existed — not whether the service was medically necessary or correctly coded. The resolution pathway depends on what specifically went wrong.
Verify whether auth was actually required
Check the payer’s authorization matrix for the specific CPT code, plan type, and date of service. Some plans require auth for a service that other plans from the same payer do not.
If auth was not required, the denial is a payer error — submit a corrected claim or contact provider relations for reprocessing.
Locate the existing authorization
If auth was obtained but not linked to the claim (wrong auth number entered, auth stored in a different system, auth under a different provider NPI), retrieve the auth details and resubmit the claim with the correct authorization reference. The auth exists — it just was not connected to the claim at submission.
Request retroactive authorization
Some payers allow retro auth under specific circumstances.
- System downtime where the payer’s auth portal was unavailable
- Urgent medical necessity where delay would have harmed the patient
- Emergency services where prior auth was not obtainable before treatment
- Late eligibility updates where the patient’s coverage changed retroactively
Retro auth is payer-specific and not guaranteed. The request must include clinical documentation supporting why pre-service authorization was not obtained and why the service was medically necessary. Commercial payers and Medicare Advantage plans each have their own retro auth policies.
File a formal appeal
If the authorization was properly obtained and the denial is incorrect — or if the denial resulted from a payer processing error — file a formal appeal with the authorization documentation, claim data, and a clear explanation of why the denial should be reversed.
For Medicare Advantage plans, the appeal follows the CMS-defined structure.
- Reconsideration (Independent Review Entity)
- Administrative Law Judge hearing
- Redetermination (plan level)
- Medicare Appeals Council
- Federal district court
For commercial payers, appeal timelines and processes are defined by the payer contract. File within the deadline specified in the denial notice — missing the appeal window forfeits the right to challenge the denial.
Resolution paths
CO-197 on the ERA — what to do next
The fix depends on *why* the auth was missing. Four scenarios, four paths.
Payer error. Contact provider relations. Request reprocessing.
Retrieve auth number. Resubmit claim with correct reference.
Submit retro auth request with clinical documentation. Emergency and urgency exceptions apply.
File formal appeal with auth documentation. Meet the appeal deadline.
Why does Medicare Advantage trigger more CO-197 than traditional Medicare?
This is one of the most operationally important distinctions in authorization management — and a common source of confusion for billing teams.
Traditional Medicare
Traditional Medicare (fee-for-service) has relatively few prior authorization requirements. Most standard physician services, E/M visits, and routine procedures do not require pre-service auth under Medicare FFS. Providers accustomed to traditional Medicare may assume authorization is rarely needed.
Medicare Advantage plans
Medicare Advantage plans are administered by private insurers (UnitedHealthcare, Humana, Aetna, BCBS, etc.) and impose their own authorization rules — which are often significantly more extensive than traditional Medicare. Imaging, surgical procedures, specialty referrals, DME, and inpatient admissions frequently require prior auth under MA plans.
The operational trap is treating MA patients like traditional Medicare patients.
A provider who does not check auth requirements because “Medicare does not require prior auth” will generate CO-197 denials on every MA claim that did require it.
The correct workflow is to verify the specific plan type (traditional FFS vs Advantage) at eligibility verification and check auth requirements for every MA encounter.
How do you prevent CO-197 before the claim ships?
CO-197 is one of the most preventable denial codes because every trigger is an upstream workflow failure — a step that should have happened before the service was provided but did not.
Eligibility verification that includes auth requirements
Standard eligibility checks confirm coverage. Authorization-aware eligibility checks also confirm whether the planned service requires prior auth for that specific plan.
Running both checks at scheduling (and again at check-in) prevents the most common CO-197 trigger — services delivered without auth because no one checked whether auth was needed.
Authorization tracking with expiration alerts
An auth tracking system that logs every active authorization, the CPT codes covered, the validity dates, the approved provider/facility, and the approved units — with automated alerts when expirations approach — prevents expired-auth denials. Manual tracking on spreadsheets or sticky notes breaks down at scale, especially in high-volume surgical and imaging practices.
Pre-submission auth validation
Before the claim is released, a validation step checks whether an authorization reference is attached to every claim line that requires one.
Missing auth references are flagged and corrected internally — where the fix is a phone call or portal lookup — rather than denied by the payer, where the fix is weeks of appeal work.
Staff training on payer-specific auth rules
Authorization rules vary by payer, by plan type within the same payer, and by service category.
A procedure that requires auth under one commercial plan may not require it under a different plan from the same insurer.
Training that covers how to check auth requirements (not just that they exist) equips scheduling and front-desk staff to verify correctly rather than assume.
How is CO-197 different from other denial codes?
CO-197 is the only code in this group that represents a pre-service administrative failure — something that should have been done before the encounter that was not done.
| Code | What it means | Category | Typical resolution |
| CO-197 | Authorization absent | Utilization management | Retro auth, appeal, resubmit with auth |
| CO-16 | Missing claim information | Data completeness | Fix missing data, resubmit |
| CO-45 | Charge exceeds allowed amount | Pricing adjustment | Contractual write-off (usually) |
| CO-50 | Not medically necessary | Clinical denial | Submit clinical documentation, appeal |
| CO-96 | Non-covered charge | Coverage limitation | Verify benefits, bill patient if applicable |
To sum it up, CO-16 is a claim-level data error. CO-45 is a contractual pricing mechanism. CO-50 is a clinical judgment by the payer. CO-197 is a process gap in the authorization workflow.
Stop losing revenue to authorization failures you could have caught at scheduling
CO-197 denials are among the most expensive preventable denials in medical billing because the service has already been delivered.
The provider performed the procedure, used the resources, paid the staff — and the payer refuses to pay because a pre-service administrative step was missed.
Every CO-197 that could have been prevented with an eligibility check, an auth request, or an expiration alert is revenue that was earned but not collected.
- Check auth requirements at scheduling and at check-in for every encounter
- Track every active authorization with CPT codes, validity dates, and approved providers
- Flag claims missing auth references before submission
- Build retro auth request workflows for emergencies and system downtime situations
- Verify whether the patient is on traditional Medicare or Medicare Advantage before assuming auth is not needed
Contact MedHeave to integrate authorization management into your billing workflow — and stop delivering services the payer will not pay for because a checkbox was missed.
Frequently asked questions
Here are some commonly asked questions on this topic:
CO-197 is a Claim Adjustment Reason Code (CARC) defined as “Precertification/authorization/notification absent.” It means the payer required prior authorization, precertification, or notification before the service was provided, and that requirement was not met. The CO group code indicates the adjustment is the provider’s contractual responsibility. CO-197 is a utilization management denial — it addresses whether authorization was obtained, not whether the service was medically necessary or correctly coded.
CO-197 fires when the payer’s system checks for an authorization linked to the claim and does not find one — or finds one that does not match. Common reasons include no authorization submitted, authorization expired before the service date, CPT code on the claim does not match the CPT on the authorization, the rendering provider or facility does not match the auth approval, or the payer’s notification requirement was not met.
Yes — CO-197 is one of the most frequently appealable denial codes. Appeals are appropriate when the authorization was obtained but not linked to the claim, when the payer incorrectly determined that auth was required, when emergency circumstances prevented pre-service authorization, or when a retro auth request is supported by clinical documentation. The appeal must include the authorization documentation, clinical justification (for retro auth), and the claim data showing the service matched the approved parameters.
The difference is the group code, which determines financial responsibility. CO (Contractual Obligation) means the provider absorbs the adjustment — the patient generally cannot be billed. PR (Patient Responsibility) means the patient is responsible for the amount. PR-197 indicates the patient is liable because authorization was not obtained. The CARC (197) is the same in both cases — missing authorization — but the financial responsibility assignment differs based on the payer contract and plan rules.
Retroactive (retro) authorization is a request for approval submitted after the service has already been provided. Some payers allow retro auth in limited circumstances — emergency services, system downtime, urgent medical necessity, or late eligibility updates. Retro auth requests must include clinical documentation supporting why pre-service authorization was not obtained and why the service was necessary. Approval is not guaranteed, and payer policies on retro auth vary significantly.
Traditional Medicare (fee-for-service) has relatively few prior authorization requirements for standard physician services. However, Medicare Advantage plans — administered by private insurers — impose their own authorization rules, which are often significantly more extensive. Providers must verify the patient’s specific plan type at eligibility verification and check auth requirements accordingly. Treating a Medicare Advantage patient as traditional Medicare is one of the most common causes of CO-197 denials.
