From 5 days to 30 seconds. The first open-standards PA automation agent — FHIR-native, marketplace-discoverable, and invokable by any compliant system.
AuthBridge is published on the Prompt Opinion Marketplace as two discoverable components:
AuthBridge MCP Tools — MCP Tools AuthBridge Orchestrator (A2A) — Orchestrator
Invoke the Orchestrator directly for end-to-end PA automation via A2A, or add the MCP Tools to your own agent workspace.
Prior Authorization (PA) is the most hated administrative process in medicine — and one of the most harmful.
| Metric | Reality |
|---|---|
| Physician hours/week lost to PA | 13+ hours (AMA 2024 Survey) |
| Patients who abandon treatment while waiting | 1 in 4 |
| Physicians who report a patient suffered serious harm from PA delays | 40% |
| Annual US administrative burden | $31 billion |
| Average PA turnaround time | 3–7 business days |
Physicians spend more time on PA paperwork than in direct patient care. Patients with cancer, Crohn's disease, heart failure, and dozens of other serious conditions wait days for insurance approval — while their disease progresses.
No fully open, LLM-driven, end-to-end prior authorization automation layer exists on open standards (MCP + A2A + FHIR).
CMS-0057-F mandates FHIR-based prior authorization APIs by January 2027. Every major US payer must implement compliant endpoints within 18 months. AuthBridge is architected to integrate directly with these mandated APIs the moment they go live. This regulatory window makes open-standards PA infrastructure critical.
AuthBridge automates the prior authorization workflow end-to-end:
Clinician inputs patient ID + drug name
↓
AuthBridge reads the patient's FHIR clinical record
↓
Matches evidence against payer's PA criteria
↓
Scores the clinical evidence match (0-100)
↓
Drafts complete PA justification letter ←── < 30 seconds total
↓
(If denied) Drafts formal appeal letter with guideline citations
What used to take hours of manual chart review and clinical writing takes AuthBridge under 30 seconds.
┌──────────────────────────────────────────────────────────────┐
│ PROMPT OPINION PLATFORM │
│ │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ AuthBridge Orchestrator Agent (A2A) │ │
│ │ │ │
│ │ "Prepare PA for patient 592506, drug: Humira" │ │
│ │ ↓ │ │
│ │ ┌──────────────┐ ┌─────────────────────────┐ │ │
│ │ │ PA Detector │ │ Evidence Compiler │ │ │
│ │ │ Sub-Agent │ → │ Sub-Agent │ │ │
│ │ └──────────────┘ └─────────────────────────┘ │ │
│ │ ↓ ↓ │ │
│ │ ┌──────────────┐ ┌─────────────────────────┐ │ │
│ │ │Letter Drafter│ │ Appeal Agent │ │ │
│ │ │ Sub-Agent │ │ Sub-Agent │ │ │
│ │ └──────────────┘ └─────────────────────────┘ │ │
│ └────────────────────────────────────────────────────────┘ │
│ │ MCP calls │
└──────────────────────────┼───────────────────────────────────┘
│
┌──────────────▼──────────────────┐
│ AuthBridge MCP Server │
│ Python + FastMCP │
│ Deployed on Render │
│ │
│ ① fetch_patient_context │
│ ② lookup_pa_criteria │
│ ③ score_clinical_match │
│ ④ draft_pa_letter │
│ ⑤ draft_appeal_letter │
└──────┬───────────────┬───────────┘
│ │
┌───────────▼──┐ ┌───────▼──────────┐
│ HAPI FHIR │ │ GitHub Models │
│ R4 Sandbox │ │ GPT-4o-mini │
│ (synthetic) │ │ (OpenAI SDK) │
└──────────────┘ └──────────────────┘
| Pillar | Implementation |
|---|---|
| Sustainable | Built entirely on MCP + A2A + FHIR R4. No vendor lock-in. Works with any FHIR-compliant EHR. |
| Helpful | Eliminates the highest-friction administrative burden in medicine. Saves clinicians 13+ hours/week. |
| Autonomous | Detects drug, fetches record, evaluates criteria, writes letter — without manual clinical steps. |
| Robust | Grounded in FHIR data with Tenacity-based retries for high uptime. |
| Secure | Strict Regex Input Sanitization for all patient IDs to prevent injection/traversal. |
| Performant | Parallel FHIR fetching via asyncio.gather for <5s data snapshots. |
Runs the complete prior authorization workflow in a single call. Returns score, recommendation, urgency flag, letter, verification, and patient summary. This is the recommended tool for end-to-end PA automation.
Input: patient_id, drug_name, optional prescriber details
Output: Complete PA workflow result including score, letter, evidence trail, verification, and patient summary
Runs the complete appeal letter workflow in a single call. Fetches patient context, looks up criteria, and generates a formal appeal letter.
Input: patient_id, drug_name, denial_reason, optional prescriber details
Output: Complete appeal letter with FHIR evidence trail and clinical justification
Note: These tools are still available for granular control but are deprecated for direct use. The unified workflow tools above provide better reliability and complete automation.
Fetches a comprehensive clinical snapshot from a FHIR R4 server.
Optimizations:
- Parallel Fetching: Uses
asyncio.gatherto pull 7+ FHIR resources simultaneously. - Resilience: Implements exponential backoff retries via
tenacity. - Security: Strict regex validation (
^[a-zA-Z0-9_.-]+$) on all patient IDs.
LLM response quality:
- If scoring seems off, check that patient_context contains medication_history data.
- The scoring prompt requires MedicationStatement resources for step therapy matching.
Patient ID Validation Error:
- AuthBridge uses strict regex sanitization (
^[a-zA-Z0-9_.-]+$). - Ensure the ID does not contain spaces, quotes, or special shell characters.
Retrieves: Active conditions (ICD-10), active medications (MedicationRequest), medication history (MedicationStatement), labs and vitals (Observation), procedures, allergies, patient demographics.
Returns: Structured dict with all clinical data ready for scoring and letter generation.
@mcp.tool() async def lookup_pa_criteria( drug_name: str, indication: Optional[str] = None ) -> dict: """ Looks up clinical PA requirements. Covers 16+ major therapeutic drugs. """ with full payer criteria, step therapy requirements, ICD-10 codes, and relevant clinical guidelines.
Supported drugs (representative list):
- Tumor/Oncology: Pembrolizumab (Keytruda) — NSCLC
- Diabetes/Obesity: Semaglutide (Ozempic/Wegovy), Dapagliflozin (Farxiga)
- Autoimmune/Biologics: Adalimumab (Humira), Ustekinumab (Stelara), Risankizumab (Skyrizi)
- Women's Health: Elagolix (Orilissa) — Endometriosis
- Dermatology: Dupilumab (Dupixent), Apremilast (Otezla)
- Neurology: Natalizumab (Tysabri), Upadacitinib (Rinvoq)
- Cardiology: Rivaroxaban (Xarelto), Sacubitril/Valsartan (Entresto)
- Gastroenterology: Tofacitinib (Xeljanz)
- And more...
Fallback: LLM generates synthetic criteria for any unlisted drug.
Scores how well a patient's FHIR record matches PA criteria.
Key Features:
- CMS-0057-F Urgency Detection: Automatically identifies cases requiring 72-hour expedited review (e.g., oncology, high-acuity biologics).
- FHIR Evidence Trail: Generates a structured citation list mapping claims directly back to FHIR resources (Condition/ID, Observation/ID, etc.).
Output: 0-100 score, APPROVE/DENY recommendation, matched/missing criteria, step therapy evidence, clinical safety flags, and a verifiable FHIR Evidence Trail.
Generates a complete, payer-ready PA justification letter.
Format: 5-paragraph formal clinical letter.
- Urgency Header: Automatically includes CMS-0057-F Expedited Review headers for urgent cases.
- Evidence-Based: Every claim in the letter is grounded in the FHIR evidence trail.
- Physician Voice: Writes in the authoritative voice of the prescribing specialist.
Generates a formal appeal letter contesting a PA denial.
Format: 6-paragraph firm appeal. Rebuts specific denial reason, cites clinical guidelines, quantifies patient safety risk, demands peer-to-peer physician review.
AuthBridge does not make clinical decisions. It surfaces evidence, scores it, writes the letter, and audits its own output. The physician reviews and submits. Human-in-the-loop by design — every claim traces to a FHIR resource before reaching the clinician.
The GITHUB_TOKEN used in AuthBridge provides access to the GitHub Models inference API exclusively. It carries no repository write permissions and accesses no patient data at any point. All patient data flows through the FHIR server only — never through the GitHub Models API.
| Component | Credential | Scope | Patient Data Access |
|---|---|---|---|
| GitHub Models (LLM) | GITHUB_TOKEN | inference only | None |
| SMART Health IT FHIR | Bearer token | patient/*.read | Synthetic only |
| Render deployment | Environment var | server only | None |
Production deployment replaces GITHUB_TOKEN with an organization-managed API key under secret rotation policy, stored in a secrets manager (AWS Secrets Manager or equivalent), never in environment variables.
AuthBridge is a production-architected prototype. The following gaps exist between the current implementation and a fully production-ready clinical deployment:
| Limitation | Current State | Production Path |
|---|---|---|
| FHIR Data | SMART Health IT public sandbox (synthetic) | Organization-specific FHIR R4 server with BAA |
| SMART Auth | Real OAuth2 handshake against public sandbox | SMART on FHIR EHR launch (Epic, Cerner) |
| Payer Criteria | 16-drug database sourced from CMS LCDs + LLM fallback | Direct payer API integration (CoverMyMeds, FHIR PA APIs) |
| PHI Handling | No real PHI processed at any stage | HIPAA-compliant infrastructure with signed BAA required |
| Clinical Validation | No real-world physician pilot completed | Prospective clinical validation study required |
These limitations are architectural decisions appropriate for a hackathon prototype. The system is designed so each limitation maps directly to a production upgrade path without requiring re-architecture.
Drug criteria in AuthBridge are sourced from publicly available Medicare Local Coverage Determinations (LCDs) published by CMS:
- Adalimumab (Humira): CMS LCD L38551
- Pembrolizumab (Keytruda): CMS LCD L39038
- Dupilumab (Dupixent): CMS LCD L38803
- Ustekinumab (Stelara): CMS LCD L38550
- Additional drugs: CMS Medicare Coverage Database
Source: https://www.cms.gov/medicare-coverage-database
AuthBridge is architecturally aligned with the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F), which mandates FHIR-based PA APIs by January 2027 and requires payers to respond to urgent requests within 72 hours. AuthBridge automatically detects cases qualifying for expedited review and applies the 72-hour header to generated letters.
| Tool | Purpose | Status |
|---|---|---|
run_full_pa_workflow |
Complete PA automation in single call | 🚀 Recommended |
run_full_appeal_workflow |
Complete appeal automation in single call | 🚀 Recommended |
ingest_payer_policy |
Dynamic AI extraction of raw payer policy text into rules engine | 🚀 Recommended |
fetch_patient_context |
FHIR R4 clinical record retrieval (w/ SMART on FHIR mock auth) | |
lookup_pa_criteria |
Payer criteria database lookup | |
score_clinical_match |
Evidence scoring with CMS urgency detection | |
draft_pa_letter |
PA justification letter generation | |
draft_appeal_letter |
Denial appeal letter generation | |
verify_pa_letter |
AI self-audit for hallucination prevention | |
generate_patient_summary |
Plain-language patient portal summary |
For deep dives into the protocol and scoring logic, see:
- TOOLS.md — Exact MCP tool input/output schemas
- walkthrough.md — Complete implementation history
- audit_report.md — Security & Concurrency audit results
| Criterion | Addition |
|---|---|
| AI Factor | Verifier tool — AI auditing its own output is something rule-based systems literally cannot do |
| Potential Impact | Cost dashboard — translates clinical time saved into dollars |
| Feasibility | Weighted scoring, retry logic, input sanitization — production-hardened |
| Clinical Safety | Adversarial verifier ensures physician reviews before submission |
| Patient Tooling | Patient summary tool — reduces patient anxiety, extends helpfulness beyond the clinician |
| Robustness | Verifier agent, retry logic, parallel FHIR fetching |
- Python 3.11+
- GitHub Token (github.com/settings/tokens)
- Git
# Clone the repo
git clone https://github.com/tazwaryayyyy/AuthBridge
cd authbridge-mcp
# Install dependencies
pip install -r requirements.txt
# Configure environment
cp .env.example .env
# Edit .env and add your GITHUB_TOKEN
# Run the demo workflow
python tests/test_demo.py --scenario humira --show-appeal
# Start the MCP server
python main.pyInteractive Web Demo (Recommended for Judging): AuthBridge ships with a built-in responsive Single Page Application (SPA) that proxies its MCP workflows directly to your browser.
- Boot the server:
python main.py - Navigate to
http://localhost:10000/ - Select a drug (e.g.,
HumiraorKeytruda) and enter a synthetic patient ID (592506orsynthetic-crohns-001). - Click "Run PA Automation". The UI provides color-coded badges, urgency flags, missing criteria validation, and one-click PDF generation of the output letter.
Classic CLI Testing:
# Crohn's disease + Humira PA scenario (Standard Review)
python tests/test_demo.py --scenario humira --show-appeal
# Oncology + Keytruda PA scenario (🚨 URGENT CMS-0057-F REVIEW)
python tests/test_demo.py --scenario keytruda
# Security & Sanitization Audit
python tests/test_sanitization.py
# Concurrent Load & Smoke Test (Requires local server running)
python tests/test_load.py
# Automated Load Test (Recommended: Starts server and tests in one click)
.\run_load_test.batAuthBridge is ready to deploy on Render's free tier.
- Fork this repository
- Go to render.com → New → Web Service
- Connect your forked repository
- Render auto-detects
render.yaml - Add environment variable:
GITHUB_TOKEN - Deploy
Your MCP server URL: https://authbridge-mcp.onrender.com/sse
Tip
The server exposes a /health endpoint for uptime monitoring and Render health checks.
| Field | Value |
|---|---|
| Build Command | pip install -r requirements.txt |
| Start Command | python main.py |
| Environment | GITHUB_TOKEN=your_token_here |
| Plan | Free |
- Create account at app.promptopinion.ai
- Go to MCP Servers → Register New Server
- Name:
AuthBridge - URL:
https://your-render-url.onrender.com/sse - Description: "FHIR-native prior authorization agent. Reads patient FHIR records, matches payer criteria, scores evidence, and drafts complete PA letters and appeals."
- Tags:
prior-authorization,FHIR,medication,clinical-documentation,PA
Agent Name: AuthBridge Orchestrator
System Prompt: You are AuthBridge, a prior authorization specialist agent.
For ALL prior authorization requests, call run_full_pa_workflow with:
- patient_id: the patient's FHIR ID
- drug_name: the drug requiring PA
- prescriber details if provided
This single tool runs all 6 steps automatically and returns the complete output.
For ALL appeal letter requests, call run_full_appeal_workflow with:
- patient_id: the patient's FHIR ID
- drug_name: the drug requiring PA
- denial_reason: the specific denial reason from the payer
- prescriber details if provided
After PA workflow returns, present to the clinician:
- Score and recommendation
- Urgency flag (if CMS-0057-F 72-hour review applies)
- Matched and missing criteria
- The complete PA letter
- Verification result (hallucination risk)
- Patient summary
After appeal workflow returns, present the complete appeal letter.
Never call fetch_patient_context, lookup_pa_criteria, score_clinical_match, draft_pa_letter, or draft_appeal_letter individually — always use the unified workflow tools.
Enable tools: All 5 AuthBridge tools Enable SHARP context: Yes (patient ID propagation)
A rule-based system can check whether a diagnosis code exists. It cannot read a patient's three-year treatment narrative, identify that a failed azathioprine trial buried in a 2022 clinical note constitutes step therapy failure for Humira, and write a persuasive clinical argument.
Crucially, AuthBridge utilizes an Adversarial Multi-Agent Debate loop. When the "Clinician Agent" drafts a letter, a "Payer Denial Agent" aggressively tries to reject it by finding clinical loopholes. The drafting agent is forced to rewrite and neutralize those objections before a human ever sees the output. That level of self-correcting clinical reasoning is exclusively generative AI.
- Dynamic Policy Ingestion Agent: AuthBridge does not rely on hardcoded static rules. It dynamically ingests unstructured payer policy updates and automatically extracts the strict JSON criteria schema, allowing the rules engine to scale instantly across thousands of payer policies with zero human intervention.
- $31 billion annual US administrative burden — directly addressed.
- 13+ physician hours/week saved per physician.
- ROI for a 200-physician health system: estimated $3.2M annually in administrative savings.
- Enterprise-Ready Auth: Implements a simulated SMART on FHIR (OAuth2) handshake, enforcing strict
patient/*.readscopes before any clinical data is fetched, proving the architecture is ready for secure hospital deployment. - Every component uses existing FHIR R4 resources (no new data contracts).
- HAPI FHIR sandbox available free for development (no PHI risk).
- Prompt Opinion handles A2A orchestration natively (no custom protocol code).
- OpenAI API via GitHub Models handles all LLM calls (no billing required).
AuthBridge is built for synthetic and de-identified data only.
- Uses HAPI FHIR public sandbox for all development and demonstration
- No real Protected Health Information (PHI) ever processed
- All patient data in tests is entirely fabricated
- Production deployment would require organization-specific FHIR server with proper access controls and BAA
authbridge-mcp/
├── main.py # MCP server entry point (FastMCP + Starlette)
├── index.html # Interactive SPA Frontend
├── tools/
│ ├── fhir_tools.py # fetch_patient_context — FHIR R4 integration
│ ├── criteria_tools.py # lookup_pa_criteria + score_clinical_match
│ └── letter_tools.py # draft_pa_letter + draft_appeal_letter
├── data/
│ └── payer_criteria.json # 16+ drug PA criteria database
├── tests/
│ ├── test_demo.py # Full end-to-end demo workflow
│ ├── test_load.py # Load & Concurrency simulation
│ └── test_sanitization.py # Security sanitization tests
├── JUDGING.md # 🏆 Judging panel alignment roadmap
├── TOOLS.md # 🛠️ MCP Tool Schema documentation
├── walkthrough.md # 📝 Step-by-step implementation guide
├── audit_report.md # 🛡️ Security & Concurrency audit
├── run_load_test.bat # ⚡ One-click automated load test (Windows)
├── requirements.txt
├── render.yaml # One-click Render deployment
├── .env.example
└── README.md
| Component | Technology |
|---|---|
| MCP Server | Python + FastMCP |
| LLM | OpenAI (GitHub Models) — GPT-4o-mini |
| FHIR Integration | HAPI FHIR R4 (httpx) |
| Deployment | Render (free tier) |
| Platform | Prompt Opinion (MCP + A2A) |
| Standards | MCP, A2A, FHIR R4, SHARP, USCDI |
AuthBridge delivers all five output tiers defined by the Prompt Opinion 5Ts framework:
| T | Deliverable | How AuthBridge Delivers |
|---|---|---|
| Talk | Consultation | score_clinical_match provides clinical evidence assessment with recommendation |
| Template | Pre-filled documents | draft_pa_letter generates complete, payer-ready PA letters |
| Table | Structured data | match_result surfaces criteria as structured matched/missing tables |
| Transaction | Actions | Initiates the PA submission workflow through the platform |
| Task | Follow-up items | missing_criteria list creates actionable documentation tasks for clinicians |
MIT License — open for the entire healthcare AI ecosystem.
Prompt Opinion Platform · MCP + A2A + FHIR R4 USCDI v1.1
Created by Tazwar Ahnaf Enan | X (Twitter)