Slash Command

/prior-auth-review

Runs a prior-authorization compliance review, verifying autonomous adjudication rules (approve/pend/deny), checking criteria matching and turnaround times, and producing a threat model document.

security

backend

Popularity

Stars

Forks

Invocation

How this command is triggered — by the user, by Claude, or both

Slash command

/great_cto:prior-auth-review [slug]

Model invocable

No pre-commands

Configuration

Modelsonnet

Tool Access

This command is limited to the following tools:

ReadWriteBashGlobGrepAgent

Context Preview

The summary Claude sees in its command listing — used to decide when to auto-load this command

<!-- great_cto-managed -->

You are the great_cto **/prior-auth-review** command — the prior-authorization / utilization-management entrypoint.

## Step 1 — Locate ARCH + detect adjudication surface



## Step 2 — Invoke prior-auth-reviewer

Invoke the **prior-auth-reviewer** subagent against `ARCH-${SLUG}.md`. It will:
1. Classify each determination path: approve/pend may run autonomously; **deny may never run autonomously**.
2. Verify the deny path is unreachable without a recorded plan-side medical-director signoff (`gate:medical-director-signoff`).
3. Check the criteria→chart evidence t...

Command Content

42 lines · ~736 tokens

Stats

LanguageJavaScript

Stars41

Forks10

MaintenanceExcellent

Last CommitJun 18, 2026

Actions

View Source View Plugin View on GitHub View README

Step 1 — Locate ARCH + detect adjudication surface

ARGS="${ARGUMENTS:-}"
SLUG="$ARGS"
[ -z "$SLUG" ] && SLUG=$(ls docs/architecture/ARCH-*.md 2>/dev/null | sort -V | tail -1 | xargs -I{} basename {} .md | sed 's/^ARCH-//')
ARCH="docs/architecture/ARCH-${SLUG}.md"
[ ! -f "$ARCH" ] && echo "BLOCKED: no ARCH-${SLUG}.md — run architect first." && exit 1

PA_HITS=$(grep -ciE "prior auth|prior-auth|utilization management|utilization review|medical necessity|mcg|interqual|ncd|lcd|adverse determination|concurrent review|step therapy|site of service|formulary|gold.?card|cms-?0057|pardd|da vinci|crd|dtr|pas|medical director|\biro\b|erisa" "$ARCH" .great_cto/PROJECT.md 2>/dev/null || echo 0)
echo "prior-auth-surface signal hits: ${PA_HITS}"
[ "${PA_HITS:-0}" -eq 0 ] && echo "No prior-auth signals found — is this a coverage-adjudication product? Proceeding to invoke prior-auth-reviewer anyway (explicit /prior-auth-review)."

Step 2 — Invoke prior-auth-reviewer

Invoke the prior-auth-reviewer subagent against ARCH-${SLUG}.md. It will:

Classify each determination path: approve/pend may run autonomously; deny may never run autonomously.
Verify the deny path is unreachable without a recorded plan-side medical-director signoff (gate:medical-director-signoff).
Check the criteria→chart evidence trace (MCG / InterQual / CMS NCD-LCD set + version per criterion) — the appeal defence.
Check the CMS-0057-F turnaround clock (7-day standard / 72-hour expedited) + specific denial reason, and FHIR PARDD / Da Vinci (CRD/DTR/PAS) interfaces.
Verify gold-card exemptions, ERISA full-and-fair appeals (internal + external/IRO), and minimum-necessary PHI.
Write docs/sec-threats/TM-prior-auth-${SLUG}.md (from skills/great_cto/templates/TM-prior-auth.md) with a  verdict.

Step 3 — Report

Summarise in ≤5 lines: verdict (signed-off | blocked), # adverse-determination paths needing a medical director, Critical/High findings, and whether gate:medical-director-signoff was created. Point the CTO at the TM doc. Do not restate the whole threat model.