How to appeal a CO-197 denial (and win)
CO-197— precertification, authorization, or notification absent — is one of the highest-volume denials in medical billing, and here's the part most practices miss: a large share of CO-197 denials fire even though an authorization exists.Wrong code on the auth, wrong provider, expired window, or the payer simply failed to link it. That makes this one of the most overturnable denials you'll ever work — if you approach it systematically.
Step 1: Diagnose before you appeal
Pull the claim, the remittance, and your auth records side by side. CO-197 has four distinct root causes, and each has a different fix:
- Auth exists but wasn't linked.The number is in your system but never landed on the claim (box 23 / 2300 REF*G1) — this isn't an appeal, it's a corrected claim.
- Auth exists but doesn't match. Different CPT codes, dates, provider, or facility than billed. This is the CO-284 / CO-296 family — you need an auth amendment, then reprocessing.
- Auth expired. The procedure slid past the auth window (CO-302) — rescheduling documentation is your appeal evidence.
- No auth was ever obtained. The hardest case — your options are retro-authorization, clinical urgency arguments, or eating the write-off and fixing the workflow.
Step 2: Try retro-authorization first
Most payers allow retroactive authorization requests within a defined window — commonly 2 to 30 business days after the service, longer for urgent/emergent care. Before writing any appeal:
- Call the payer's auth department (not claims) and ask for the retro-auth process and deadline.
- Submit clinical documentation supporting medical necessity as if requesting prospectively.
- If granted, request claim reprocessing with the new auth number — no formal appeal needed.
Urgent and emergent services deserve special attention: most payer policies (and many state laws) prohibit auth requirements for emergency care. If the service was emergent, cite the prudent-layperson standard — that's usually a winning appeal on its own.
Step 3: The appeal letter that works
A winning CO-197 appeal contains, in order:
- Claim identifiers — claim number, member ID, DOS, billed codes.
- The one-sentence ask — "We request reversal of the CO-197 denial and payment of $X."
- The factual timeline — when auth was requested/obtained, reference numbers, names and dates of payer phone contacts. Payer call reference numbers are gold; use them.
- The argument— auth existed (attach it); or auth couldn't have been obtained (emergency, retro eligibility); or the payer's own error (auth on file under a different NPI).
- Attachments — auth confirmation, clinical notes, call logs, payer policy excerpts.
File within the appeal deadline — check your payer's window in our timely filing directory, and remember appeal deadlines are separate from claim-filing deadlines. Miss it and you get CO-286 (appeal time limit expired), which almost nothing overturns.
Step 4: Escalate with peer-to-peer
If the written appeal fails on medical-necessity grounds, request a peer-to-peer review — your physician speaking directly with the payer's medical director. Prep the provider with a one-page summary: the clinical indication, why alternatives were inadequate, and the specific payer-policy criteria the case meets. Peer-to-peers overturn a meaningful share of auth denials because the payer's reviewer often never saw the full clinical picture.
The prevention system
- Auth verification at scheduling — every payer/CPT combination checked against current auth requirements before the patient is booked.
- Auth-to-claim matching — before release, validate the claim's CPT codes, dates, provider, and facility against the auth. Mismatches are the biggest silent killer.
- Expiration tracking — auths have windows; reschedules must trigger re-auth checks.
- Post-op reconciliation — when the surgeon does more (or different) than planned, the auth needs amending before the claim goes out.
Related reading: CO-198 (auth exceeded), CO-15 (deactivated auth code), N351 (outside treatment plan dates).
Authorization denials eating your revenue?
Our free audit quantifies your auth-denial leakage and shows exactly where the workflow breaks.