Medicare Is Using AI to Deny Your Care. The Algorithm Won't Explain Itself.

Somewhere in a data center, an algorithm is deciding whether a Medicare patient can have a medical procedure. The algorithm has reviewed the request, weighed it against patterns in its training data, and issued a judgment. The patient — and often their doctor — may never fully understand why the answer was no. The Centers for Medicare and Medicaid Services will not tell you how the algorithm was trained, what bias safeguards were applied to its design, or how patient privacy is protected in the process. And the vendor running the system gets paid more when it denies care.

This is not a hypothetical future. The CMS launched the WISeR program — Wasteful and Inappropriate Service Reduction — in January 2026. It is running now, in six states, and it may affect up to 6.4 million Medicare beneficiaries. The Electronic Frontier Foundation filed a FOIA lawsuit against CMS on March 25, 2026 to force disclosure of basic information about how it works. CMS has not complied.

How the Program Is Structured

WISeR deploys artificial intelligence to evaluate prior authorization requests from Medicare patients seeking coverage for medical procedures and services. Prior authorization — the requirement that insurance programs approve care before it is delivered — has long been a documented source of delays, denied care, and administrative burden across the American healthcare system. CMS is now using AI to automate that gate.

The incentive structure built into WISeR compounds the concern. Vendors operating the AI system are compensated based partly on denial volume — receiving up to 20% of what CMS characterizes as "savings." In practice, a "saving" in this context means a denial. The algorithm that decides whether a patient gets care is operated by a contractor that profits more when the answer is no. CMS has not disclosed what safeguards, if any, exist to prevent that financial incentive from influencing outcomes.

"The public has a right to understand the algorithms making consequential decisions about their healthcare." — Electronic Frontier Foundation

What CMS Won't Disclose

The EFF's FOIA lawsuit, filed March 25, 2026, seeks records on four categories of information that any responsible public program should be able to produce: the training data used to build the AI system, the algorithmic bias safeguards applied during development and ongoing operation, the privacy protections governing how patient data is processed, and the technical documentation that would allow independent evaluation of the system's accuracy and fairness.

CMS has not produced those records. Healthcare providers in the six pilot states have already reported what they are observing in practice: delays in authorization decisions, communication gaps when the AI flags a request for review, and significant administrative strain as practices try to navigate a process that offers limited transparency into why decisions are made and no clear path to expedited human review.

When a system affecting millions of patients operates without public documentation of how it reaches decisions, "accountability" becomes a word without referent. There is no one to hold accountable because there is no record of how the judgment was made.

The Prior Authorization Baseline

To understand why layering AI onto prior authorization creates acute risk, it helps to start with what prior authorization already looks like before the algorithm arrives. In Medicare Advantage — the privately managed Medicare option covering roughly half of all Medicare beneficiaries — plans denied 7.4% of prior authorization requests in 2021, according to data from KFF and CMS. That rate is not the most revealing number. The revealing number is what happened when patients appealed: 75% of appealed denials were overturned.

Three-quarters of the denials that were challenged turned out to be wrong. The care the plan said wasn't covered was covered. The procedure the algorithm or the reviewer said wasn't necessary was necessary. Most patients, of course, don't appeal. The administrative complexity of the appeals process, the time it takes, the energy required — particularly for elderly or seriously ill patients — means that a large proportion of wrong denials simply stand. WISeR's AI operates against that already-troubled baseline and accelerates it.

A Pattern Across the Industry

The federal government's decision to deploy AI for prior authorization denials arrives at a moment when the private insurance industry's use of similar tools has become the subject of congressional scrutiny and litigation. UnitedHealth and its subsidiary Change Healthcare are facing lawsuits and congressional investigations over algorithmic denial systems. Cigna and Humana have faced similar scrutiny. The pattern across these cases is consistent: AI systems trained on historical claims data, operating at speed and scale that forecloses meaningful physician review, generating denials at rates that often exceed what human reviewers would produce, with no public documentation of training methodology or bias screening.

The difference with WISeR is that this is the federal government doing it directly, under a public program, to a population of older and disabled Americans who depend on Medicare as their primary or sole source of healthcare coverage. The stakes of a wrongful denial are not abstract. For a 72-year-old waiting on authorization for a diagnostic procedure, a delay of weeks is not a bureaucratic inconvenience. It is a gap in care that may have clinical consequences.

The Transparency Gap

The EFF has framed the FOIA lawsuit in terms of basic democratic accountability: the public has a right to understand how the algorithms making consequential decisions about their healthcare actually work. That framing understates what is at stake. Without the training data, there is no way to evaluate whether the system encodes historical biases — racial, geographic, socioeconomic — that would cause it to deny care at higher rates for already-disadvantaged populations. Without the bias safeguard documentation, there is no way to know whether CMS or its vendor ever looked for those biases. Without the privacy records, patients cannot assess whether their medical data is being used in ways they didn't consent to and wouldn't authorize.

CMS is required by law to respond to FOIA requests. It has not responded to this one. The EFF has gone to court to compel compliance. Until those records are produced, WISeR will continue to operate, in six states, on 6.4 million beneficiaries, with its logic hidden from the patients whose care it governs and from the physicians whose judgment it is designed to replace.