Denial code CO-197 hits when a payer determines that a required prior authorization, precertification, or notification was not obtained before the service was rendered. This is one of the most preventable denial codes and one of the most costly when it occurs. High-value services like surgeries, advanced imaging, and specialty medications are the usual targets, and the denied amounts can run into thousands or tens of thousands of dollars per claim.
The challenge with CO-197 is not understanding it. The concept is simple: the payer wanted you to get permission before performing the service, and you did not (or they believe you did not). The challenge is building a workflow that reliably captures authorization requirements, obtains the auth, tracks it through the service date, and gets the auth number onto the claim. A breakdown at any point in that chain produces a CO-197 denial.
What CO-197 Means
CARC code CO-197 reads: “Precertification/authorization/notification absent.” The CO group code makes this a contractual obligation: the provider absorbs the loss and cannot bill the patient (in most circumstances). Some payers use CO-197 broadly for any authorization-related issue, while others pair it with specific RARC codes that distinguish between “no auth on file” (you never got one), “auth number not on claim” (you got one but did not submit it), and “auth expired” (you got one but waited too long to perform the service).
Common RARC codes paired with CO-197 include N517 (“Missing/incomplete/invalid prior authorization”), N386 (“This decision was based on a payer policy”), and MA130 (“Your claim contains incomplete and/or invalid information”). The RARC helps you determine whether this is a missing auth problem, a claim data problem, or an auth mismatch problem.
Why Authorization Denials Happen
The most common cause is a genuine missed authorization. The scheduler or referring provider ordered a service that requires auth, but nobody in the workflow identified the auth requirement and initiated the request. This happens when authorization requirement lists are outdated, when new payers or new plan types are added without updating the auth protocol, or when staff turnover disrupts established workflows.
Authorization number omission from the claim is the second most common cause. The auth was obtained, the number exists somewhere in your system, but it was not entered in the correct field when the claim was created. This is a pure workflow failure: the clinical and administrative work was done, but the billing step dropped the ball. It is also the easiest to fix because you simply add the auth number and resubmit.
Expired authorizations catch practices that schedule services weeks or months after the auth is obtained. Authorizations have valid date ranges, typically 30 to 90 days depending on the payer and service type. If the service date falls outside the auth valid period, the payer denies with CO-197. The fix is to request an auth extension before the original expires.
Authorization mismatch occurs when the auth covers a different CPT code, a different facility, or a different provider than what appears on the claim. This happens when the surgical plan changes intraoperatively (different procedure than originally authorized), when the service is performed at an alternate location, or when a covering physician provides the service instead of the authorized provider. The auth must match the claim in all key fields.
Resolving CO-197 Denials
For missing auth numbers on the claim, the fix is straightforward. Locate the auth number in your records, add it to the claim, and resubmit. No appeal is needed. This should be resolved within 48 hours of receiving the denial.
For genuinely missed authorizations, explore retroactive authorization. Many payers allow retro-auth for urgent and emergent services within a defined window (24 to 72 hours from the service date is common). Call the payer’s authorization department, explain the situation, and submit the clinical documentation supporting medical necessity. If the retro-auth is approved, add the auth number to the claim and resubmit.
For expired authorizations, contact the payer to request a retroactive extension. Explain that the service was performed based on a valid authorization that expired due to scheduling delays. Provide the original auth number and the clinical documentation. Payers are more receptive to extending an auth that was originally approved than to granting a brand-new retro-auth.
For auth mismatches, determine which element mismatched. If the CPT code changed, request an amended auth covering the actual procedure performed. Include the operative report showing why the procedure changed. If the facility or provider changed, request an auth amendment reflecting the actual service details.
Appealing CO-197 When Retro-Auth Is Denied
If the payer denies your retro-auth request, you can still appeal the CO-197 denial. Your appeal should focus on medical necessity and the specific circumstances that prevented advance authorization.
For emergent or urgent services, cite EMTALA obligations (for ED visits) or the clinical urgency that made delay dangerous to the patient. Include the clinical documentation showing the urgency: vital signs, lab results, imaging findings, and the treating physician’s assessment of why the service could not wait for authorization.
For services where the auth was obtained but expired or mismatched, emphasize that the payer already determined the service was medically necessary when they issued the original auth. The lapse was administrative, not clinical. The medical necessity determination should stand regardless of administrative timing.
Many states have laws protecting providers from retroactive denial of previously authorized services. If the payer authorized a service and later denies claiming the auth was not valid, research your state’s prompt payment and authorization laws. Some states require payers to honor authorizations for a minimum period and prohibit retro-denials of authorized services except in cases of fraud.
Building an Authorization Tracking System
Prevention requires a systematic approach to authorization management. The system does not need to be expensive or complex, but it must be reliable and integrated into your daily workflow.
Start with a centralized authorization log. Whether it is a module in your practice management system, a shared spreadsheet, or a dedicated auth tracking tool, every authorization request and approval must be recorded in one place. The log should capture: the patient name and ID, the date of the auth request, the payer and plan, the service requiring auth (CPT codes), the auth number received, the valid date range, the authorized provider and facility, and the status (pending, approved, denied, expired).
Link the auth log to your scheduling system. When a patient appointment is booked for a service that requires authorization, the scheduler should check the log to confirm an active auth exists. If no auth is on file, the appointment should be flagged and the auth requested before the patient arrives.
Set expiration alerts. Configure your system to alert staff 7 to 14 days before an auth expires. This gives adequate time to request an extension or reschedule the service within the auth window.
Build a pre-billing auth verification step. Before claims are transmitted, run a report that checks each claim against the auth log. Any claim for a service that typically requires auth but lacks an auth number should be held for manual review. This catches the “auth obtained but not on claim” problem before it becomes a denial.
Financial Impact of Authorization Denials
CO-197 denials are among the most expensive per-claim because they disproportionately affect high-cost services. The average authorization denial involves services valued at $1,500 to $5,000 for outpatient procedures and $10,000 to $50,000+ for inpatient admissions and surgeries. Even a small number of CO-197 denials can represent significant revenue at risk.
The overturn rate for authorization denial appeals varies by payer and by the quality of your documentation, but industry data suggests 40% to 60% of appealed auth denials are overturned when supported by clinical documentation. This means every CO-197 denial is worth appealing if you have clinical justification. The $1,500 procedure that costs $30 to appeal is worth the effort when more than half of appeals succeed.
Investing in an authorization management system and dedicated auth staff typically pays for itself within the first quarter. A single prevented CO-197 denial on a $5,000 surgical case covers months of auth tracking costs. Practices that implement systematic auth management see CO-197 denial rates drop by 70% to 90% within six months.