Reasons for the current workflow are as follows: The request for prior authorization must be initiated from within the EHR because the payer system would have no mechanism to know that a service requiring prior authorization was planned/intended that would allow them to query the data/initiate the process. Minimum necessary imposes a requirement on both payers and providers to limit information flow.  With the current "trust relationship" that exists between patients, payers and providers, at present it seems that the only acceptable way to ensure that payers get the information required (and only the information required) is for providers to pull together the relevant package of data based on requirements expressed by payers.  (Which is also how things are done now in the paper/phone/fax world.) Realistically, data is not yet sufficiently standardized in most EHR systems to allow for reliable query by payers even if there was trust to allow the payers to initiate their own queries to extract relevant information. The query mechanisms we have now don't allow automated filtering of elements. There's some questions that would need to be resolved around whether HIPAA's expectations for prior authorization to be handled through X12 would apply in a CDS-hooks solution only All of that said, we're not opposed to having a prior authorization passed back directly as part of CRD where the information exchange needs are limited/non-sensitive/appropriately managed.  We have created a change request ( https://jira.hl7.org/browse/FHIR-25402 ) against CRD to specifically specify a prior authorization as something that could be returned by a card.