WEDI to Participate in CMS Listening Session on Prior Authorization Standard, Holding MPA TODAY-November 17. WEDI has been invited to participate in a listening session on prior authorization being held by the Centers for Medicare & Medicaid Services’ (CMS) National Standards Group on December 10, 2025. The listening session will focus on benefits and challenges associated with implementation of the FHIR API-based prior authorization standard. To gather input, WEDI is holding a Member Position Advisory (MPA) event on November 17 from 1:30 – 3:30 pm ET. This members-only event will focus on addressing a series of questions from CMS. Information gathered during the MPA will be used to form WEDI’s positions and comments for the listening session. Review the CMS questions and register for the MPA here.

Federal Government Reopens with Signing of Continuing Appropriations, Includes Medicare Telehealth Extensions. The federal government shutdown ended on November 12 following the signing of a Continuing Appropriations Bill that funds the government until January 30, 2026. Included in the funding is an extension of the Medicare telehealth waivers and hospital at home programs that expired on September 30, including retroactive pay for services that were provided during the government shutdown. The specific Medicare telehealth services include: (i) Allowance for patients to receive telehealth wherever they were located, such as their home, without any geographic restrictions for non-behavioral or non-mental services; (ii) Allowance for distant site providers to conduct telehealth services and usage of Federally Qualified Health Centers and Rural Health Clinics to serve as distant site providers for non-behavioral or non-mental telehealth services; (iii) Allowance of the use of audio-only telehealth for some non-behavioral or non-mental telehealth services; and (iv) Waiver of the requirement for an in-person visit within 6 months for hospice care eligibility recertification. The Acute Hospital Care at Home Program and In-Home Cardiopulmonary Rehabilitation flexibilities were also extended until January 30, 2026.

CMS Notifies MAOs of Draft Provider Directory Update Process for Medicare Plan Finder. The Medicare Advantage Organizations (MAOs) were notified by CMS of a draft process for MOAs to update their provider network data. The draft “Technical Implementation Guide for Supplying Medicare Advantage (MA) Provider Directory Data for Use in Medicare Plan Finder (MPF)” is technical guidance for MAOs implementing the requirements of the September 18, 2025, “Medicare and Medicaid Programs; Contract Year 2026 Policy and Technical Changes to the Medicare Advantage Program, Medicare Prescription Drug Benefit Program, Medicare Cost Plan Program, and Programs of All-Inclusive Care for the Elderly (PACE) – Finalization of Format Provider Directories for Medicare Plan Finder Second First Rule”  (CMS-4208-F2). Topics addressed in the draft guidance include the MA plans subject to the requirements, phases of the implementation, reporting of provider directory application programming interface endpoints, technical specifications for data use in the MPF, data validation, attestation, and testing. CMS is seeking feedback on the draft technical guidance and comments can be submitted via the online survey tool by December 19.

Senate Bill Addresses Health Information Privacy. Senator Bill Cassidy, MD (R-LA) introduced S. 3097, “Health Information Privacy Reform Act,” to provide additional protections for patient-generated health data through wearable devices and digital health applications. The bill calls for the Secretary of Health and Human Services (HHS), in consultation with the Federal Trade Commission, to issue regulations setting privacy, security, and breach notifications standards for the processing of health information by regulated entities and their service providers not currently covered under the Health Insurance Portability and Accountability Act (HIPAA). The privacy protections would be required to, at a minimum, equal those under HIPAA. They would also have to address permitted uses and disclosures of the health information with or without the individual’s consent, individual’s rights related to the health information, and administrative safeguards. Proposed security requirements would add physical, technical, and administrative safeguards based on standards or national frameworks. The bill has been referred to the Committee on Health, Education, Labor, and Pensions, which Sen. Cassidy chairs.

House Democrats Introduce Bill to Prohibit WISeR Model. U.S. Representatives Suzan DelBene (D-WA), Ami Bera, MD (D-CA), Greg Landsman (D-OH), Rick Larsen (D-WA), Mark Pocan (D-WI), and Kim Schrier, MD (D-WA) introduced H.R. 5940 titled “Seniors Deserve Streamlined Medical Approvals for Timely, Efficient Recovery Care Act of 2025’’ or the ‘‘Seniors Deserve SMARTER Care Act of 2025. Since its introduction, an additional 18 Representatives have signed on as co-sponsors of the bill. The bill simply states that the Secretary of HHS may not implement the CMS Wasteful and Inappropriate Service Reduction (WISeR) Model or any substantially similar model. The bill has been referred to the Committee on Ways and Means and the Committee on Energy and Commerce. The WISeR Model, which is set to begin in the traditional Medicare program on January 1, 2026, will use technologies such as artificial intelligence and machine learning to conduct prior authorization reviews in six designated states.

CISA, FBI, and International Partners Release Advisory Update on Akira Ransomware. The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, HHS, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware. Akira ransomware threat actors have expanded their capabilities, targeting small and medium-sized businesses and larger organizations in health care and across other sectors. The advisory reflects new findings highlighting Akira ransomware’s evolution and continued threat to critical infrastructure sectors. It provides information on the ability of threat actors to exploit vulnerabilities in edge devices and backup servers, use command line techniques to discover networks and domains, use remote management and monitoring tools to mimic administrator activity, deploy malware, use remote access tools and protocols to steal authentication tickets, and exfiltrate data. Organizations are encouraged to apply patches for known vulnerabilities and monitor unauthorized domain account creation and unusual network activity.

CISA Releases Emergency Directive for Cisco ASA and Firepower Devices. CISA released Emergency Cisco Directive 25-03 Implementation Guidance for users of Cisco Adaptive Security Appliances (ASA) and Firepower devices to correct critical vulnerabilities, including allowing remote code execution and privilege escalation. A previous emergency directive was issued on September 25, but threat actors continue to target these devices. The vulnerabilities pose significant risk to users of the devices. Information on minimum software versions that address these vulnerabilities is included in the guidance. Federal agencies are to complete necessary patching actions on affected devices.

ASTP Annual Meeting Scheduled for February 11-12, 2026. The Assistant Secretary for Technology Policy (ASTP) Annual Meeting will be held February 11-12, 2026, in Washington, DC. The Annual Meeting will include in-person education, plenary sessions, and networking opportunities. The mainstage plenary sessions will also be available for viewing online. The agenda, registration, and hotel information will be made available in the coming weeks. Go here for additional information.