Senators Request Information from CMS on Medicare Advantage Provider Directory Issues. Senators Jeff Merkley (D-OR), Ranking Member of the Senate Budget Committee, and Ron Wyden (D-OR), Ranking Member of the Senate Finance Committee, sent a letter to Centers for Medicare & Medicaid Services (CMS) Administrator Mehmet Oz, MD, requesting responses to potential issues with the Medicare Advantage provider directory. The letter describes the Medicare Advantage provider directory as “riddled with erroneous, conflicting, and duplicative information.” The letter asserts that problems with the directory risk confusion for millions of Medicare beneficiaries looking for plans and in-network providers. CMS appears to be aware of issues with the provider directory because it had notified Medicare Advantage Organizations (MAOs) that beneficiaries would be permitted to change plans within three months if provider-network misinformation influenced their selection. The Senators asked the agency to address the following: (i) Why did CMS deploy this temporary Medicare Advantage-only directory tool instead of the planned national provider directory; (ii) What review or testing process was completed prior to the launch of the directory; (iii) What is the status of MAOs requirements to offer a public facing Provider Directory Application Programming Interface with data on a payer’s network of contracted providers; and (iv) Why were beneficiaries not notified of the option to change plans if the one they chose was based on incorrect information. The Senators directed CMS to respond to their questions by November 17. 

CMS Issues Update on Processing of Telehealth and Acute Hospital Care at Home Claims. CMS issued an update on the processing of claims for telehealth and acute hospital care at home services. As of October 1, many of the extensions for payment for Medicare telehealth services expired. CMS has been evaluating Medicare claims operations to ensure that CMS pays only the telehealth claims consistent with the current law. Behavioral and mental health and Accountable Care Organization services that meet the requirements for telehealth care continue to be paid. CMS is identifying the claims that meet payment requirements using procedure, diagnosis, and Place of Service codes. CMS acknowledges that not all claims that are payable under current law have been identified due to system limitations. CMS is taking action to resolve this subset of claims that are currently being held by returning them to the providers with messages that the claims may be resubmitted.

WISeR Model Participants Chosen. CMS has identified the participants in the Wasteful and Inappropriate Service Reduction (WISeR) Model whose technologies, such as artificial intelligence (AI) and machine learning, will be used to conduct prior authorization reviews in six states. The companies and their Medicare Administrative Contractor jurisdiction assignments are:

• Cohere Health, Inc. for JH Novitas in Texas
• Genzeon Corporation for JH Novitas in New Jersey
• Humata Health, Inc. for JH Novitas in Oklahoma
• Innovaccer Inc. for J15 CGS in Ohio
• Virtix Health LLC for JF Noridian in Washington
• Zyter Inc. for JF Noridian in Arizona

The WISeR Model, which was announced by CMS in July, will run for six performance years from January 1, 2026, to December 31, 2031. 

FDA Meeting Addressed AI-Enabled Digital Mental Health Devices. The Food and Drug Administration’s (FDA) Digital Health Advisory Committee (DHAC) met on November 6 on the topic of generative AI-enabled digital mental health medical devices. The focus of the meeting was the patient-facing aspect of generative AI-enabled technologies used to treat and diagnose and potential regulatory approaches to maintain safety and effectiveness. Panelists participating in the meeting addressed a series of questions related to a scenario specifically on the use of “AI therapists” and other AI-based medical devices designed to provide a wide range of mental health therapies and interactions with provider-like chatbots. DHAC intends to use the feedback from this meeting to assist the FDA in its work evaluating digital health medical devices and supporting the delivery of meaningful treatments for patients.

NSA, CISA, and International Partners Release Microsoft Exchange Server Security Best Practices. The National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA), and international cybersecurity partners, Australian Signals Directorate’s Australian Cyber Security Centre and Canadian Centre for Cyber Security, collaborated on the development of Microsoft Exchange Server Security Best Practices. The document is a guide focused on strengthening user authentication and access, ensuring strong network encryption, and minimizing application attack surfaces. The goal is for organizations to reduce their risk from cyber threats with the implementation of these practices. Due to organizations’ reliance on Microsoft Exchange for communication functions, security best practices for protection from malicious actors, abuse, and exploitation of vulnerabilities is critical. Organizations are strongly encouraged to mitigate risks and prevent malicious activity. 

CMS: Every State has Applied for Funding Through $50 Billion Transform Rural Health Program. CMS announced that all 50 states submitted applications for the $50 billion Rural Health Transformation Program. The program was designed to provide funding for rural health care systems for them to expand access, enhance quality, and improve outcomes for patients. Two of the program’s five goals include expanding the use of technologies that promote access and efficiency in rural settings and testing new models of care delivery to improve rural health outcomes and lower the cost of care. CMS plans to announce the approved awardees by December 31, 2025, with funding distributed over five years beginning in federal fiscal year 2026. CMS’s Office of Rural Health Transformation will provide technical assistance and ongoing support to help states design, launch, and sustain initiatives that best serve their rural communities.

Sequoia Project Releases Draft Guidance to States on Sensitive Data, Seeking Feedback. The Sequoia Project, the Trusted Exchange Framework and Common Agreement’s Recognized Coordinating Entity, released a draft paper titled “Guidance to States: Legislating Technical Standard Definitions for Existing State Sensitive Health Data Laws” and is seeking feedback by November 26. The paper provides an overview of the current digital management of health data and the federal and state laws that address privacy protections. It calls for a single, standardized technical language for systems to identify sensitive data and the applicable privacy rules. Proposed model language for states is intended to provide a legislative framework for defining sensitive health data that aligns with federal standards. The paper also includes calls to action to allow appropriate data sharing while protecting patient privacy.