After 43 days, Congress has compromised on a government funding package that ended the longest shutdown in the country’s history. The deal provides immediate funding for several federal agencies and extends critical programs impacting health and technology innovation.

The measure funds the Agriculture-Food and Drug Administration (FDA), Legislative Branch and Military Construction-Veterans Affairs accounts through Fiscal Year 2026. All other federal agencies will receive funding through Jan. 30, 2026, maintaining vital authorities and services during that period through a continuing resolution. The legislation also guarantees reinstatement and back pay for federal employees impacted by the shutdown.

Notably, the law extends several key provisions for the period of Oct. 1, 2025, through Jan. 30, 2026.

“While this agreement provides much-needed relief, short-term fixes are not enough,” said Tom Leary, Senior Vice President and Head of Government Relations at HIMSS. “To safeguard patient care and security, Congress must advance long-term solutions for both telehealth and cybersecurity and provide sustained funding stability across all federal agencies that support patient health and the health technology ecosystem.” 

Healthcare Flexibilities

The continuing resolution restores temporary health provisions retroactive to Oct. 1, including telehealth waivers, the Acute Hospital Care at Home (AHCAH) waiver, and other Medicare and Medicaid extenders that had expired. This action creates a pathway for CMS to release held telehealth claims, resume AHCAH services, and reconcile affected payments. Implementation guidance from CMS will be essential to confirm the process and timing for retroactive payment distribution.

HIMSS has championed the restoration of telehealth access, and the “telehealth cliff” created by tying Medicare telehealth flexibilities to short-term funding debates has perpetuated a cycle of uncertainty that disrupts care delivery. 

HIMSS continues to emphasize that the brief extension to Jan, 30 is not sufficient to ensure continuity of virtual care for patients and providers nationwide. The country needs a long-term solution.

Take action: Tell your Senators and Representatives to establish permanent or long-term access to vital telehealth services.

CISA Extension

U.S. lawmakers included the extension of the Cybersecurity Information Sharing Act of 2015 (CISA 2015) as part of the continuing resolution reopening the federal government. 

The extension restores critical legal protections and funding that enable public-private collaboration on cyberthreat intelligence. Under CISA 2015, non-federal entities across the various sectors may share cyber threat indicators and defensive measures with federal entities in accordance with CISA 2015’s requirements. The measures, in effect through Jan. 30, 2026, continue the liability, antitrust, disclosure and other statutory protections for organizations sharing real-time threat indicators and defensive measures with federal agencies. 

Section 405 of CISA 2015 directs the U.S Department of Health and Human Services (HHS) to consult with industry to develop voluntary, practical cybersecurity guidelines for the healthcare and public health (HPH) sector. These resources provide a foundation for improving cybersecurity preparedness and resilience across the healthcare ecosystem. While HIMSS applauded Congress for restoring these protections, a short-term extension does not provide the long-term security needed. HIMSS encourages passage of the bipartisan Peters-Rounds bill to permanently reauthorize information-sharing protections and strengthen cybersecurity across the health sector.

“Nearly eleven years have passed since the Cybersecurity Information Sharing Act of 2015 was signed into law. Great strides have been made to improve healthcare cybersecurity preparedness and resilience, but we need to go further. That progress is only possible with strong collaboration across the healthcare and public health sector and with the federal government,” said Lee Kim, Senior Principal, Cybersecurity and Privacy, HIMSS.

Affordable Care Act

While Democratic leadership had focused much of the shutdown debate on extending Affordable Care Act subsidies, the deal negotiated by the Senate does not include explicit language on the issue. However, Senate Majority Leader John Thune (R-SD) has committed to holding a December vote to extend the ACA premium subsidies, maintaining momentum toward preserving affordable coverage for millions of Americans.

What Comes Next

The Senate will gavel back in the week before Thanksgiving, when Majority Leader Thune plans to begin floor action on a second minibus funding package. Senate leaders are aiming to include the Defense, Labor-Health and Human Services-Education, and Transportation-Housing and Urban Development bills, and potentially the Commerce-Justice-Science and Interior-Environment measures. With the new stopgap extending funding for most departments and agencies for 80 days, appropriators will need to work quickly to avoid another lapse in government funding, especially with holiday breaks upcoming.

HIMSS will continue to engage with policymakers and federal agencies as implementation proceeds, advocating for long-term funding stability for telehealth, digital health innovation, cybersecurity, and data modernization across the public and private sectors.

Previous 2025 shutdown analysis from HIMSS:

• Shutdown Pressures Mount as Healthcare Community Seeks Certainty on Telehealth and Cybersecurity
• U.S. Government Shutdown Halts Funding, Extends Debate over Health and Cyber Protections