Telehealth: Frequently Asked Questions

Prescribing: The DEA, jointly with the Department of Health and Human Services (HHS), has extended the full set of telemedicine flexibilities regarding prescribing controlled medications that were in place during the COVID-19 public health emergency through December 31, 2025.

Medicare and Medicaid: Many of the CMS Medicare telehealth billing concessions expired on September 30, 2025. The current status remains uncertain pending the conclusion of the government shutdown. An extension has clearly been contemplated, but a definitive determination is yet unresolved. For example, one proposal recommended an extension until November 21, 2025. The following resources may provide some intermediate guidance pending final disposition:

• American Medical Association: House bill would make telehealth changes permanent
• American Telemedicine Association: News and Action Letters
• California Medical Association: Immediate Action Needed: Medicare telehealth flexibilities set to expire Sept. 30
• National Consortium of Telehealth Resource Centers: The Telehealth Policy Cliff: Preparing for October 1, 2025
• Time: Telehealth Is About to Abruptly End for Seniors

See the CMS Medicare Payment Policies page for more information. Specifics going forward may be found on the CY 2025 Physician Fee Schedule Final Rule.

Medicaid telehealth compliance requirements will not be affected. States already have significant flexibility with respect to covering and paying for Medicaid services delivered via telehealth. For more information, please see HHS's State Medicaid Telehealth Coverage.

HIPAA/HITECH: All practitioners using telehealth must be compliant with preexisting telehealth privacy and security requirements. For example, current electronic technologies used for remote communications are required to comply with the HIPAA Security Rule, including communication apps, VoIP technologies, electronic recordings or transcriptions of telehealth sessions, and electronically stored audio messages.

For more information, see HHS's Privacy and Security for Telehealth and Guidance on How the HIPAA Rules Permit Covered Health Care Providers and Health Plans to Use Remote Communication Technologies for Audio-Only Telehealth.

For licensed practitioners who incorporate telehealth services into their traditional office practices, The Doctors Company’s professional liability policy makes no distinction between traditional care and telehealth services. However, coverage requires clinicians to comply with federal and state statutes as well as administrative regulations on telehealth. Practitioners must determine local licensing requirements by checking with the licensing boards in the jurisdictions where they practice and in the states where their virtual patients are located. Questions regarding legal requirements should be directed to corporate counsel.

For policy coverage questions, contact your agent or broker or The Doctors Company at (800) 421-2368.

Healthcare professionals who intend to provide telehealth services across state lines must be licensed in the state where they practice, and frequently, in the jurisdictions where their patients are located when the care is delivered. Practitioners are responsible for determining licensure requirements for the state where the patient is receiving care. Many states require a full license to treat and prescribe for their constituent patients via telehealth. Some states will accept an Interstate Medical Licensure Compact license, although access to that option may be limited. A few jurisdictions allow “infrequent” practice without a license or practice in collaboration with a practitioner who is licensed in the state where the patient is located. The medical, dental, and advanced practice clinician communities should be aware that the relaxed requirements implemented on an emergency basis during the COVID-19 pandemic have now been rescinded.

Practitioners who intend to practice across state lines (or who are already doing so) should check with the appropriate licensing boards in each state where they intend to provide telehealth services and obtain appropriate credentials before accepting patient appointments. Failure to follow legislative and administrative rules have serious potential consequences, including complaints to licensing boards with possible sanctions, penalties and other ramifications, and reports to third-party payers such as CMS and private independent networks, as well as hearings before facility privileges and credentialing committees.

Licensing and other compliance requirements must be strictly observed. The following strategies can help you address the challenge of caring for patients who are out of state for school.

Follow the licensing guidelines and state statutes described in the “Do I need a special license to treat patients across state lines?” section. The practitioner can review the academic calendar with the patient and family (as appropriate) and arrange to see the patient for medication monitoring during a visit home. Colleges and universities have student health centers. With permission from the patient or parent/guardian, consider developing a collaboration with the student health center. Another consideration is for clinicians to issue prescriptions in jurisdictions where they are licensed for patients in other states and request pharmacies to process and fill the medication remotely where the patient resides.

Professional requirements for the delivery of healthcare remain consistent regardless of the modality used to implement the needed services. In other words, the standard of care for telehealth patients is the same as for onsite, in-person care. In a professional liability claim, the question is invariably whether the clinician delivered care and treatment consistent with what other similarly trained practitioners would do under the same or similar circumstances consistent with the community standard. However, local or regional guidelines have given way to national practices in recent years.

Many claims involve an allegation of failure or delay in diagnosis. If competently assessing a condition requires a hands-on evaluation, the patient must be seen in person. A clinician who encounters a potentially high-acuity condition that may be difficult to diagnose via available telehealth technologies but does not refer the patient for an office visit or to the emergency department faces a potential liability risk if an adverse event occurs. That liability is essentially the same vulnerability the practitioner would face after failing to make a needed referral following a face-to-face visit.

The technology used to deliver telehealth care might create additional liability exposure for data breaches, HIPAA violations, or outdated or malfunctioning equipment.

Patients not deemed incompetent or under the supervision of a conservator or legal guardian have the right to refuse care. Your responsibility as a healthcare practitioner is to comply with routine informed consent practices and advise the patient or legal caretaker of the benefits of the proposed treatment, the risks of failing to follow the recommendations, and any potential alternatives. The conversation must be accurately documented in the record at or near the time when the discussion occurred. Consider asking the patient about the possibility of involving a significant other in the discussion, consistent with applicable federal and state privacy rules. Sometimes the presence of a supportive family member can be helpful, especially if the patient is apprehensive or lacks sufficient healthcare literacy. In addition, if the patient’s clinical condition is significant, the support person will likely be aware of clinically important facts and can call 911 if needed. If the patient persists in refusing treatment after appropriate discussion, adjust the plan accordingly and carefully record the discussion in the progress notes. See our article “Informed Refusal” and our sample form Refusal to Consent to Treatment, Medication, or Testing.

A telehealth-specific informed consent discussion prior to utilizing that modality is considered best practice, although not all states require written consent. Practitioners who use telehealth should be cognizant of their state’s definition of telehealth and related informed consent requirements. The telehealth consent discussion should address the potential for technology disruptions and backup plans, patient and practitioner identification, and the patient’s right to decline a virtual visit and request a medically appropriate alternative, such as an in-person office visit. Typical telehealth risks include the potential for converting to an in-person visit based on the patient’s condition or clinical presentation, health information privacy and security risks related to the patient’s environment and communication technology, and equipment or other mechanical disruptions. For more information, read our article “Informed Consent: Substance and Signature.” Find a sample Telehealth Informed Consent form on our Informed Consent Sample Forms page.

Documentation in all phases of healthcare delivery is critical. In addition to what a practitioner would normally document during any visit, documentation for telehealth visits should also include telehealth informed consent, confirmation of the patient’s identity, and the modality of telehealth being used (that is, the telehealth platform or video service). If the patient has taken vital signs (such as temperature, pulse, blood pressure, or weight), record in the progress notes that the information was “patient provided.”

Telehealth does not change the fact that practitioners should use their best clinical judgment—based upon their education, training, experience, and the standard of care—and document their reasoning in the patient record. If a patient’s complaint would generally warrant an in-person visit, weigh the risks of any emergent condition against the risks of delaying intervention until an in-office visit can be scheduled. Make the determination on the type of examination that is required and mitigate liability risks by clearly and succinctly documenting the reasons for your decision in the patient’s record. 

Yes. Payers have long reimbursed practices for telehealth visits. Rates of compensation have increased since the advent of the pandemic as well as the scope of services that may be recovered and the amounts recognized for payment. Some payers differ on what constitutes a telehealth visit and whether telephone calls and asynchronous services (such as those accessed by the patient portal or email) will be reimbursed. As with any type of healthcare billing, practices must follow the most current payer guidelines, including applicable CMS rules, and are encouraged to review their payer-provider agreements periodically to determine compliance requirements and levels of reimbursement.

Interstate utilization of APCs with telehealth presents a very challenging and complex scenario for clinicians. Practitioners who are considering this option should consult with an attorney who is familiar with healthcare laws in their home state, as well as an attorney in the state where the APC will be practicing. Questions to consider include specific licensure requirements for both parties in each state, how supervision will be managed in the APC’s home state (if required), the scopes of practice for prescribing medication and treating in both states, and a review of third-party payer contracts.