Bask Health | Blog
  • Home

  • Plans & Pricing

  • Enterprise

  • Explore

  • Bask Health - Home
  • Home

  • Plans & Pricing

  • Enterprise

  • Explore

  • Bask Health - Home
  • Home

  • Plans & Pricing

  • Enterprise

  • Explore

Bask Health - Home
Theme
    Bask Health logo
    Company
    About
    Blog
    Team
    Security
    Product
    Bask

    Telehealth Engine

    Virtual Care
    API Reference
    Solutions
    Website Builder
    Payment Processing
    Patient’s Management
    EMR & E-Prescribing
    Pharmacy Fulfillment
    Compounding
    Developers
    Integrations
    Docs
    Help Guide
    Changelog
    Legal
    Terms of Service
    Privacy Policy
    Code of Conduct
    Do Not Sell My Information
    LegitScript approved

    Legit Script

    HIPAA Compliant

    Surescripts

    © 2024 Bask Health, Inc. All rights reserved.

    Telehealth Regulations by State: Stay Compliant and Expand Your Services
    Telehealth
    Healthcare

    Telehealth Regulations by State: Stay Compliant and Expand Your Services

    Explore US telehealth regulations by state: licensure, reimbursement, practice standards, and recent changes to help providers stay compliant and informed.

    Bask Health Team
    Bask Health Team
    12/02/2024
    12/02/2024

    Telehealth regulations differ greatly across the United States. Each state has its own set of rules and requirements. Healthcare providers now face a bigger challenge as they handle these state laws while delivering quality virtual care.

    State telehealth regulations cover many key areas. These include licensure requirements, practice standards, reimbursement policies, and security protocols. Recent years have brought major changes to healthcare delivery that continue to shape these regulations. Healthcare providers must understand and follow state-specific requirements to grow their telehealth services and avoid legal problems. Healthcare providers will learn about their obligations and opportunities in virtual care delivery. You'll find details about state-specific requirements, CMS guidelines for 2024, documentation standards, and compliance measures needed for a successful telehealth practice.

    Understanding State Telehealth Frameworks

    State telehealth frameworks have changed by a lot since 2020. States have moved from temporary policies to permanent regulatory structures. More than 25 states now require payment parity. Among these, 21 states have permanent measures while five have conditional rules.

    Key regulatory components

    These basic elements make up state telehealth frameworks:

    • Coverage and reimbursement policies
    • Licensure requirements and interstate practice
    • Technology and security standards
    • Documentation requirements
    • Patient consent protocols

    State-by-state comparison

    Rules differ greatly between states. Fifty states, including Washington, D.C., and Puerto Rico, now pay for live video in Medicaid fee-for-service. Medicaid programs in thirty-seven states cover store-and-forward services. Forty-two states have remote patient monitoring coverage.

    Interstate practice agreements have emerged as a key development. Maryland, Virginia, and Washington D.C. signed a Memorandum of Agreement in March 2023. This agreement recognizes medical licenses mutually and speeds up reciprocal license applications.

    Recent legislative changes

    Four main areas dominated legislative activity in 2023:

    1. Coverage and payment parity
    2. Telehealth licensure
    3. Audio-only telehealth services
    4. Medication-related regulations

    Federal legislation has extended Medicare telehealth flexibilities through December 31, 2024. Federally Qualified Health Centers and Rural Health Clinics can now serve as distant site providers for non-behavioral health services. Medicare patients can receive telehealth services at home.

    States have focused on adding safeguards while keeping access broad. Forty-seven states, DC, and Puerto Rico now require specific consent in their telehealth policies. Thirty-eight states and DC allow exceptions to standard licensing requirements. Twenty-two states have special registration processes for out-of-state providers.

    Licensure and Practice Requirements

    Medical licensing requirements are the lifeblood of telehealth practice regulations in the United States. State medical boards keep primary oversight of healthcare delivery within their borders.

    Interstate Medical Licensure Compact

    The Interstate Medical Licensure Compact (IMLC) marks the most important advancement in multi-state practice capabilities. The agreement now includes 40 states, the District of Columbia, and Guam that create an accelerated pathway for physicians to get licenses in multiple jurisdictions. The 6-year old IMLC has proven successful, with approximately 80% of U.S. physicians qualifying under eligibility criteria.

    State-specific licensing processes

    Each state has unique requirements for physician licensure. Medical professionals need proper licensing both in their location and where the patient receives care. Standard licensing requirements include:

    • Current, valid, and unrestricted license in the home state
    • Clean disciplinary record
    • Professional liability insurance coverage
    • State-specific documentation compliance
    • Annual registration and fee payment with state licensing boards

    Special telehealth licenses

    Twenty states have created specialized telehealth registration processes that give out-of-state providers simpler ways to practice. Florida's 2019 Out-of-State Telehealth Provider Registration process lets providers deliver virtual care to Florida patients with specific practice limits.

    Minnesota leads innovative approaches to telehealth licensing. Out-of-state physicians can provide telehealth services in Minnesota if they have a clean license record and agree not to set up a physical presence in the state.

    Some jurisdictions allow exceptions to standard licensing requirements to ensure continuous care. These exceptions apply to emergency medical conditions or consultations with in-state healthcare professionals. Connecticut lets out-of-state providers practice if they carry professional liability insurance equal to in-state requirements.

    The American Medical Association backs state medical boards' oversight while pushing for simpler processes to reduce costs and paperwork for physicians who want multi-state practice capabilities. This balanced strategy helps protect patient safety and expands access to telehealth services across state lines.

    Technology and Security Standards

    A strong technological infrastructure and security protocols are the foundations of compliant telehealth service delivery. Healthcare providers must deal with both federal and state-specific requirements to deliver secure virtual care and protect patient information.

    HIPAA compliance requirements

    The Health Insurance Portability and Accountability Act (HIPAA) sets the baseline for telehealth security standards. Healthcare providers need reasonable safeguards to protect patient health information through secure communications and data storage. The key requirements include:

    • Access controls and audit mechanisms
    • Encrypted data transmission
    • Minimum necessary standard implementation
    • Private settings for telehealth delivery
    • Secure platform selection and configuration

    State-mandated security protocols

    States have added more data privacy protection laws that go beyond HIPAA requirements. These regulations make transparency better and give patients more control over their health data. State protocols typically address:

    Data Management Requirements

    • Patient data collection and transmission protocols
    • Storage and retention policies
    • Access control mechanisms
    • Breach notification procedures

    Most states require providers to set up specific security measures for audio-only telehealth services, especially when they use Voice over Internet Protocol (VoIP) or mobile technologies.

    Platform certification requirements

    The Joint Commission offers a dedicated Telehealth Accreditation Program that sets standards for organizations providing virtual care services. This program has:

    Core Requirements

    • Information management protocols
    • Leadership standards
    • Medication management guidelines
    • Patient identification procedures
    • Documentation requirements

    Healthcare providers should regularly check the risks of their telehealth platforms, especially when connecting with electronic health records (EHRs). The assessment should look at potential weak points in:

    • Data transmission security
    • Authentication processes
    • Session management
    • Storage encryption
    • Access controls

    Organizations must have business associate agreements (BAAs) with technology vendors who can access protected health information, even if they hold encryption keys. This creates a complete security framework that keeps patient data safe at all points of access and transmission.

    image

    Reimbursement Policies and Procedures

    Telehealth service reimbursement policies keep changing throughout the United States. Major differences exist in coverage requirements and payment structures among federal, state, and private payers.

    Medicare and Medicaid guidelines

    The Centers for Medicare & Medicaid Services (CMS) has extended many more telehealth flexibilities through December 31, 2024. These extensions include key provisions such as:

    • No geographic restrictions for patients or providers
    • Expanded eligible provider types, including FQHCs and RHCs
    • Coverage for audio-only services when appropriate
    • Modified documentation requirements

    Medicaid now reimburses telehealth services in all fifty states, the District of Columbia, and Puerto Rico in some form. States have the freedom to design their telehealth approaches because telehealth is a delivery method, not a distinct benefit type.

    Private payer regulations

    Private payer laws addressing telehealth reimbursement are now in place in forty-four states, plus the District of Columbia and Puerto Rico. These regulations require insurers to:

    • Cover telehealth services when they cover equivalent in-person services
    • Reimburse out-of-network providers based on set policies
    • Process claims regardless of the patient's location
    • Keep coverage consistent between telehealth and in-person visits

    Payment parity laws

    Twenty-four states now require payment parity, making private insurers match telehealth reimbursements with in-person service rates. These laws vary by a lot:

    Full Payment Parity States Twenty-one states have permanent payment parity measures. These rules ensure virtual care gets paid the same as in-person care.

    Conditional Implementation Eight states have payment parity with specific conditions:

    • Louisiana's rules apply only to occupational and physical therapy
    • Massachusetts limits parity to mental health services
    • Maryland's rules run through June 2025
    • Vermont's measures last until January 2026

    Three states passed new parity requirements in 2023. Colorado made permanent parity rules for veterans' behavioral health services. Nevada tied parity to location and service type.

    Documentation and Record-Keeping

    Detailed documentation and record-keeping are the foundations of compliant telehealth practice. Requirements vary substantially between jurisdictions. Healthcare providers must handle complex documentation standards while keeping detailed patient care records.

    State-specific documentation requirements

    State regulations require healthcare providers to keep meticulous records of telehealth encounters. Key documentation elements include:

    • Visit category (audio-video or audio-only)
    • Start and end times of encounters
    • Patient and provider locations
    • Names and roles of all participants
    • Physical findings and limitations
    • Patient-generated data integration
    • Technology platforms used

    Healthcare providers need specialized documentation templates for telehealth visits in many states. Most healthcare facilities use their own designed guidelines. They also follow federal/state government protocols and professional association standards for documentation procedures.

    Patient consent protocols

    Patient consent must be documented before starting telehealth services in most states. Medical providers need to get verbal or written consent and file it in the patient's medical record. Patient consent documents should cover:

    Required Elements

    • Acknowledgment of telehealth service delivery
    • Discussion of technology limitations
    • Privacy and confidentiality measures
    • Right to refuse telehealth services
    • Alternative treatment options
    • Emergency protocols

    Group practices can use a single documented consent for multiple providers. This works when the consent specifically mentions telehealth as an acceptable treatment method.

    Record retention policies

    Each state has different medical record retention rules for adult and minor patients. Adult records need 6-10 years of storage from the last service date. Minor patients' records must be kept until they reach majority age plus extra years - anywhere from 19 to 28 years based on state laws.

    Notable State Variations: Connecticut's rules require keeping records for 7 years after the last treatment, with a 3-year period after patient death. Hawaii uses two retention periods - full medical records stay for 7 years after the last entry, while basic information needs 25 years of storage.

    Regular audits help healthcare organizations check their telehealth documentation practices. They should update their policies based on state requirements. Their electronic health record systems need proper templates and standardized forms to handle telehealth documentation requirements effectively.

    Conclusion

    The U.S. healthcare system has a complex yet workable framework for telehealth regulations. Each state's specific rules guide virtual care delivery. These rules affect everything from licensing and practice standards to payment policies and security measures.

    Healthcare providers just need to focus on key elements as they grow their telehealth services. They must follow state-specific licensing rules and interstate agreements. Security remains crucial with HIPAA compliance and state mandates. Payment policies from Medicare, Medicaid, and private insurers play a vital role. Proper documentation and record-keeping round out these essential requirements.

    Legislative updates show strong backing for telehealth services. Many states now have lasting policies that ensure coverage equality. They also make it easier to practice across state borders. Medicare benefits will stay flexible through 2024. More states now join the Interstate Medical Licensure Compact, which shows continued progress toward available virtual healthcare.

    Healthcare providers can deliver quality virtual care across state lines. The key lies in following regulations while providing excellent patient care. Those who adapt to these changing rules are better positioned to succeed in telehealth practice.

    Schedule a Demo

    Talk to an expert about your data security needs. Discuss your requirements, learn about custom pricing, or request a product demo.

    Sales

    Speak to our sales team about plans, pricing, enterprise contracts, and more.