Telehealth Compliance Post-Pandemic: Navigating State and Federal Requirements

By /
Wooden letter tiles forming the word 'COMPLIANCE' on a rustic wooden background.

Telehealth transformed healthcare delivery during the COVID-19 pandemic—but the regulatory flexibility that fueled its growth has shifted. As temporary waivers expire and states reassert control, telehealth providers face a new and often confusing compliance landscape in 2025.

If your organization provides virtual care, now’s the time to revisit your compliance strategy and ensure you’re aligned with evolving HIPAA standards, state licensure rules, and telehealth reimbursement policies.

The Post-Pandemic Telehealth Landscape: What’s Changed?

The federal government and many states relaxed regulations in 2020 to expand access to care, particularly Medicare and Medicaid patients. But as public health emergencies have ended, many of those exceptions have rolled back or been modified.

Here’s what healthcare providers need to know:

Some federal flexibilities are now permanent.

  • CMS has made several telehealth services permanently reimbursable under Medicare.

  • Behavioral health services can often be delivered across state lines, depending on the context.

  • Certain HIPAA flexibilities for telehealth platforms have ended—secure, compliant tools are again mandatory.

State regulations vary—widely.

  • Some states now require in-state licensure for telehealth providers.

  • Others offer interstate compacts or special telehealth registrations.

  • Many states have created new telehealth parity laws—but not all require equal reimbursement.

Bottom line: compliance today is a mix of federal and state-by-state rules.

Key Areas of Telehealth Compliance to Watch in 2025

1. Licensure and Credentialing

  • Verify licensing for every provider delivering care across state lines.

  • Consider enrolling in the Interstate Medical Licensure Compact (IMLC) or Nursing Licensure Compact (NLC) for faster multi-state coverage.

  • Regularly check state medical board updates—many laws have changed since 2022.

2. HIPAA and Security Requirements

  • OCR’s HIPAA enforcement discretion for telehealth expired with the COVID-19 emergency. You must now use:

    • HIPAA-compliant video platforms

    • Encrypted communication

    • Business Associate Agreements (BAAs) with any third-party vendors

Common violation: Still using FaceTime or Zoom without a BAA—don’t do it.

3. Informed Consent

  • Many states require telehealth-specific informed consent.

  • Consent must be documented and should include:

    • Technology being used

    • Risks and limitations

    • Emergency protocols

  • Consider adding consent language directly into your virtual intake process.

4. Billing and Reimbursement Compliance

  • Coding and documentation rules for telehealth are not the same as in-person visits.

  • Be clear on:

    • Which services are covered (especially by Medicare/Medicaid)

    • Place of service codes (e.g., POS 02 or POS 10)

    • Time-based vs. complexity-based billing requirements

Incorrect billing is a major trigger for audits—especially under Medicaid.

Compliance Best Practices for Virtual Care Teams

  • Appoint a Telehealth Compliance Officer or Point Person
    Someone should own responsibility for monitoring changes, training staff, and updating procedures.

  • Regularly Audit Your Tech Stack
    Are your platforms HIPAA-compliant? Are they storing PHI securely? Do vendors have signed BAAs?

  • Train Staff on State Laws
    If you operate in multiple states, staff need to know the rules where each patient is located—not just where the provider is.

  • Keep Policies Current
    Have a written telehealth policy that covers privacy, documentation, emergency protocols, and provider-patient communications.

Bonus: Free Telehealth Compliance Checklist

Need a quick way to evaluate your program? [Download our free “Telehealth Compliance Checklist”] to assess where you stand on licensure, HIPAA, billing, and consent.

Final Thoughts

Telehealth is here to stay—but compliance is no longer as flexible as it was during the pandemic. With regulators watching closely and laws changing rapidly, being proactive about compliance is critical to the long-term success and safety of your virtual care program.

Need help with policy creation, vendor vetting, or a compliance audit? Contact us—our experts are ready to help.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top