Telehealth in 2025: Navigating the New Regulatory Landscape

Written By ClearPath Compliance

By Drew Duffy ClearPath Compliance

Introduction

Telehealth has evolved from a temporary solution during the COVID-19 pandemic to a permanent fixture in modern healthcare delivery. As we move further into 2025, healthcare providers must adapt to a rapidly changing regulatory environment to ensure compliance and continue delivering quality care.

1. Reinstatement of Pre-Pandemic Restrictions

The Centers for Medicare & Medicaid Services (CMS) has begun reinstating certain telehealth policies that were relaxed during the public health emergency. These changes include:

  • Geographic Restrictions: Telehealth services are now limited to rural areas and specific healthcare settings.

  • Eligible Providers: Only certain healthcare professionals are authorized to offer telehealth services.

  • In-Person Visit Requirements: Some services now require an in-person visit within a specified timeframe.

These reinstatements aim to balance the convenience of telehealth with the need for in-person evaluations in certain situations.

2. Expansion of Telehealth Services

Despite the reinstatement of some restrictions, there have been notable expansions in telehealth services:

  • Coverage for Additional Services: Medicare now covers a broader range of telehealth services, including physical therapy and occupational therapy.

  • Audio-Only Telehealth: CMS has permanently expanded the definition of "interactive telecommunications system" to include two-way, real-time audio-only communication, allowing providers to offer services to patients who may not have access to video technology.

These expansions aim to increase access to care, particularly for patients in underserved areas.

3. Interstate Licensure Compacts

To address the challenges of providing telehealth across state lines, several licensure compacts have been established:

  • Interstate Medical Licensure Compact (IMLC): Allows physicians to practice in multiple states with a single license.

  • Nurse Licensure Compact (NLC): Permits nurses to practice in member states without obtaining additional licenses.

These compacts facilitate the delivery of telehealth services across state lines, improving access to care for patients in various regions.

4. Enhanced HIPAA Compliance Requirements

The U.S. Department of Health and Human Services (HHS) has proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under HIPAA. Key proposed changes include:

  • Mandatory Annual Technical Inventories: Healthcare providers must conduct annual inventories of their technical systems.

  • Enhanced Vendor Oversight: Business associates must notify entities within 24 hours of activating a contingency plan.

  • Mandatory Multi-Factor Authentication (MFA): Providers must implement MFA for accessing ePHI.

  • Encryption Standards: All ePHI must be encrypted both at rest and in transit.

These proposed changes aim to strengthen security controls and reduce breach risks, ensuring greater protection of ePHI.

5. State-Specific Regulations

In addition to federal regulations, healthcare providers must navigate state-specific laws that govern telehealth practices. These laws can vary significantly and may include:

  • Consent Requirements: Some states require explicit patient consent for telehealth services.

  • Prescribing Regulations: Certain states have specific rules regarding the prescription of medications via telehealth.

  • Record-Keeping Mandates: States may impose additional documentation requirements for telehealth encounters.

It's essential for providers to familiarize themselves with the telehealth regulations in each state where they practice to ensure compliance.

Conclusion

The telehealth landscape in 2025 presents both opportunities and challenges for healthcare providers. By staying informed about the latest regulatory changes and implementing robust compliance strategies, providers can continue to offer high-quality care while mitigating legal and financial risks.

At ClearPath Compliance, we specialize in helping healthcare organizations navigate the complexities of telehealth regulations. Contact us today to learn how we can support your compliance efforts.

Sources:

  • Reuters: Top 10 takeaways from the new HIPAA security rule NPRM

  • MarketWatch: 67 million Medicare recipients face 'chaos' if Congress cuts telehealth benefits

  • Wipfli: New healthcare policies and regulations 2025

  • Seabridge Health: Recent Updates in Telehealth Regulations (2025)

  • HHS.gov: HIPAA and Telehealth

ClearPath Compliance https://clearpathcompliance.org
Previous

Bridging the Healthcare Access Divide: The Ongoing Struggle of Americans
Next

The Hidden Threat in 2025: Why Third-Party Vendor Risk Could Be Your Practice’s Compliance Time Bomb