Regulations and requirements for telehealth provision


At the time of writing, a unique set of circumstances exist in the United States and elsewhere whereby the barriers to practice telehealth are minimal. In fact, if a licensed urologist in the USA has a smart phone, they are sufficiently equipped, and in compliance with regulations, to provide clinical consults to their patients via telehealth. On January 31, 2020, the 2019 Novel Coronavirus (COVID-19) was declared a public health emergency in the United States and a raft of subsequent legislation was passed, which cease to have effect at some date in relation to the end of this public health emergency. In terms of telehealth provisions, probably the chief among these came on March 17, 2020, when the Office for Civil Rights at the United States Department of Health and Human Services (HHS) announced that it would waive potential penalties for violations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) against healthcare providers that serve patients through everyday communication technologies during the COVID-19 nationwide public health emergency. Thus, in effect, opening the door for any and all applications to be used to deliver telehealth by providers. The press release specifically named communication applications FaceTime and Skype and specified they could be used for any telehealth treatment or diagnostic purpose. After this expires, in the United States at least, all providers will be required to comply with relevant legislation. It should be remembered though that these regulations are not mere bureaucratic barriers to be overcome and, particularly in the case of laws relating to patient data and privacy, they exist to protect the best interests of patients and the medical profession. Just because physicians will not be fined for knowingly sharing patient information in insufficiently secure communications, does not mean that physicians should be doing so.

Regulation of telehealth is currently relatively relaxed in most jurisdictions and there is no one regulator of telehealth. In the United States and European Union (EU), each state has regulatory institutions that establish and dictate the standards for clinical treatment: for the most part, these same bodies regulate telemedicine and telehealth standards. However, these standards are often vague, and poorly defined. And while these state-level bodies operate in accordance with federal regulations such as rules from the Centers for Medicare and Medicaid Services (CMS), as mentioned, the extent and scope of these regulations pertaining to telemedicine is limited.

As the majority of telehealth regulation is determined on a state-by-state level in the United States and EU, it will not be dealt with in detail in this book. However, the Federation of State Medical boards (FSMB), the American Medical Association (AMA), and the Center for Connected Health Policy offer state-by-state guidance. The federally funded Center for Connected Health Policy in the United States is a great resource for federal and state-by-state policies affecting telehealth practice in the United States of America.

Given these caveats, there are some key laws and regulations that address essential criteria, which must be fulfilled to legally provide telehealth services. Some of the key federal regulations in the United States include the HIPAA, the Medicare Telehealth Services Flexibility Act (MTSFA), and the Federal Communication Commission’s (FCC’s) Rural Health Care Program. HIPAA will be discussed in more detail in the following chapter relating to patient privacy.

Regulation of telemedicine in the European Union

Significant differences exist in national regulations and social security schemes across the EU, which impact the provision of telehealth services. As a result, solutions currently deployed tend to be available in single states and greater work is required to define EU-wide standards for interoperability and facilitate cross-border use. Prior to 2020, a wide gulf in telehealth utilization existed between the EU and United States. The discussion of telehealth regulations is so disparate and yet simultaneously poorly defined at a state level that it is simpler to use the US experience as a framework for discussion. While this and subsequent chapters will offer more focus on the US, EU and international perspectives will also be addressed.

The adoption of information technologies in Europe is the main accelerator of telemedicine. Prior to 2020, the telemedicine market potential has proven strong and is expected to grow at a CAGR of 14%, further driven by the adoption of wearable devices and mobile applications. Current telemedicine standards and guidelines focus primarily on technical requirements. In addition to international organizations providing guidelines, nations and EU member states also establish their own national rules. In some instances it is apparent that these rules have been created precisely for telemedicine solutions relating to a particular medical specialty. While there has been some consideration of the relevant domains of data protection, organization, human resources, ethics, and electronic health records—these are neither comprehensive nor appear to reflect joined-up thinking on the matter. Furthermore, the compatibility of standards, as an enabler for interoperability, deserves more attention, particularly if a strategic goal was to prepare for the large-scale implementation of telemedicine services.

There are concerns that current legal loopholes, including those surrounding liability and data security, will also contribute to stifle greater telehealth adoption. The EU could help address these issues in a number of ways—including through legislating for processes including a simple and workable patient consent procedure for data processing to facilitate effective collection, storage, processing, and sharing of essential health information. Presently, such activity may contravene other privacy laws in the EU which, when written, did not fully consider the needs of patients and the need for telehealth provision. The importance and significance of data protection and security should not be compromised but clearly there are different needs to be considered: where some corporations may wish to target market segments, and with sufficient granularity as to allow the identification of an individual’s consumer behavior, healthcare and public health bodies may offer greater benefits to all of society through privileged access to such data. Such legislation could be introduced in a way which would not jeopardize a patient’s privacy or confidentiality, but sufficient regulatory oversight and governance procedures are required. This would also require harmonization of legal frameworks and agreement on terminology and definitions. In many ways, the EU is in an advantageous position in this regard as most member states have not legislated for telehealth, and so it would be optimal for standards and definitions to be agreed upon on an EU-wide basis before codified into law at a national level.

Federal US legislation relevant to the practice of telehealth in the United States

Medicare Telehealth Services Flexibility Act (MTSFA)

The MTSFA is a bill that was introduced in the United States House of Representatives in March 2020 during the COVID-19 pandemic. The bill aimed to expand Medicare coverage for telehealth services. The MTSFA allows Medicare beneficiaries to receive telehealth services from any provider, regardless of location, as long as the provider is licensed in the state in which the patient resides. Many of the flexibilities proposed by this bill were permitted in response to there being a declared public health emergency. As a result, these flexibilities would expire once the public health emergency is over.


The Coronavirus Preparedness and Response Supplemental Appropriations Act became law on March 6, 2020. It not only provided healthcare agencies with additional funding to address the COVID-19 outbreak, but also eased existing telehealth restrictions in order to enhance patient access to care services. By March 17, 2020, the Centers for Medicare and Medicaid Services announced that they would expand the waiver for telehealth in several areas, including the care of new patients for issues unrelated to the public health emergency. However, this legislation did not open up telehealth billing to new practitioners. On March 27, 2020, the “Coronavirus Aid, Relief, and Economic Security Act” (CARES Act) was passed. Along with provisions centered on shoring up the economy and providing additional support for medical response, CARES includes additional funding and flexibility for telehealth provision—including giving authority to the Secretary of the Department of HHS to waive any Social Security Act provision that impedes patient care delivered by telehealth. Some of the regulations which the Secretary of the HHS has waived give insight into many of the existing barriers to the adoption of telehealth and also provide a to-do list for legislators and advocates of telehealth. These include:

  • Originating site: The Secretary has waived the requirement that a beneficiary must travel to an actual site of care to receive telehealth services and has instead allowed beneficiaries to receive services wherever they are. The Secretary has also waived the geographical site restrictions on Medicare telehealth services to allow all areas and locations within the country delivery of these services, including patients’ homes.

  • Device type: As mentioned briefly above, it is permitted for telehealth services to be offered through personal phones and tablets, using third party applications, as long as the person receiving the service has audio and visual access to the clinician. While this is a flagrant violation of HIPAA rules, those offenders will not be fined during the public health emergency.

  • Patient and service eligibility: Telehealth services have been expanded to include a wider range of services, and new patients can now use telehealth. Previously, telehealth was only available to patients who had received telehealth services from the provider within the past three years. The changes require informed consent and beneficiary initiation of the encounter but significantly increase the number of patients who can take advantage of telehealth services.

  • High-deductible healthcare plans (where patients have to pay thousands of dollars before their insurance provides coverage): Access barriers and the requirement to satisfy the deductible before patients could access telehealth and risk their eligibility for health savings accounts were removed by the Secretary of HHS for the duration of the public health emergency.

As mentioned already, many of these issues still require the passing of post-pandemic legislation.

Federal communication commission’s rural health care program

The FCC’s Rural Health Care Program includes the Telecommunications Program and the Healthcare Connect Fund (HCF) Program. In 1996, Congress instructed the FCC to use the Universal Service Fund (USF) to provide support for both telecommunications and advanced telecommunications and information services for eligible healthcare professionals (HCPs). This federal program provides funding to help healthcare providers in rural areas get access to high-speed internet. The program provides discounts to eligible healthcare providers on their monthly broadband bills. HCPs use these services to provide telemedicine, send medical records, and perform other telemedicine activities—improving patient care—and are intended to help reduce healthcare costs.

Established in 1997, the Telecommunications Program ensures that eligible rural HCPs pay no more than their urban counterparts for telecommunication services used for healthcare purposes. The telecommunications program pays the difference between urban and rural rates for telecommunication services for eligible rural health professionals. The HCF program, launched in 2012, supports broadband connectivity and broadband networks for eligible HCPs with a 65% discount on the cost of advanced telecommunications and information services, and equipment for healthcare purposes. Support for the Rural Health Care Program was capped at $571 million per funding year subject to annual review for inflationary increases ( ).

While this is certainly a step in the right direction, the program really only helps providers get access, and not patients, who also need to have access and are almost certainly going to be located in more rural locations than providers who often offer services from a health center. Initiatives to address disparities in access and ensuring those most in need can get affordable access to telecommunication services and equipment would not necessarily require additional public money, but in much the same way that large urban areas receive the bulk of physical infrastructure funding, which is financed by government spending, the bulk of federal telecommunication spending could be dedicated to providing rural access, where it is unprofitable for private industry to install infrastructure, and leave the infrastructure costs required in urban areas to private providers who will ultimately reap most of their profits from those markets.

Federal communications commission rules governing telehealth provision in the United States

There are four main requirements for telehealth under the FCC:

  • 1.

    That patients have access to the same quality of care via telehealth as they would in person;

  • 2.

    That telehealth services are provided by qualified providers;

  • 3.

    That telehealth services are HIPAA compliant; and

  • 4.

    That patients have the right to choose whether or not to receive care via telehealth.

While each of these sounds sensible, it is already the case that metrics such as “quality” are sufficiently nebulous as to facilitate for-profit, telehealth only organizations to seemingly satisfy these criteria, without ever having offered patients the option of in-person care, or having objectively audited the quality of care provided versus an accepted benchmark.

Requirements for telehealth

Outside of the pandemic-era waivers requested by the AMA and FSMB to reduce telehealth requirements, there are several key focus areas of state telehealth laws.


Licensing requirements for HCPs can vary between jurisdictions. Broadly speaking, telehealth services in the United States are regulated by state laws and professional licensure boards. Each state has its own regulations governing the provision of telehealth services, and these regulations can vary significantly from state to state. It is not a case of the physician being licensed in the state in which they practice telehealth, but rather, in many cases, the provider must currently adhere to licensing requirements in the state in which the patient is located during the encounter. In general, however, telehealth providers must be licensed in the state in which they are providing services. Some states have enacted laws that specifically address the provision of telehealth services. These laws may exempt telehealth providers from certain licensure requirements, or they may establish specific licensure requirements for telehealth providers. Other states have not enacted specific legislation governing telehealth, but licensure requirements for telehealth providers may be included in general laws governing the practice of medicine or the delivery of healthcare services.

In addition to state licensure requirements, telehealth providers must also comply with federal laws and regulations, including the HIPAA (which is discussed in more detail in the following chapter of this book) and the FCC rules governing the use of telecommunications equipment and services.

Medical malpractice insurance

This depends on the insurer, but expect that it’s less likely and more difficult when care across states is being provided. This is not just suggesting that a physician is caring for patients from a different country, but also considers a patient that is no longer in the country where the medical relationship was established—a patient could be anywhere and seek a medical consult from you online. In such an instance, consider which countries’ laws matter and with which regulatory bodies the practitioner should be registered.

Clinician—patient relationship

The definition of the clinician–patient relationship varies between jurisdictions and now contexts: in person versus telehealth. The physician–patient relationship is defined by some as a professional relationship between a licensed physician and a patient within which the physician provides medical care and services to the patient. Others extend this definition, describing it as a contract between a physician and a patient in which the physician agrees to provide medical care and advice to the patient in exchange for the patient’s agreement to follow the physician’s instructions.

In the context of telehealth though, some jurisdictions require that a relationship be established first by an in-person visit before telehealth sessions can be conducted, while others believe that an effective clinician–patient relationship can be established by leveraging telehealth technology. In other words, in some jurisdictions, patients may never meet their physician in person, yet receive care from them.

Online prescribing

There are strict compliance requirements in place in some jurisdictions for prescribing medications online, with some requiring an in-person visit before certain types of medications can be prescribed. There is a chapter focused on e-prescribing later in this book.

It is also important to note that in the EU, Directive 2011/24/EU ensures the recognition of prescriptions issued in another member state, how to identify the medicine prescribed (where drug designation may vary between states) and how to identify the prescriber. It should be noted that this directive only applies to telemedicine operating beyond national boundaries, where patient and physician are both resident within the EU. When telemedicine operates within national boundaries, this Directive does not apply, since the regulation of healthcare delivery within a state rests with that state.

Informed consent

Some jurisdictions require written informed consent before conducting telehealth services. While this legal requirement is not universal, there are moral and ethical considerations that must be taken into account. Informed consent is the process through which a patient is made aware of the risks, benefits, and alternatives to a proposed treatment and provides their permission to proceed. Informed consent is a cornerstone of ethical healthcare and is necessary to protect the rights of patients. When providing care via telehealth, it is advisable to obtain informed consent from patients prior to providing care. This can be done through the use of a consent form that is signed by the patient or through an electronic process that documents the patient’s consent. There are several reasons why informed consent is even more important when providing care via telehealth. First, patients may be more likely to experience anxiety and feelings of vulnerability when receiving care via telehealth. This is due to the fact that they are not physically present with the provider, and may feel additional anxiety over the use of technology or devices which they do not feel comfortable with or in control of, which can compound a situation where a patient may find it difficult to understand what is happening.

Additionally, and while I am not an advocate for the practice of defensive medicine, informed consent helps to protect providers from liability in the event that something goes wrong during the course of treatment. Informed consent is critical when providing telehealth services. Without it, patients may not be fully aware of the risks and benefits of the treatment and may not be able to make an informed decision about whether or not to proceed with it. Informed consent forms should therefore be clear and concise and should explain the risks and benefits of the treatment in plain language. Patients should be given ample time to read and understand the form before being asked to sign it and should be provided with a copy of the document for their own records.

Reimbursement and telehealth billing and payments

Private payers and Medicaid reimbursement vary significantly between states. Where full reimbursement is available for some, others take a tiered reimbursement approach and have outlined which services are covered and which are not. There are exceptions to all of these general guidelines. For example, the Department of Veteran Affairs (VA) issued a rule in 2018 which allows VA healthcare providers to provide care in any state, regardless of the provider’s and patient’s location.

Challenges existed long before the public health emergency, and some are beyond the reach of the Secretary of HHS and existing legislation. Some of the barriers to telehealth payments related to federal programs and private insurers, while others exist because of payment processors, the digital payment and electronic fund transfer systems and agreements that private industry has imposed on healthcare providers.

CMS payment issues

Since March 30, 2020, under temporary provisions, the CMS, using section 1135 of the Social Security Act, issued a blanket waiver allowing flexible billing provisions for telehealth, which again are for the duration of the public health emergency period. Medicare and Medicaid are the federally administered health coverage plans for older, disabled, and low-income individuals in the United States, which accounts for over 100 million people or almost one in three Americans. These temporary waivers are therefore a huge opportunity for telehealth providers to demonstrate the utility of this technology and telehealth services, so that when the temporary waivers expire, there is an easy win for legislators looking to help reduce the cost of health services in the United States (which now stands at over $4.1 trillion) and help improve health outcomes, a category in which the United States of America ranks last among high-income nations ( ).

Despite the huge opportunity, an issue that has long existed, and that will again offer a barrier to telehealth services if formal legislation does not address them, is that audio-only telehealth services did not satisfy the definition of using interactive telecommunications systems to furnish two-way, real-time audio and video health services, as video services were not offered. This may become less of an issue as patients get greater access to, and become more familiar with, video consult services and operating smart devices and allowing requisite hardware permissions so as to complete a video and audio call.

Requirements for hospitals and critical access hospitals related to telemedicine were waived by CMS along with many other seemingly small pieces of information, which in sum would make meaningful practice near impossible. For example, CMS requires details of home health aides, skilled nursing facilities, inpatient rehabilitation facilities, and long-term care hospitals available to the patient to be disclosed prior to discharge from care from an health facility as well as needing physicians to be physically present to provide medical direction, consultation, or supervision of services for patients. If an institution had not built out such information and infrastructure to facilitate these processes for digital health provision, then they would be unable to provide the service.

Telemedicine coverage and payments for such services vary widely. While public and private tax payers continue to develop formal payment mechanisms for telemedicine services, there are still inconsistencies and these act as barriers to the further spread of telemedicine. Outside of emergency time waivers, Medicare provides payment to physicians and other health professionals for a very limited list of Part B services (Part B incorporates two services: medically necessary services like services and supplies needed to diagnose and treat a medical condition and preventative services including early diagnosis and vaccination efforts, and so incorporates things from durable medical equipment through to outpatient health visits and outpatient prescription drugs). Prior to the temporary emergency procedures to allow nationwide access to telehealth, only payment for some telehealth services was available in 47 of the 50 US states; only 16 states had programs in place to pay for remote patient monitoring. Less than half of US states (23) had laws mandating that private insurers cover what the states deem as telemedicine services with differing definitions ( ).

Payment processing providers

Payment processing providers do not universally provide their services to healthcare clinics. To be clear, many providers of gateway services required to process a payment from a credit or debit card, like you would in a restaurant or supermarket, and who charge a base fee and percentage of the transaction for their services, are not willing to accept physicians or healthcare practices as customers. This will be discussed elsewhere in this book, but briefly, the current behemoths of online and digital payment systems (Stripe, PayPal) specifically exclude health providers as customers, and those that do accept licensed healthcare providers are often compelled by their own providers to charge higher fees sometimes as a result of contract-level agreements and also as a risk premium and to offset the high rate of payment chargebacks, which they state the sector has traditionally received.


In the same way that patient care in a brick-and-mortar practice requires HCPs sharing information and interacting with each other using a common language, vocabulary and set of care standards, telehealth requires the same. Multiple infrastructure components are required to successfully implement telehealth services, including systems that operate using standards of interoperability, compliance, and individuals who have received adequate training to operate them. Often this may require the development and institution of practice protocols. While exact technical infrastructure requirements depend on the type of telemedicine services that one plans to offer, nearly all telemedicine programs require the following:

Internet access

High-speed reliable broadband internet access will minimize provider-side internet glitches and ensure stable and reliable transmission of quality video and audio, helping to facilitate productive consultations. Nobody wants to have their call dropped or have poor audio quality during a consultation. The provider can do little to control connectivity issues of the patient, but bandwidth limitations are becoming less and less of an issue with more widespread availability of high-quality internet service providers. Where wires and cell towers do not reach, there is greater availability of satellite internet providers such as Viasat and Starlink, which are satellite internet providers focused on private consumers, and not just larger corporations, and as such, aim to provide the service at a price point accessible to many, and not just the few.

While internet service providers are keen to advertise maximum and theoretical speeds that their service could provide, they often do not clearly state the realistic speeds obtained, nor the contention ratio. A contention ratio is the number of people sharing a connection at any given time. The higher the contention ratio, the slower the connection will be. Most residential broadband providers have a contention ratio of 50:1, which means that 50 people are sharing the same connection at the same time. This can significantly impact not just the average bandwidth but also the quality of an uploaded and downloaded high-quality, audio and video stream. Generally speaking, business connections provide lower contention ratios, but ultimately, the experience is also reliant on the connection utilized by the patient.

Technical support

The provision of healthcare relies upon the integrity of the tools utilized in its provision. If hardware or software issues arise, it can disable the practice from being able to confidently provide telehealth services. Rapid and robust technical support is required to remediate any issues that may arise and not compromise patient care. This is particularly important during any phase where new staff members may join the practice team and not just during the initial setup and rollout of a telehealth service.

Practices should anticipate not just their own technical support needs, but also those of their patients. Much in the same way as social history is important for caring for all patients, in the era of telehealth, technological factors are too, and should be considered before scheduling a telehealth consult for a patient. These will be discussed in more detail in the patient considerations chapter.

Digital imaging/cameras and microphones

These devices allow providers and patients to see and communicate with each other. While many cameras come with inbuilt microphones, depending on the context of one’s medical practice, dedicated high-quality audio equipment helps reduce patient frustrations and reduce background noise.

Supplemental telehealth technology

While in-person visits to a healthcare provider’s office often include hands-on tasks such as measuring the pulse or blood pressure of a patient, telehealth visits can achieve the same through the use of reliable remote measurements from blood pressure cuffs, two lead electrocardiograms, or digital stethoscopes.


Urologists, in particular, are familiar with the learning curves associated with the adoption of new technologies, devices, and surgical systems. Likewise, the efficiencies promised by telehealth will only be fully realized when providers and patients can use them effectively. Training in telehealth (for both patients and healthcare providers) and the use of patient-friendly systems are essential to achieve this.

Patient requirements

While it may sound obvious, ensuring both the patient and the consultation are suitable for telehealth is essential. People often have preconceptions about technology—thinking it can do things it can’t, or that it’s doing things it isn’t. Ensuring your patient is able and willing to engage with connected devices and be prepared for digital visits is key for successful telehealth care delivery. Preparing patients for telehealth is discussed further later in the book.


Only gold members can continue reading. Log In or Register to continue

Stay updated, free articles. Join our Telegram channel

Mar 12, 2023 | Posted by in UROLOGY | Comments Off on Regulations and requirements for telehealth provision

Full access? Get Clinical Tree

Get Clinical Tree app for offline access