Telehealth Update

Published on:

Since shortly after the technology was first invented, physicians have been using telecommunications to facilitate the practice of medicine.  Physicians in the Netherlands were able to transmit heart rhythms by telephone in the early 1900’s; by the 1940’s telephone lines were used to transmit radiographic images.  There were even early predictions of videoconferencing in medicine; the cover art on the April 1924 issue of Radio News depicted a future “Radio Doctor” interacting with his patient from the comfort of the family living room, through a radio equipped with a live screen. 

In the 1960’s, NASA developed several methods of remote monitoring of biometric information as part of Project Mercury.  Since then, telehealth has expanded considerably.  Now, the global telehealth market is projected to grow from $38 billion to over $130 billion by 2025. 


Telehealth vs. Telemedicine 

The terms “telehealth” and “telemedicine” have often been used interchangeably, but they actually have different meanings.  According to the National Telehealth Policy Resource Center, telehealth is defined as “the use of electronic information and telecommunications technologies to support distance clinical health care, patient and professional health-related education, public health and health administration.”  While there is some variation in how different states and regulatory bodies define the communication technologies that fall under telehealth, the definition typically does not include using telephone conversations alone to provide care. 

While the term telehealth encompasses the entirety of medical monitoring and care using telecommunications technology, the term telemedicine refers more specifically to the diagnosis and treatment of illness using telehealth technology. 

There are three main types of telehealth technology: 

Synchronous- Also referred to as “real-time” technology, this type of telehealth includes video conferencing used for real-time interactions between providers and patients to facilitate evaluations, and between providers to discuss patient care.  Videoconferencing is increasingly used to remotely interact with patients in areas such as Psychiatry, primary care, urgent care, and specialty consultations.     

Asynchronous- Also called “store-and-forward,” asynchronous technology involves the electronic capture of information at a remote patient site which is later analyzed and evaluated by a provider at another site.  Radiology and Dermatology are frequent settings in which this type of technology is used to facilitate patient care. 

Remote Patient Monitoring- Electronic devices communicate patient health information to clinicians for the purpose of remote patient monitoring.  Mobile health (mHealth) technologies are rapidly expanding. Mobile internet-based communication devices, such as smart phones and tablets, are being used to provide services and transmit protected health information.  

Hybrid Technology- Some remote patient care involves multiple types of telehealth technology or incorporates aspects of multiple types of technology.  One example is remote surgery through the Da Vinci robotic surgery system, which incorporates live video and remote monitoring to allow surgeons to direct control a robotic surgery device from remote locations.  


Barriers to Telehealth 

While the barriers to telehealth are decreasing with time, there are several issues providers should consider before determining whether they can proceed with treating patients through telehealth technology. 



All states require healthcare providers to be licensed to practice medicine in the state in which a patient resides, or is physically present at the time they receive care.  Therefore, any physician who wishes to provide telehealth services outside the state in which they are licensed should contact the medical board in the state in which they intend to provide care.  In many states, physicians must separately apply for and obtain a full, unrestricted medical license before treating any patients.  

However, there are some exceptions.  Currently, 29 states have adopted the Interstate Medical Licensure Compact (IMLC) through the Federation of State Medical Boards.  Developed in 2014 to increase access to health care for patients in underserved or rural areas through telemedicine, the IMLC offers expedited pathways to full, unrestricted licensure in multiple states.  Medical boards in member states agree to follow an established application process, based on licensure information from a physician’s state of principal license (SPL) with updated background check.  The IMLC also provides for the enhanced sharing of investigative and disciplinary information between IMLC states. 

Additionally, 9 states allow for the provision of special licenses or certificates that allow restricted practice through telehealth.  Other states have laws that don’t specifically address telehealth and/or telemedicine licensing, but make allowances for practicing in contiguous states, or in certain situations where a temporary license might be issued provided the state’s licensing conditions are met. 

Importantly, some states allow an out-of-state physician to consult with a “controlling provider” (i.e., the physician who is managing a patient’s care) who is located and fully licensed in the patient’s home state, without having to obtain a medical license in that state.  Physicians should investigate whether the state in which a patient is located allows for these types of consultations without a state license.   



Medicare- Medicare  reimburses for telehealth services only under specific circumstances, when each of the following requirements are met:  

1. The Medicare beneficiary receives the telemedicine service at an acceptable “originating site” (physical location of the patient) located either in a rural Health Professional Shortage Area (HPSA), or outside a Metropolitan Statistical Area (MSA).  In 2019 CMS added exceptions to this geographical requirement for the treatment of acute stroke, end-stage renal disease, substance use disorder, and co-occurring mental health conditions.

The originating site must be one of the following: 

  • Provider’s office 
  • Hospital 
  • Critical access hospital 
  • Rural health clinic 
  • A federally qualified health center
  • Hospital-based renal dialysis center
  • Skilled nursing facility 
  • Community mental health center  

Of note, under Medicare, the originating site cannot be a patient’s home.   

 2.  An “approved telemedicine modality” is used.  Medicare reimburses only for face-to-face encounters through videoconferencing.  With the exception of special federal demonstration programs in Alaska and Hawaii, Medicare does not cover store-and-forward or asynchronous applications.  Medicare also does not reimburse for telemedicine services provided via fax, email or telephone. 

3. An approved service and appropriate billing code are used.  Approved services consist of: 

  • Initial and follow-up inpatient telehealth consultations 
  • Office or other outpatient visits 
  • Individual psychotherapy 
  • Medication management 
  • Psychiatric diagnostic interview examination 
  • End-stage renal disease-related services 
  • Individual medical nutrition therapy
  •  Neurobehavioral status examination 
  • Individual health and behavior assessment and intervention 

4. An “approved healthcare provider” delivers the telemedicine service at the distant site.  Physicians, nurse practitioners, physician assistants, nurse midwives, clinical nurse specialists, clinical psychologists, clinical social workers, and registered dietitians or nutritionists are considered to be approved healthcare providers.  

Medicaid- CMS allows individual states to establish their own policies regarding reimbursement for telehealth services under state Medicaid programs.  Currently, programs in all 50 states reimburse for live videoconferencing encounters, although there are varying restrictions on the type of provider, originating site, or services that are covered.  Only 11 states allow for reimbursement of asynchronous telehealth; 20 states reimburse for remote patient monitoring, with some restrictions. 

Private Insurance- 40 states have enacted telehealth parity laws that require private insurers to cover any telehealth services which they also cover for in-person visits, as long as the applicable standard of care is met through telehealth.  However, many of those laws do not specify the rates at which telehealth services are reimbursed, and some insurers have been able to offer lower reimbursement rates than for equivalent in-person services.   


Litigation Venue and Malpractice Coverage:   

 When a patient pursues a formal medical malpractice claim, state laws typically require a lawsuit to be filed in an appropriate court venue based on the location of the incident or any of the involved parties.  When claims arise from telehealth and the parties are located in different states, the laws of those states may not directly address proper venue; and this issue is largely untested in state courts.   

Typically, an out-of-state claimant would file a lawsuit in their state of residence.  This raises the issue of providers facing an out-of-state lawsuit.  Due to often significant differences in the laws that affect how malpractice cases proceed and the damages that can be awarded, physicians can face vastly different liability exposure depending on the state in which they are sued.  For example, California limits general damages (i.e. “pain and suffering”) awards in medical malpractice cases to $250,000 per plaintiff; in other states such as New York, juries can award unlimited general damages that can escalate to millions of dollars. 

Additionally, malpractice insurers often restrict coverage to physicians who only practice within the states in which they are hold a full, unrestricted medical license (see above) and furthermore, coverage may be also be limited to states in which the insurer is licensed to provide insurance and in which the insurer is equipped to defend claims. 

For these reasons, MIEC restricts coverage to practice within the scope of licensure, including the state in which the provider is licensed.  MIEC also requires providers who plan to offer telehealth services to obtain prior approval of coverage from Underwriting. 



State and federal laws and regulations, such as HIPAA/HITECH, continue to mandate that covered entities ensure the confidentiality and privacy of protected health information (PHI).  Telehealth capabilities enable timely physician/patient encounters via video conferencing, and access to data by store-and-forward methods, email and texts between providers and/or doctors and their patients, etc.  However, physicians must ensure that telemedicine encounters are protected as readily as maintaining PHI in electronic medical records or paper charts. Consider a few examples: 

 1) Using unencrypted video conferencing software is not being HIPAA-compliant, because unauthorized individuals can potentially view the data generated during such an encounter.  Providers should choose platforms that advertise themselves as HIPAA-compliant and who offer a signed HIPAA Business Associate Agreement to address confidentiality issues.  However, it should be noted that providers cannot simply rely on products advertised as “HIPAA-compliant;” they must independently verify that platforms meet current encryption standards and other compliance requirements under HIPAA.  For more information about compliant videoconferencing platforms, visit 

2) Providers should refrain from accessing or reviewing store-and-forward data on their laptops or smartphones over public wireless networks and/or in public locations, unless they do so through a virtual private network (VPN) and in such a manner that others cannot view PHI directly on the device.  Ideally, all telehealth activities should be carried out in private locations and over private networks. 

3) Providers are strongly encouraged to ensure that their computer software systems, particularly for data storage and transmission of PHI, meet all HIPAA/HITECH standards.  For example, some of the Microsoft or Google services may not be fully HIPAA-compliant, although those technologies are becoming more secure.  At a minimum, healthcare providers should obtain written assurance from the manufacturer or its representative that these products are HIPAA/HITECH compliant. 


Prescribing Medications 

 Many states require the establishment of a physician-patient relationship through some form of “face-to-face” or “in-person” evaluation to demonstrate a medical indication before prescribing medications to a patient.  However, there are differences between states in terms of how such an evaluation can be accomplished (such as through video conferencing, for example). 

California requires a “good faith” examination but allows the exam to be conducted through videoconferencing.  In Alaska, it is considered “unprofessional conduct” for physicians to prescribe medications based solely upon a patient-supplied history received via telephone, fax or email.  Hawaii and Idaho require the establishment of a physician-patient relationship, and also consider it inappropriate (less than the standard of care) to rely solely upon an online questionnaire to determine a legitimate medical purpose for a requested prescription.  

Importantly, the above requirements do not apply to the prescription of controlled substances.  The Ryan Haight Act (2008) is a federal law that requires a face-to-face evaluation, conducted in person, before prescribing a Schedule II-IV controlled substance.  Therefore, providers who prescribe controlled substances through telehealth must physically evaluate each patient prior to proceeding with the telehealth treatment relationship. 

Of note, the SUPPORT for Patients and Communities Act was recently signed into law; this law will require the DEA to establish a special registration process to allow telehealth providers to prescribe controlled substances without the need for an in-person examination. 



As physicians continue to expand patient access to health care via telehealth, MIEC recommends the following to ensure regulatory compliance, maximize patient safety, and reduce risk:   

  • For out-of-state patients, contact licensing boards in the states where patients are located and learn their licensing requirements. 
  • Be familiar with state laws as they apply to telemedicine (i.e. definition, accepted modalities, sites, prescribing, etc.). 
  • Be knowledgeable about Medicare/Medicaid and private payer reimbursement policies to ensure payment for telehealth services. 
  • Notify MIEC in writing before proceeding with telehealth activities. 
  • Develop protocol for what clinical scenarios and patients can be managed using telemedicine. 
  • Develop protocol for requiring in-person evaluation. 
  • Obtain and document informed consent for telemedicine treatment, develop patient expectations. 
  • Asynchronous technology- obtain and review supportive clinical information to assist in assessment. 
  • Carefully document all patient encounters. 
  • Ensure confidentiality of protected health information (PHI). 
  • Promote patient safety and reduce your liability when providing patient care via telehealth, including:

• Obtain a detailed medical history, conduct a good faith examination, develop an impression and plan before prescribing medications, ordering diagnostic tests, or referring patients to specialists.
• Specialists who use “store and forward” technology: Obtain and review meaningful clinical information to assist you in your evaluation and ultimate interpretation.
• Maintain quality documentation to memorialize patient encounters.
• Ensure confidentiality of PHI.
• Obtain informed consent when required by law, and document the discussion.
• Develop follow-up systems to manage prescribed medications, to review ordered diagnostic tests and consultation reports, and to ensure proper patient care.