Sign in

Telehealth regulations in a post-pandemic world

United States telehealth policy timeline

Last updated: October 11, 2023
Originally published: August 7, 2023

The US government made telehealth more accessible during the pandemic by relaxing certain regulations. Some of these telehealth flexibilities are here to stay, while others are slowly being phased out. In this article, we cover recent and upcoming changes to US telehealth policy. Let’s start with a quick timeline. 

=Telehealth policy timeline from 2022 to 2024
Telehealth policy timeline from 2022 to 2024

Overview of telehealth policies

Read on to learn the significance of each timeline event. 

Consolidated Appropriations Act of 2023 

Effective as of December 29, 2022
Extended through December 31, 2024

Significance: Medicare patients have telehealth flexibilities that may set the stage for all patient care going forward. 

In December 2022, President Biden signed the Consolidated Appropriations Act (CAA) of 2023 into law, which extended many telehealth flexibilities for people with Medicare until December 31, 2024, including:

  • Telehealth care does not have any geographic restrictions (it’s not reserved only for residents of rural areas)
  • Medicare patients can take telehealth calls from their home
  • Phone calls or other audio-only visits can, under certain circumstances, be accepted as telehealth visits under Medicare

Learn more about the Consolidated Appropriations Act of 2023.

DEA extended telehealth flexibilities for controlled medications

Effective as of May 11, 2023
Extended through December 31, 2024

Significance: Providers can continue prescribing some controlled medications over telemedicine. 

Two days before the end of the public health emergency, the Drug Enforcement Administration (DEA) and the Substance Abuse and Mental Health Services Administration (SAMHSA) announced they were extending all COVID-19 telemedicine flexibilities for six months.

However, after receiving over 38,000 comments to their proposed rule and two days of public listening sessions, the DEA, as of October 10, 2023, has extended prescribing flexibilities through December 31, 2024.

Because of the DEA’s second extension, providers can continue to prescribe certain controlled medications, without an in-person visit, until December 31, 2024. Without this update, the telemedicine flexibilities for treating patients without an established provider-patient relationship would have expired on November 11, 2023. The DEA expects to establish a final set of permanent rules by the fall of 2024.

State laws and regulations may continue to change, so, as always, be aware of your state’s local policies.

Learn more about telemedicine flexibilities.

End of federal public health emergency (PHE) 

Ended on May 11, 2023

Significance: Many healthcare flexibilities put in place during the pandemic have come to an end or are being re-evaluated. 

Some telehealth flexibilities for Medicare recipients became permanent on May 11, 2023, while others were extended until December 31, 2024. There were also other changes to telehealth policy, coding, and payments (see this article from the American Medical Association for more information). 

Flexibilities around providing care across state lines have also come to an end. However, individual states may have their own flexibilities.

Learn more about telehealth flexibilities going forward.

CONNECT Act re-introduced

Re-introduced on June 15, 2023

Significance: Many patients depend on telehealth, and this act is one example of the potential for an increase in telehealth access. 

A bi-partisan group of US senators reintroduced the Creating Opportunities Now for Necessary and Effective Care Technologies (CONNECT) for Health Act to increase access to telehealth for people with Medicare. If signed into law, the CONNECT Act would:

  • Remove geographic requirements for telehealth services
  • Permanently allow health centers and rural clinics to provide telehealth services
  • Remove in-person visit requirements for telemental health services
  • Make other pandemic-era telehealth flexibilities permanent 

Learn more about the CONNECT Act 2023. 

CMS proposed changes to the Physician Fee Schedule (PFS)

Proposed on July 13, 2023
Taking comments through September 11, 2023

Significance: If approved, these changes would improve telehealth reimbursement rates, as required by the Consolidated Appropriations Act of 2023.  

Some of the key proposed changes involve: 

  1. Increasing telehealth payments rates
  2. Improving telehealth access through 2024
  3. Allowing some health centers and clinics to bill separately for remote health services
  4. Adding health and well-being coaching services to Medicare’s telehealth services (temporarily) and to the Social Determinants of Health Risk Assessments (permanently)

Learn more about the proposed PFS.

Return to HIPAA-compliant telehealth practices

Active as of May 11, 2023
Enforcement starts August 10, 2023

Significance: Providers must use HIPAA-compliant telehealth platforms.

Before the pandemic, US law required that telehealth providers use telecommunications tools that followed the guidelines set by the Health Insurance Portability and Accountability Act (HIPAA). During the federal public health emergency, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) did not actively enforce this requirement, effectively allowing telehealth providers to use a variety of non-HIPAA-compliant telecommunications tools. 

OCR gave telehealth providers a 90-day grace period after the end of the public health emergency to comply with HIPAA rules. The grace period ends on August 10, 2023. At this point, the federal government will start imposing penalties for certain HIPAA violations. 

Compare HIPAA-compliant telehealth platforms.

HIPAA compliance and telehealth

HIPAA is a healthcare standard meant to protect patient health information. Moving forward, telehealth calls must be made on HIPAA-compliant software. This will be enforced starting on August 10, 2023.

HIPAA-compliant software means that it follows certain cyber security guidelines that are unique to healthcare. Some of these guidelines include having a business associate agreement (BAA), encrypted messages, and secure cloud storage.

In addition, you also need to follow HIPAA guidelines when working with patients. Here are a few ways you can do that:

  • Patient calls should never be taken in a public place 
  • Patient identity must be verified at the start of a virtual visit
  • Messages sent to patients need to be encrypted and secure
  • You can not share login credentials to any software that contains protected health information (PHI)
  • Staff must receive HIPAA training

Check out our blog to learn more about how you can stay HIPAA compliant as a telehealth provider. 

Telehealth security is more than HIPAA compliance

If you provide any sort of virtual care for patients, it’s important to remember that HIPAA compliance is a starting point when it comes to security. A patient’s PHI is worth a lot–—making it a prime target for cyber attacks. A secure, HIPAA-compliant platform keeps PHI secure as long as it is within the platform. You, as a provider, are responsible for any data that gets shared outside of those platforms. 

Here are a few security concerns you want to keep in mind: 

VPNs are not impenetrable 

A virtual private network (VPN) makes it difficult to trace your internet usage. They can be especially beneficial when using a public network. However, there is still a chance that your information can be traced back to you. 

While it is fine to use a VPN, you still want to use a private Wi-Fi network (for example, don’t access PHI while on Starbuck’s Wi-Fi). Also, don’t download PHI to your desktop, since that can be hacked.

Not all passwords are created equal

Use best practices when creating passwords. Here are a few tips:

  • Use unique passwords for different sites (using a password manager can be helpful)
  • Keep your passwords long (around 14-16 characters)
  • Change passwords regularly (about every three months)
  • Never share passwords, even with co-workers
  • Use multi-factor authentication (MFA) (this includes authenticator apps

These are just a few things to keep in mind when dealing with PHI. Stay up-to-date on cyber security to ensure that your patients’ information is secure. 

Navigating payments

Private insurance will vary by each patient’s plan. Because there is so much variability regarding telehealth coverage, it can be extremely confusing for both you—and your patients. 

💡 Tip: payments can be made in many ways

Conventional forms of healthcare payment don’t always accommodate telehealth. These include fee-for-service (FFS) models that require providers to submit a claim before they are reimbursed. Not only does this create a delay in receiving payment, but oftentimes, FFS methods reimburse providers at lower rates for telehealth. 

However, there are innovative forms of payment that are gaining popularity. Here are a few of them: 

Capitation payment model

This is a way of paying providers so that they receive a set amount of money to cover the costs of healthcare services for a patient over a specific period of time. With an agreed upon contract between the insurer and the provider, this model is commonly used by private health insurance companies such as Aetna, Cigna, and United Healthcare. The capitation payment model was established to lower healthcare costs by basis rates on local costs and average utilization rates of services. 

Accountable Care Organizations (ACOs) 

There are many variations of ACOs (many most commonly work with Medicare), but the model generally aligns the payer and clinician under the same organization and ties reimbursements to healthcare outcomes. ACOs do this by using a bundled payment model, which groups all services rendered into a specific episode of care. For example, a bundled payment for knee replacement surgery would cover preoperative consultations, the surgery itself, post-operative care, and rehabilitation. 

Typically, ACOs are designed to minimize care costs, invest more resources in preventive care, use evidence-based disease management, and ensure efficient care coordination. Kaiser Permanente, Intermountain, and Geisinger have been doing this for years and are consistently cited as examples of how to provide high-quality care at below-average cost. 

Health Maintenance Organizations (HMOs)

HMOs have their own network of providers, hospitals, and health systems that have agreed to accept fixed prepaid premiums for services. This allows HMOs to keep stabilize costs, and in some cases, minimize them. 

By working on agreed-upon payment levels with a specific network of providers, HMOs have the potential to be an affordable option for patients seeking basic medical or preventative care. But the drawback to HMOs is that they do not cover healthcare from out-of-network care providers.

💡 Tip: HMOs come in all shapes and sizes 


Government and private insurers have both recently struggled financially with the pandemic, which has increased the already high costs of care.

Due to rising healthcare costs, and increasingly higher health insurance premiums, more and more patients are paying out-of-pocket. As a result, many people are using health savings accounts (HSAs) and/or electing higher deductible insurance plans with lower premiums. These plans are designed for emergencies and major surgeries—leaving many people paying for basic medical or preventative care in cash and credit. 

This is why in some cases, telehealth can be a cheaper non-emergency solution for self-paying patients (as well as a profitable reimbursement option for providers). Between convenience, speed, and cost savings, telehealth is growing in usage among patients in rural, suburban, and metropolitan areas across the country. 

Generally speaking though, whether you’re working with private insurance companies, ACOs, HMOs, Medicare (in most cases), Medicaid, or self-paying patients, reimbursement rates for telehealth can be potentially lucrative for providers. These stable reimbursement rates are helped by three factors: lower cost to the provider in offering care services, emergency legislation passed during COVID, and the fact that most states have what’s called coverage parity regulations

Coverage parity laws require health insurers to pay providers for telehealth visits the same way they would for in-person visits. For example, if a patient has a telehealth follow-up visit with their provider to check about how a medication is working, that visit is treated the same as an in-person visit in terms of reimbursement. Some states even have payment parity laws that require health insurers to pay providers the same reimbursement for telehealth and in-person visits.

Telehealth can be more profitable for another reason: more visits. For instance, in coverage parity states, even though telehealth visits may be reimbursed at a lower rate than in-person visits, a provider can have more telehealth visits.

With so many payment options for providers, especially with regards to using telehealth, you need to stay on top of all industry updates. 

Practicing across state lines

During the pandemic, individual states had waivers allowing providers to serve patients across state lines. This has been especially beneficial for patients living in rural areas who have limited healthcare options.

💡 Tip: consider an interstate licensing compact

Compacts give you licensure in multiple states—making it easier to continue serving your patients. You can also build your practice by serving patients in rural areas.

Learn more about specific compacts below. 

Physician and EMS compacts:

Nursing compacts:

Rehabilitation therapy compacts:

Mental health provider compacts:

Learn more about licensure compacts or explore this interactive map. 

Telehealth is here to stay

Patients are increasingly concerned about how their health information is being used. You may need to be prepared to answer occasional questions around how secure your telehealth platform is and how you practice cyber security. 

Still, this concern does not mean that patients aren’t interested in telehealth. Patients are asking these questions because they want a convenient and more accessible way to get healthcare. 

Telehealth policy will continue to change and evolve, but the reality remains that telehealth is here to stay. For providers and patients alike, telehealth is moving healthcare forward. It is has a host of benefits, and it’s here to stay. Here are a couple of good examples showing how telehealth has transformed healthcare delivery.

Providers are experiencing a better work-life balance

Burnout is common among healthcare professionals. Telehealth gives providers a greater level of flexibility, which can help improve overall work-life satisfaction. 

Plus, telehealth visits can save time. Here are a few ways it does that:  

  • A provider can often see more patients over telehealth than they can in person
  • There’s no commute 
  • Many providers spend less time entering patient notes since they’re already on their computers during a call

Because telehealth makes it easy to have more regular check-ins with patients, many providers also feel more effective at their job when using telehealth.  

It is important to remember that telehealth visits generally have a lower no-show rate. Providers should keep this in mind so that they do not overbook themselves. 

Health equity is improving

Many patients love telehealth. For some, it’s a matter of convenience. For others, it’s a matter of whether they can access care at all. 

For those with limited transportation, time, or mobility, telehealth makes healthcare more accessible. Here are a few studies showing how telehealth has improved healthcare equity: 

While policies may take time to catch up, it is still feasible to offer secure telehealth services now. 

See more research on the impact of telehealth

For providers and patients alike, telehealth is moving healthcare forward. It is has a host of benefits, and it’s here to stay. While policies may take time to catch up, it is still feasible to offer secure telehealth services now.

Telehealth policy resources

If you have specific questions about how the end of the PHE will continue to affect your practice, we recommend that you head straight to the source for up-to-date answers. 

Here are a few sites that take a closer look at the following topics: 

For further information, check with your licensing and credentialing boards. They will have answers to questions related to your specialty. 

Use HIPAA-compliant software (for free)

Moving forward, following HIPAA is a must. Use a secure video calling platform, ideally one created for healthcare providers. 

Want to use one of the leading HIPAA-compliant telehealth platforms? Try Pro (on us) for 30 days—and learn why 1.2 million providers rely on Sign up for a Free account, then use the code blog to upgrade to a Professional plan. 

Note: This article may not have the most up-to-date information on telehealth regulations and is not intended to serve as legal advice. Please consult a legal professional on how telehealth policy may impact you.