Telehealth is no longer just a backup plan—it's now a central part of how millions of Americans receive care. With each passing year, regulations adapt to meet the needs of both patients and providers in this fast-changing landscape.
In 2025, new telehealth regulatory changes emphasize flexibility, access, and data security, particularly under Medicare and for behavioral health services. Below is your in-depth guide to what’s new, what’s extended, and what it means for your practice or healthcare access.
In a pivotal move, Congress extended several key telehealth flexibilities that originated during the COVID-19 public health emergency. These extensions ensure continuity of care and reduce barriers for millions of Medicare beneficiaries.
Home-Based Telehealth Services: Medicare patients can continue receiving telehealth services from their homes for non-behavioral/mental health care. Importantly, geographic restrictions have been lifted, making this a nationwide option.
FQHCs and RHCs as Distant Site Providers: Federally Qualified Health Centers (FQHCs) and Rural Health Clinics (RHCs) may continue to serve as distant site providers for non-behavioral/mental health services via telehealth.
Audio-Only Telehealth Services: Patients who cannot use video—or choose not to—can still receive services via audio-only calls. Providers must have the technical capacity for video, but patient preference or limitations justify audio-only use.
In-Person Visit Requirements Delayed: For mental health services delivered remotely, the requirement for an in-person consultation has been postponed to January 1, 2026—but only for services through FQHCs and RHCs.
Updated Documentation Requirements: Effective April 1, 2025, providers must adhere to new documentation standards, including:
Attestation of video capability
Patient location at the time of the telehealth session
Justification when audio-only methods are used
These changes offer flexibility while maintaining compliance and patient protection.
The American Medical Association (AMA) introduced 17 new CPT codes for telehealth in 2025 to reflect advancements in virtual care, including expanded support for audio-only interactions. However, Medicare is not fully on board—yet.
New CPT Code Range (98000-98015): These codes include audio-video and audio-only Evaluation and Management (E/M) visits. They offer a more tailored billing solution for different telehealth formats.
Medicare’s Position: Instead of adopting the new CPT codes, Medicare will continue using existing E/M codes (99202-99215) for telehealth, adding relevant modifiers for services delivered remotely.
Audio-Only Eligibility Maintained: Just like in previous years, audio-only telehealth remains reimbursable under Medicare when the patient can’t or won’t use video—provided the provider can support video if needed.
No Geographic Restrictions: Telehealth services under Medicare for non-behavioral/mental conditions can be delivered regardless of the patient’s location, continuing the push toward universal access.
Providers should stay updated on payer-specific code usage to avoid reimbursement issues.
With telehealth deeply embedded in everyday care, data privacy must keep up. The Department of Health and Human Services (HHS) has proposed updates to the HIPAA Privacy Rule aimed at making health data more accessible while reducing provider burden.
Streamlined Patient Data Access: Patients will have faster, easier access to their health records—supporting better continuity of care across different platforms and providers.
Reduced Administrative Burdens: Simplified rules for health data sharing and verification are designed to cut red tape, allowing providers to focus more on patient care than paperwork.
Improved Digital Communication Clarity: The revisions clarify how providers can communicate with patients digitally, including text messages, apps, and telehealth platforms.
These changes ensure HIPAA compliance remains robust in a world where data increasingly flows through smartphones and cloud-based tools.
The Federal Trade Commission (FTC) is stepping in to close loopholes in data protection for health information collected outside of traditional healthcare settings.
Applies to Health Apps and Consumer Platforms: The expanded rule now covers fitness trackers, mobile health apps, wellness platforms, and any digital tool that collects personal health data but is not regulated by HIPAA.
Breach Notification Requirements: These platforms must notify users if their health data is compromised, much like HIPAA-covered entities are required to do.
Accountability for Non-HIPAA Services: This move brings regulatory oversight to direct-to-consumer services that were previously under the radar—ensuring a broader scope of data privacy.
This update is especially relevant in an era when more people are using apps to manage everything from mental health to chronic conditions.
Behavioral health is one of the biggest winners in the telehealth regulatory expansion. Thanks to rising demand and demonstrated effectiveness, several flexibilities are now permanent under Medicare.
Permanent Use of FQHCs/RHCs as Distant Site Providers: These facilities can now permanently offer behavioral health telehealth services as distant site providers, ensuring rural and underserved communities remain covered.
Home-Based Behavioral Telehealth Services: Behavioral health care can be delivered at home without geographic limitations, improving access for vulnerable or isolated patients.
Audio-Only Communication Approved Permanently: Some patients prefer or require voice-only contact. The law now recognizes audio-only sessions as a viable long-term delivery format for behavioral telehealth.
Expanded Provider Eligibility: Marriage and family therapists (MFTs) and mental health counselors (MHCs) are now eligible Medicare providers for telehealth mental health care—permanently.
In-Person Requirements Postponed: The usual mandate for an in-person visit within six months of initiating behavioral telehealth has been suspended through September 30, 2025.
These updates offer lasting support for the mental health needs of a growing and increasingly remote population.
While federal updates often grab headlines, state regulations play a crucial role in how telehealth services are delivered—and reimbursed. In 2025, several states are moving to make pandemic-era waivers permanent, particularly regarding cross-state practice and provider licensure.
Interstate Licensure Compacts: Many states have joined or expanded participation in licensure compacts like the Interstate Medical Licensure Compact (IMLC) and the Psychology Interjurisdictional Compact (PSYPACT). These compacts streamline the process for healthcare providers to offer services across state lines.
Permanent Waivers for Telehealth Practice: Some states have passed legislation to permanently allow out-of-state telehealth services, provided that providers register or meet specific compliance criteria.
Standardized Consent and Privacy Laws: States are also working toward harmonizing privacy and consent regulations with federal standards, easing the administrative load on providers delivering multi-state telehealth.
This evolving patchwork of state laws means providers must stay vigilant, but the overall trend leans toward more flexibility and access for patients.
One of the critical lessons of the past few years has been the unequal access to telehealth based on geography, income, and digital literacy. In 2025, regulators and health systems are making a concentrated push to improve telehealth equity.
Federal Grants for Broadband Expansion: The FCC and HHS are continuing to invest in rural broadband infrastructure, aiming to reduce connectivity gaps that have historically limited rural and low-income patient access.
Device Accessibility Programs: Several non-profit and public sector initiatives now provide tablets and mobile devices to low-income patients, especially seniors and veterans, to ensure they can participate in telehealth.
Language and Disability Support: New regulations now require or recommend that telehealth platforms offer multilingual support, captioning, and screen-reader compatibility to meet ADA standards and improve care for non-English speakers.
Reimbursement Parity for Safety-Net Providers: Medicaid and Medicare are expanding reimbursement rates for community health centers and public hospitals that primarily serve underprivileged populations.
With these steps, telehealth is becoming more inclusive and patient-centered, reducing the digital divide in healthcare.
Beyond Medicare and Medicaid, private insurers are also revising their policies in 2025 to reflect permanent telehealth integration into healthcare delivery models.
Parity Laws in More States: Over 30 states now require insurers to reimburse telehealth services at the same rate as in-person visits, leveling the playing field for providers.
Expanded Coverage for Mental Health and Substance Abuse: Mental health parity laws have prompted insurers to include comprehensive tele-behavioral health services, even for audio-only care.
Coverage for Remote Monitoring and Chronic Care: Many private payers have introduced reimbursement for Remote Patient Monitoring (RPM) and Chronic Care Management (CCM) through digital platforms, reflecting a shift toward value-based care models.
Policy Portals and Transparency Requirements: New mandates require insurers to publish clear, online guidelines about what telehealth services are covered, helping both patients and providers avoid billing surprises.
These reimbursement changes are helping telehealth solidify its place as a core component of modern care delivery—not just a temporary workaround.
Technology is the foundation of telehealth, but with it comes the challenge of maintaining HIPAA compliance, cybersecurity, and platform interoperability.
End-to-End Encryption Mandates: All telehealth communications must use end-to-end encryption, and platforms must meet NIST security standards to be used by Medicare and many private payers.
Platform Certification: Telehealth vendors are now seeking certifications and audits to verify compliance with security and privacy standards, especially when partnering with larger health systems.
Patient Consent and Record Retention: Updated guidance requires explicit patient consent documentation and secure record retention protocols, especially for asynchronous communications like video messages or app check-ins.
AI Integration Oversight: The rise of AI-driven diagnostics and symptom-checkers in telehealth platforms is prompting regulators to enforce disclosure and transparency rules so patients know when AI is involved in their care.
These updates aim to protect patient information while fostering trust in telehealth tools and services.
While 2025 brings major regulatory stability to telehealth, it’s far from the final word. The future is likely to bring more integrated, intelligent, and automated care.
Virtual-First Health Plans: Insurers are piloting “virtual-first” health plans, where primary care starts online, and patients are referred to in-person care only when necessary.
AI and Remote Diagnostics: Tools like AI-enhanced stethoscopes, smart wearables, and remote lab diagnostics are entering mainstream use, making virtual exams more accurate and actionable.
Interoperability Initiatives: Continued efforts are underway to connect EHR systems with telehealth platforms, giving providers full patient visibility, even in remote settings.
Global Regulatory Alignment: International regulatory bodies are beginning to align standards, potentially enabling cross-border telehealth for niche specialties and consultations.
The message is clear: telehealth is no longer a secondary option—it’s becoming a primary mode of care, and the regulatory environment is finally catching up.
Telehealth is no longer a temporary fix—it’s a permanent fixture in healthcare delivery. The regulatory updates in 2025 show a strong commitment to innovation, patient access, and safety. From Medicare flexibility and behavioral health support to HIPAA modernization and FTC data protection rules, the framework is clearly shifting toward a more connected, inclusive, and secure telehealth ecosystem.
Whether you’re a provider navigating new CPT codes and compliance requirements, or a patient trying to understand your rights and access, these updates matter. They represent the next phase of digital care—one that's more personalized, accessible, and effective than ever before.
But the journey isn’t over. Policymakers, payers, providers, and tech developers must continue collaborating to close the gaps in access, digital literacy, and data interoperability. Only then can telehealth truly reach its full potential and serve as a pillar of 21st-century healthcare.
Stay informed. Stay compliant. And most importantly—stay connected.
Many of the current flexibilities are extended through September 30, 2025, and some behavioral health services have permanent coverage. More permanent changes may be introduced depending on how telehealth is utilized and evaluated during this period.
Yes. Both Medicare and many private payers allow audio-only visits, especially for behavioral health services and when patients cannot use video due to technological or personal limitations.
Providers must now include specific details like video capability attestations, patient location, and audio-only service justification in their documentation, effective April 1, 2025.
Yes. Marriage and family therapists (MFTs) and mental health counselors (MHCs) can now permanently serve as distant site telehealth providers under Medicare.
Stricter rules from the FTC and updates to HIPAA mean both healthcare providers and health apps must follow tighter data protection and breach notification standards—even if they're not covered by HIPAA.