Legal & Regulatory


Telehealth Legal and Regulatory Module
Developed by: The Center for Connected Health Policy

Telehealth raises a number of legal concerns, especially regarding cross-state practice and reimbursement. This module addresses many of the legal and regulatory issues affecting telehealth. This module is not intended to be a comprehensive analysis of the legal issues nor legal advice, but to highlight some of the more prominent legal issues that arise when using telemedicine technologies. For information related to reimbursement, please see the reimbursement module.

An attorney can help to determine whether or not a certain situation violates the law.

View each section of this module by topic, at right »

Toolbox Module

Cross-State Licensure

Licensure authority defines who has the legal responsibility to grant a health professional the permission to practice their profession. Historically, under Article X of the U.S. Constitution, states have the authority to regulate activities that affect the health, safety, and welfare of their citizens including the practice of healing arts within their borders. Laws governing individual health care providers are enacted through state legislative action, with authority to implement the practice acts delegated to the respective state licensing board.

Toolbox Module

Privacy, Confidentiality and Security

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 (Pub. L 104-191). Congress sought to streamline electronic health record systems while protecting patients, improving health care efficiency, and reducing fraud and abuse. The HIPAA Administrative Simplification provisions required the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers.

Toolbox Module

Medical Malpractice and Liability

Medical malpractice is a deviation from the accepted standards of practice in the medical community and causes injury or death to a patient for whom the physician has a duty of care. Medical liability is generally governed by State law. Standards and regulations for medical malpractice vary by State. Medical professionals are required to maintain professional liability insurance to offset the risk and costs of lawsuits based on medical malpractice.

Toolbox Module

Credentialing and Privileging

Credentialing is the process used by health care organizations to obtain, verify, assess and validate previous experience and qualifications.  Privileging is the process used by organizations, after review of credentials, to grant authorization for a practitioner to provide a specific scope of patient care services.

Toolbox Module

Telehealth and Prescribing

The use of telehealth to prescribe is impacted by laws and regulations on both the federal and state levels. Federal policy impacts the prescribing of controlled substances.  

Toolbox Module

Informed Consent Laws

Although it is not required by federal law, some states require some sort of informed consent from the patient before a provider can use telehealth.  This requirement is sometimes required in statute, regulation and/or state Medicaid policies.  In telehealth, informed consent is used to explain what telehealth is, and lay out the expected benefits and possible risks associated with it to a patient.  It can take the form of a written form which needs to be signed by the patient and/or oral acknowledgement that is noted in the patient’s record.

Toolbox Module

Federal Communications Commission and Telehealth

The Federal Communications Commission (FCC) regulates devices that utilize electromagnetic spectrum, or broadcast devices.  They regulate devices as a communications device, not as a medical device.  With potential overlapping jurisdictions, the FCC and FDA entered into a Memorandum of Understanding, where they would collaborate with each other within the areas of their respective agencies.  

Toolbox Module

Food and Drug Administration and State Regulations

The U.S. Federal Food and Drug Administration (FDA) plays a critical regulatory role in ensuring the safety and effectiveness of telemedicine medical devices and software with the Center for Devices and Radiological Health (CDRH) acting as lead agency. The CDRH is responsible for ensuring the safety and effectiveness of the medical devices used in telemedicine systems. Its principal areas of responsibility are: premarket review, post market surveillance, quality systems, standards, and science relating to telemedicine.

Toolbox Module

Federal Trade Commission

FTC and Professional Licensure Boards

The Federal Trade Commission (FTC) protects consumers from unfair or deceptive acts or practices as well as false or misleading claims. The FTC has taken several actions in recent years that indicates their increased interest in the manner in which telehealth is being regulated at the state level.

Toolbox Module


Anti-trust laws prohibit anticompetitive behavior and price fixing. Antitrust laws seek to promote fair competition on the merits and to protect consumers and businesses from anti-competitive business practices. Antitrust policy in the United States is based on the proposition that competition among companies results in lower prices, better products, and greater consumer choice. These laws seek to promote such competition by preserving the ability of consumers to take their business elsewhere when a particular company does not meet their desires.

Toolbox Module

The Electronic Health Record (EHR)

An Electronic Health Record (EHR) is an electronic version of a patient’s medical history.  The EHR may include demographics, progress notes, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports.   The EHR automates access to information and has the potential to streamline the clinician’s workflow.  The EHR also has the ability to support other care-related activities directly or indirectly through various interfaces, including evidence-based decision support, quality management and outcomes reporting.

Toolbox Module

Federal Fraud and Abuse: Anti-Kickback Statute

Understanding Anti-Kickback Laws and how they relate to Telehealth

The Federal Anti-Kickback Statute is designed to protect patients and federal health care programs from fraud and abuse by inhibiting the use of money to influence health care decisions. The law plainly states that anyone who knowingly and willfully accepts or offers remuneration of any sort and in any manner intended to influence the referral of Medicare and Medicaid services can be held accountable for a felony.  

Toolbox Module

Federal Fraud and Abuse: Stark Law

The Federal Physician Self-Referral Law, commonly known as the Stark Law, prohibits a physician (or an immediate family member of such physician) from referring Medicare patients to entities providing designated health services if that physician, or the physician’s immediate family member, has a financial (ownership, compensation or investment) interest in the entity. A practitioner must follow the Stark regulations if federal healthcare programs reimburse any of the referrals for designated health services.