While informed consent in healthcare is usually associated with invasive or experimental procedures, some states and payers have made it a requirement for telehealth due to privacy and security concerns. Here are answers to frequently asked questions about informed consent for telehealth:

Is Informed Consent Required for Telehealth?

  • State Requirements: Many states mandate informed consent for telehealth, either within their Medicaid programs or via laws governing health professionals.  Some states specify elements that must be included in the consent process.
    • Check State Requirements.  To confirm your state's requirements, click here and then:
      • Select your state from the State dropdown box at the top of the webpage then:
      • Click on Medicaid and select "Consent Requirements" for Medicaid-specific requirements
      • Click on Professional Requirements and select
        "Consent Requirements" to view requirements from the professional licensing board.
  • Medicare: Medicare does not require consent for general telehealth visits.  However, it does require consent for Communication Technology Based Services (e.g., virtual check-in, remote patient monitoring) that are not classified as telehealth.

While consent may not always be required, obtaining it is a recommended best practice for clarity and compliance.

What Should Be Included in Telehealth Consent?  Informed consent for telehealth typically explains what telehealth involves, outlines expectations, highlights benefits and potential risks, and details how risks are managed. The Federation of State Medical Boards, in their policy on The Appropriate Use of Telemedicine Technologies in the Practice of Medicine recommends including the following:

  • Patient and Provider Identification:  Include the patient's identity and location and the provider's identity, credentials and state of practice.
  • Primary Care Physician: Document the primary care physician's details, if available.
  • Permitted Activities:  Specificy what types of services (e.g., prescriptions, patient education) can be done via telehealth.
  • Suitability for Telehealth:  State that the provider will determine, in accordance with laws, if a condition is appropriate for telehealth.
  • Privacy and Security Measures: Describe any secuirty protocols used (e.g., data encryption, password protection) and potential privacy risks.  HIPAA does not require education on these risks, but it is best practice to inform patients.
  • Hold Harmless Clause:  Include a clause absolving liability for informtion lost due to technical failures.
  • Consent to Share Information. Obtain express patient consent before sharing identifiable information with third parties, following state and federal regulations.

For non-physicians, check your profession's guidance for any specific consent requirements.

How Often and In What Format Should Consent be Gathered? 

  • Written or Verbal Consent:  Check state and Medicaid requirements to see if written consent is required; most allow verbal consent.
  • Consent Frequency: Most states do not require consent before each visit and many are not explicit about frequency of consent.  Annual consent is typically recommended.
  • Consent Protocol and Documentation:  It is recommended that you have a written process (by whom and when) and protocol (with script) developed that is considered standard operating procedure.  Date the protocol and include a revision date each time it is revised.  Once that is in place, you just need to document in the medical record that your consent process/protocol (include the version date) was used and that the patient provided consent.

Resources