Telehealth Voters Pledge aims to make telehealth permanence 'an unavoidable issue'
Overview
A broad coalition of healthcare stakeholders has launched the Telehealth Voters Pledge, an advocacy campaign pushing Congress to make Medicare telehealth flexibilities permanent. Led by the Alliance for Connected Care, the coalition includes hospitals, healthcare organizations, providers, patient advocacy groups, and technology companies. The group plans to deliver signed pledges to Congress in July, positioning telehealth permanence as a key policy priority. For independent practices that adopted telehealth during pandemic waivers, the future of remote care delivery—and the compliance obligations that come with it—remains uncertain.
Technical Details
Medicare's temporary telehealth flexibilities, enacted during the COVID-19 public health emergency, allowed practitioners to provide remote care across state lines, bill for audio-only visits, and treat patients at home rather than requiring originating site restrictions. These waivers expire without Congressional action. The Telehealth Voters Pledge campaign aims to create legislative momentum by demonstrating voter support for permanent telehealth policies. If successful, practices will need to maintain compliant telehealth infrastructure indefinitely—not just as a temporary measure. This includes secure video platforms with Business Associate Agreements (BAAs), access controls, audit logging, and encryption standards that meet HIPAA requirements for ePHI transmission.
Practical Implications
For independent practices, permanent telehealth means permanent compliance obligations:
- Platform security: Telehealth platforms must use TLS 1.3 or equivalent encryption, provide BAA coverage, and log all patient interactions
- Cross-state licensure: Practitioners must maintain active licenses in all states where they treat patients remotely, each with distinct scope-of-practice rules
- Documentation standards: Remote visits require the same clinical documentation rigor as in-person care, plus metadata proving session security (encryption method, access logs, participant verification)
- Vendor risk: Third-party telehealth vendors create new attack surfaces—platforms that haven't been assessed for security gaps increase breach risk
With the $9.8M average breach cost (IBM Security, 2024), practices cannot afford to treat telehealth security as an afterthought. If Congress makes these flexibilities permanent, the compliance burden becomes permanent too.
What This Means for Your Practice
If you offer telehealth, treat it as a long-term capability requiring ongoing compliance investment:
- Audit your current platform: Does your telehealth vendor provide a BAA? Can you prove encryption and access controls?
- Document your risk assessment: HIPAA requires periodic evaluation of all ePHI transmission channels, including video platforms
- Train your staff: Workforce must understand secure session protocols, patient identity verification, and how to handle technical failures without exposing PHI
- Plan for multi-state compliance: If you see out-of-state patients, coordinate licensure and understand each state's telehealth-specific rules
If you don't offer telehealth, consider whether permanent Medicare coverage changes your calculus. Remote care can expand patient access, but only if you can maintain security and compliance at scale.
If you offer telehealth, treat it as a long-term capability requiring ongoing compliance investment: - Audit your current platform: Does your telehealth vendor provide a BAA? Can you prove encryption and access controls? - Document your risk assessment: HIPAA requires periodic evaluation of all ePHI transmission channels, including video platforms - Train your staff: Workforce must understand secure session protocols, patient identity verification, and how to handle technical failures without exposing PHI - Plan for multi-state compliance: If you see out-of-state patients, coordinate licensure and understand each state's telehealth-specific rules If you don't offer telehealth, consider whether permanent Medicare coverage changes your calculus.
How Patient Protect Helps
Patient Protect's Autonomous Compliance Engine tracks telehealth-specific compliance requirements automatically, generating tasks for BAA renewals, platform security audits, and documentation reviews as regulations evolve. The Vendor Risk Scanner evaluates telehealth platforms for security gaps and tracks BAA status across all third-party vendors. ePHI Audit Logging captures immutable access records for every session, proving your platform meets encryption and access control standards. The Policy Generation module auto-updates telehealth policies as state and federal rules change, ensuring your procedures reflect current requirements without manual rewrites.
For practices already working with compliance consultants, Patient Protect adds the security-first layer those relationships weren't built to provide—real-time monitoring, automated vendor tracking, and technical enforcement of telehealth security protocols. Start a free trial at hipaa-port.com or check your risk at patient-protect.com/risk-assessment.
This editorial was generated by AI from publicly available source material and is clearly labeled as such. It does not constitute legal, compliance, or professional advice. Inclusion of any entity does not imply wrongdoing. Patient Protect makes no warranties regarding accuracy or completeness. Verify all information with the original source before relying on it.