Blog Post

Understanding CMS Guidelines for Telehealth in 2025 

March 2025

Telehealth has transformed American healthcare, but evolving guidelines from the Centers for Medicare & Medicaid Services (CMS) put many programs in jeopardy. From data privacy requirements to Medicare reimbursements, it is easy to lose track of the latest policies – but this article is designed to help. 

Based on our team’s industry expertise and continual monitoring of CMS requirements, we will explain exactly what is required to run a safe and effective telehealth program in 2025. But before we start, let’s step back and consider exactly why telehealth is so important. 

CMS Policy on Telehealth: An Overview 

What Is Telehealth? 

Telehealth is the use of digital communication technologies to deliver healthcare services remotely. This includes video conferencing, remote patient monitoring, and mobile health applications that allow patients to consult with healthcare providers without needing to visit a physical location.  

Given that 18% of Americans live more than 10 miles away from their nearest healthcare practice and many lack either the mobility or means to travel, this has profound benefits. Telehealth has equalized and enhanced access to care for many patients, and today, 86.5% of Americans report using it in the last year.  

However, this rapid adoption has created problems. Usage of telehealth skyrocketed during the COVID-19 pandemic, and this rapid change forced dramatic action from regulators – much of which is still being resolved today. 

The Evolution of CMS Telehealth Policy 

The Centers for Medicare & Medicaid Services has historically maintained strict guidelines regarding telehealth coverage. Prior to the COVID-19 pandemic, Medicare telehealth services were limited to beneficiaries in designated rural areas, requiring them to access care from approved medical facilities.  

However, the pandemic left a far larger volume of the population reliant on telehealth to receive standard healthcare. This prompted a series of short-term waivers to enable the quick expansion of telehealth provisions, including: 

  • Insurance Coverage: The CMS extended Medicare coverage beyond its previous strict geographic boundaries, enabling virtually all Medicare patients to bill for telehealth services through the program. 
  • Service Availability: Medicare policies were also adjusted to allow for a far wider range of services to be delivered through telehealth. 
  • Data Privacy: Many HIPAA requirements were relaxed, allowing providers to use popular video platforms such as Zoom, which would otherwise have been disallowed due to data security regulations. 

These waivers were inevitable in 2020; they were pushed through quickly and with little pushback. But today, there is far more uncertainty around the future of CMS telehealth policy – and upcoming changes could have dramatic impacts on the future of American healthcare. 

Why Is CMS Policy Important? 

CMS guidelines on telehealth determine which services are covered by Medicare, who can provide them, and how they are billed. Policy changes could effectively force back the changes brought about by the pandemic or enable a lasting embrace of telehealth. 

For patients, this has clear implications: telehealth has led to more equitable care, both in terms of geographic access and reductions in wait times. But it is also important for providers. 

McKinsey estimates that up to 30% of Medicare FFS and Advantage spending for acute care could be delivered at home, while up to 40% of post-acute and long-term care can be likewise administered via telehealth. This would make telehealth a major efficiency booster, yet the fulfillment of this potential resides in telehealth being facilitated by the right policies.  

How Does CMS Billing for Telehealth Work? 

The CMS currently reimburses telehealth services at rates comparable to in-person visits, ensuring payment parity under Medicare Part B. However, there are a few key factors to consider: 

Eligibility for CMS Reimbursements 

The CMS maintains clear guidelines about who can bill for telehealth services. We can split them into two basic branches: 

  1. Eligible Services 

The CMS maintains an evolving list of telehealth services that qualify for reimbursement under Medicare, which currently includes: 

  • Evaluation and management (E/M) visits 
  • Behavioral health services 
  • Chronic care management 
  • Remote patient monitoring (RPM) 
  • Preventive health screenings 
  • Certain emergency department visits 
  1. Eligible Providers 

Only specific practitioners are eligible to furnish telehealth services under CMS guidelines, including: 

  • Physicians 
  • Nurse practitioners 
  • Physician assistants 
  • Clinical psychologists 
  • Clinical social workers 
  • Certified nurse midwives 
  • Registered dietitians and nutrition professionals 

Billing Codes and Modifiers 

To receive proper reimbursement, telehealth services must be billed using specific Current Procedural Terminology (CPT) and Healthcare Common Procedure Coding System (HCPCS) codes. Important modifiers include: 

  • Modifier 95: Used for real-time, interactive audio and video communications 
  • GT Modifier: Previously used but now largely replaced by Modifier 95 
  • GQ Modifier: For asynchronous (store-and-forward) telehealth services 
  • POS 02: Designates that the service was provided via telehealth 
  • POS 10: Indicates telehealth provided to a patient at home 

This points us to the importance of documentation: every provider that wishes to provide telehealth in line with CMS guidelines must document numerous factors. But what exactly does this mean? 

Understanding the CMS Telehealth Documentation Requirements 

There are three core areas in the CMS policy that require telehealth providers to maintain proper documentation: 

  1. General Documentation 

Every CMS-compliant telehealth program must have basic documentation related to each telehealth patient. This includes clear proof of the following: 

  • The medical necessity of telehealth services 
  • Patient location at the time of service 
  • Provider credentials and eligibility 
  • Communication methods used during the session 
  • Patient content to undertake telehealth 
  1. Session Records 

Providers must also maintain comprehensive records of each telehealth session, including: 

  • Patient history and chief complaint 
  • Diagnoses and treatment recommendations 
  • Medications prescribed or adjusted 
  • Follow-up instructions and care plans 
  1. Technology Compliance 

HIPAA has a number of telehealth-specific guidelines, all of which should be factored into your policies and clearly documented: 

  • Ensure video conferencing, messaging, and data storage platforms meet HIPAA security standards (e.g., end-to-end encryption). 
  • Inform patients about telehealth risks and document their consent before providing services. 
  • Implement safeguards like encrypted transmissions and secure login credentials to prevent unauthorized access. 
  • Only share patient information with authorized personnel and ensure Business Associate Agreements (BAAs) are in place with third-party vendors. 
  • Confirm patient identity through secure verification methods before conducting telehealth sessions. 
  • Use firewalls, antivirus software, and VPNs to protect patient information on provider and patient devices. 
  • Maintain proper documentation of telehealth interactions while complying with HIPAA retention policies. 

Only by following these documentation and billing requirements can healthcare providers leverage telehealth services effectively while ensuring compliance with CMS regulations. 

How to Manage CMS Telehealth Guidelines in 2025  

Healthcare providers should focus on three key areas to ensure their telehealth program is compliant with CMS guidelines: 

  1. HIPAA Policies 

From the software used to administer virtual care to the processing of patient data, robust protections must be in place to ensure HIPAA compliance. Many organizations already struggle to maintain a robust HIPAA program; telehealth-specific policies may create an extra hurdle.  

Compliance Resource Center (CRC) reduces this burden. We give our clients access to a repository of HIPAA privacy and security policies that covers all key telehealth requirements, making it easy to put the right measures in place to protect patients using your telehealth program.  

  1. Reimbursement Processes 

CMS telehealth policies are constantly evolving, and your entitlement to reimbursement may change. Every telehealth program should, therefore, be protected through two key steps: 

  • Track changes to CMS guidelines, as waiver extensions expire in early 2025 and may be adjusted or simply left 
  • Implement established best practices to navigate telehealth billing and ensure you receive full reimbursement for your services 
  1. Employee Training 

Telehealth compliance requires every employee involved to understand their regulatory requirements. From administering and billing services to maintaining reliable documentation, the right compliance training program is essential to avoid employee errors that could cost your organization.  

Keep Your Telehealth Program CMS Compliant with Compliance Resource Center 

CMS telehealth guidelines can feel overwhelming – and many healthcare organizations fear their program creates compliance risks. But Compliance Resource Center can help you create and implement policies and processes that ensure you are fully compliant. 

Want to explore how Compliance Resource Center could help you adapt your telehealth program to changing CMS policies? 

Book a Consultation 

Subscribe to blog

Build an effective compliance program with expert hotlines, sanctions screening, training, and more.

Speak to an Expert