Telehealth Informed Consent Standards

Telehealth informed consent is a formal, documented process through which a patient acknowledges understanding of the nature, limitations, risks, and alternatives associated with receiving clinical care via remote technology. Federal and state regulations impose distinct requirements on this process, creating a compliance landscape that varies significantly by jurisdiction, specialty, and payer type. This page covers the definition of telehealth informed consent, the mechanisms through which it is obtained and documented, the clinical scenarios where requirements differ, and the boundaries that determine when standard consent procedures are insufficient.

Definition and scope

Informed consent in telehealth refers to a patient's voluntary, documented agreement to receive health services through electronic communications — including video, audio, asynchronous messaging, or remote monitoring — after receiving a disclosure of how that modality differs from in-person care. The consent obligation arises from two parallel legal frameworks: general medical informed consent doctrine under state common law and statutes, and telehealth-specific disclosure mandates imposed by state telehealth laws and certain federal programs.

The telehealth regulatory framework in the United States draws on guidance from the Centers for Medicare & Medicaid Services (CMS), the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS), and individual state medical boards. CMS, through its Conditions of Participation and Medicare Physician Fee Schedule rules, requires that patients receiving telehealth services be informed that they have the right to refuse services and to receive care in-person instead (CMS, Medicare Learning Network, Telehealth Services).

State laws add a further layer. As of 2023, more than 35 states have enacted telehealth-specific informed consent statutes or regulations, according to the Center for Connected Health Policy (CCHP), which tracks state telehealth policy at cchpca.org. These statutes typically specify the medium through which consent may be obtained (written, verbal, or electronic), the required disclosure elements, and the documentation standard.

The scope of consent requirements also extends to HIPAA compliance in telehealth settings, where Notice of Privacy Practices must be provided separately from, but often alongside, the telehealth-specific consent document.

How it works

The telehealth informed consent process follows a structured sequence of disclosure, confirmation, and documentation.

1. Pre-encounter disclosure: Before the clinical encounter begins, the provider or platform delivers a written or verbal statement covering: (a) the nature of the telehealth technology being used; (b) potential risks, including technology failure, loss of audio or video signal, and limitations in physical examination; (c) confidentiality protections and their limits; (d) the right to withdraw consent and access in-person care; and (e) any geographic or jurisdictional restrictions on the encounter.

2. Patient acknowledgment: The patient affirmatively confirms understanding. This may be verbal (recorded in the medical record) or written (signed document or electronic attestation). CMS permits verbal consent for Medicare beneficiaries, provided the consent is documented in the medical record before the service is furnished (CMS Telehealth Fact Sheet).

3. Documentation: The consent event is entered into the patient record with date, method of consent, and name of the practitioner who obtained it. The Joint Commission standards for accredited organizations require that informed consent documentation be retrievable in the medical record (Joint Commission, Comprehensive Accreditation Manual, RC.02.01.01).

4. Periodic renewal: Several state statutes require re-consent at defined intervals or when the care modality changes. For example, California Business and Professions Code §2290.5 specifies that consent may be obtained verbally or in writing and must be documented, and applies to each episode of care.

Comparing written consent to verbal consent: written consent provides a stronger evidentiary record and is required in states including Texas and New York for certain telehealth specialties. Verbal consent, permitted by CMS for Medicare patients, is faster to obtain in acute or urgent settings but depends entirely on medical record documentation quality for its legal validity.

Common scenarios

Informed consent requirements apply across virtually all telehealth platform types and technologies, but the specific obligations shift based on the clinical context.

Synchronous video visits for primary care: The most common scenario. Consent is typically obtained at the start of the first encounter via electronic attestation in the patient portal or verbally confirmed on-screen. Platforms operating under synchronous telehealth models must document that the patient was informed of the live, interactive nature of the session.

Asynchronous store-and-forward consultations: Consent for store-and-forward telehealth must address the absence of real-time interaction. Patients must be informed that clinical decisions may be made without direct communication, and that there may be a time delay between submission and response — a material difference that several state statutes (including those in Hawaii and Alaska) require be explicitly disclosed.

Mental and behavioral health services: Telehealth delivery of mental health and behavioral services carries additional consent considerations, particularly regarding mandatory reporting obligations, emergency protocols, and the limits of crisis intervention via remote platforms. Some states require specialty-specific consent language for psychiatric care.

Pediatric care: Consent for telehealth pediatric care involves both parental or guardian consent and, for adolescents meeting state-defined age thresholds, minor assent or independent consent depending on the service type (e.g., sexual health, substance use, mental health).

Remote patient monitoring: Patients enrolled in remote patient monitoring programs must consent to continuous data collection, data transmission practices, and the conditions under which a provider will act on transmitted data.

Decision boundaries

The threshold question in telehealth consent compliance is whether a jurisdiction mandates telehealth-specific consent as distinct from general medical consent. Three categories define the compliance boundary:

• Category 1 — Telehealth-specific statute required: States with explicit telehealth consent statutes (California, Texas, New York, Florida, among others) require consent that names the telehealth modality and covers defined disclosure elements. General medical consent does not satisfy these requirements.

• Category 2 — General informed consent applies: In states without a telehealth-specific statute, standard medical informed consent doctrine governs. Providers must still disclose material risks unique to telehealth delivery under general negligence and informed consent principles, but no prescribed form is mandated.

• Category 3 — Federal program overlay: For Medicare and Medicaid patients, CMS requirements apply regardless of state classification. CMS specifically requires documentation that the patient was offered the choice of in-person care before telehealth services are rendered. The telehealth Medicare coverage and billing rules maintain this requirement for most covered services.

A secondary decision boundary involves specialty-specific consent. Telehealth prescribing laws — particularly for controlled substances — impose consent obligations tied to DEA registration and the Ryan Haight Act framework, where prescribing without a prior in-person evaluation requires explicit disclosure and, in some cases, patient acknowledgment of the legal basis for the exception.

Consent validity also depends on patient capacity. Standard incapacity rules apply in telehealth: if a patient cannot provide informed consent, a legally authorized representative must do so, and the provider must document the basis for surrogate consent. This boundary applies acutely in geriatric and senior care telehealth contexts where cognitive impairment may affect consent validity.

References

• Centers for Medicare & Medicaid Services (CMS) — Telehealth Services
• Center for Connected Health Policy (CCHP) — State Telehealth Laws and Reimbursement Policies
• HHS Office for Civil Rights — HIPAA and Health Information Technology
• The Joint Commission — Comprehensive Accreditation Manual, Record of Care (RC.02.01.01)
• California Business and Professions Code §2290.5 — Telehealth
• CMS Telehealth Fact Sheet — Telehealth Services Codes
• American Telemedicine Association (ATA) — Practice Guidelines