Telehealth

Telehealth HIPAA Considerations

The HIPAA Privacy and Security Rule applies to telehealth services; technology choices must support the safeguards.

1 min read · Last reviewed May 23, 2026

At a glance

Category
Telehealth
Primary sources
2
Workspace handoff
compliance binder

Where this comes up

Telehealth coding, place-of-service, modifier (95, GT, GQ, FQ, FR), and post-PHE policy parity all converge here. State licensure rules and DEA controlled-substance prescribing rules add a second compliance layer most billers learn about only after the first denial.

Full definition

What it is in practice

HHS clarifies that telehealth platforms transmitting ePHI must support HIPAA-compliant safeguards and a BAA with the vendor. Consumer video apps without a BAA do not meet the standard.

How it shows up in your practice

Use a telehealth platform that signs a BAA. Document the platform choice in the risk analysis.

Sources

Take it into the workspace

Document telehealth platform selection in the Compliance Binder

Open compliance binder
Authored by D3rx

D3rx is a healthcare-billing and compliance research aid maintained by D3rx Inc. Articles are drafted by an LLM (Anthropic Claude) against primary HHS, OCR, CMS, eCFR, NIST, and state-regulator publications, and reviewed for restraint and source fidelity by the D3rx team.

Reviewer status: a named credentialed reviewer (CHC, CHPC, or healthcare attorney) is being engaged. Until that engagement is finalized, this page does not claim credentialed review.

This glossary entry is a research aid for billing and compliance staff. It does not provide legal, medical, or financial advice and does not replace counsel. References cited link to primary sources at HHS, OCR, CMS, eCFR, NIST, and the relevant payer or industry body.