Telehealth laws for therapists

Telehealth laws for therapists are now a fundamental part of practicing safely and ethically in a digital environment. With teletherapy becoming a standard care option since the COVID-19 pandemic, therapists must navigate evolving regulations related to licensing, privacy, and interstate practice.

This post breaks down what you need to know to stay compliant and confident in your telehealth practice.

Summary

• Teletherapy laws vary widely by state and profession, requiring therapists to understand both home-state and client-state regulations. Click here to enroll in our free on-demand Top to bottom teletherapy video course [Enroll Now]
• Federal privacy laws like HIPAA and HITECH govern how client data is protected and transmitted across telehealth platforms.
• Professional associations (APA, ASHA, NASW, AOTA, APTA) offer foundational ethical guidance that state boards reference during compliance reviews.
• Using a HIPAA-compliant platform like TheraPlatform helps therapists ensure security, documentation, and informed consent align with legal standards.

One national analysis of private insurance claims covering more than 36 million working-age adults found that telemedicine encounters rose by 766% during the early pandemic period. This rapid growth allowed clinicians to maintain continuity of care and improve accessibility for clients in remote or underserved areas.

Streamline your practice with One EHR

• Scheduling
• Flexible notes
• Template library
• Billing & payments

• Insurance claims
• Client portal
• Telehealth
• E-fax

Learn More

However, this opportunity also comes with additional complexity. Therapists must navigate a shifting regulatory environment that includes federal privacy laws, state licensing regulations, and platform security standards.

Without careful compliance of teletherapy laws, both therapists and clients face significant risks related to confidentiality, liability, and ethical conduct. Adhering to legal and professional standards protects client welfare, upholds ethical obligations, and supports sustainable, high-quality care.

Understanding the teletherapy law landscape

The rapid expansion of telehealth has prompted significant regulatory evolution at both state and federal levels.

Mental health professionals now practice within a landscape defined by varying definitions of telehealth, differing consent requirements, and multi-jurisdictional licensure challenges.

For behavior-change practitioners, the issue of cross-state care is especially significant, as clients often relocate or travel, placing them under a different jurisdiction than their clinician.

Each discipline, including psychology, counseling, social work, speech-language pathology (SLP), occupational therapy (OT), physical therapy (PT), and behavior analysis, has unique licensing laws and practice standards.

These teletherapy laws define who may deliver services, what technology may be used, and what constitutes valid consent and documentation. Teletherapy introduces additional layers of complexity involving technology, data security, and professional ethics, making it essential for clinicians to remain up to date on changes in both their home and client states.

Professional guidelines as your starting point to teletherapy laws

Before delving into state statutes, therapists should begin with the guidance provided by their national professional associations. These organizations outline foundational ethical expectations for remote care and serve as a reference point for board reviews and audits.

The American Psychological Association (APA) guidelines for the practice of telepsychology emphasize that psychologists must ensure their remote practice complies with all applicable laws and ethical codes, including maintaining competence in technology use, protecting client confidentiality, and securing informed consent (American Psychological Association, n.d.).

For speech-language pathologists and audiologists, the American Speech-Language-Hearing Association (ASHA) has issued comprehensive telepractice guidelines that define requirements for technology use, client suitability assessments, and data protection (ASHA, 2021).

Similarly, the National Association of Social Workers (NASW) provides standards for the use of technology in social work practice, focusing on client confidentiality, informed consent, and documentation.

The American Occupational Therapy Association (AOTA) and American Physical Therapy Association (APTA) have also released position papers supporting ethical and effective use of telehealth within their respective fields.

Keeping current with your profession’s official guidelines is essential. These documents provide the ethical framework by which state licensing boards and professional review committees evaluate practitioner conduct.

Practice Management + EHR + Telehealth

Manage more in less time in your practice with TheraPlatform

Start Free Trial

Complying with state telehealth laws

Your home state telehealth laws

The first step in maintaining compliance is to understand your home state’s telehealth rules. State licensing boards define the scope of practice, informed consent requirements, documentation expectations, and emergency response protocols.

Many states now include specific telehealth laws and regulations in their administrative codes or board rules.

Clinicians should ensure that their informed consent forms explicitly address teletherapy, including potential risks, benefits, limits to confidentiality, and policies regarding technology failures. Documentation should include details about the modality used (such as video or phone), the physical locations of both client and clinician, session length, crisis response plans, and whether in-person follow-up is necessary.

Therapists must also develop an emergency protocol tailored to telehealth. This plan should specify how to locate clients in crisis, identify local emergency contacts, and outline steps to follow if immediate intervention is needed.

Regularly reviewing these plans ensures preparedness for emergencies that may arise during virtual sessions.

Providing services across state lines

When clients reside in another state, the telehealth laws of that state generally govern the delivery of virtual services. This is a key area where compliance can become complicated. Some states allow limited interstate practice under certain conditions, while others require full licensure in the client’s state.

The Psychology Interjurisdictional Compact (PSYPACT) facilitates cross-state telepsychology for licensed psychologists in participating states, allowing them to provide telehealth services legally under a standardized process. Similar interstate compacts exist for physical therapy (PT Compact) and occupational therapy (OT Compact), and efforts are underway to expand this model to additional disciplines.

However, many professions still lack nationwide reciprocity. Clinicians must confirm whether their license authorizes telehealth practice into the client’s state or whether a temporary or additional license is required.

Practicing without proper authorization may result in disciplinary action, loss of licensure, denial of insurance reimbursement, and potential malpractice exposure.

Therapists should document due diligence in verifying jurisdictional requirements before initiating care with out-of-state clients. This practice protects both the client’s access to services and the clinician’s professional standing.

Free Resources for Therapists

Click below and help yourself to peer-created resources:

• Ready-to-use worksheets, checklists, assessments & more!
• Master insurance billing with our expert-led course
• Telehealth 101: On-demand videos
• Curious how TheraPlatform solves private practice pain points?

Federal telehealth laws and online therapy

In addition to state regulations, several federal telehealth laws shape how virtual care must be delivered. These telehealth laws are critical to ensuring data protection, privacy, and ethical accountability.

The Health Insurance Portability and Accountability Act (HIPAA) establishes privacy and security standards for all protected health information (PHI).

Teletherapy platforms must comply with HIPAA’s Privacy and Security Rules, ensuring that data transmission and storage meet encryption and access-control standards (Edemekong, 2024).

The Health Information Technology for Economic and Clinical Health (HITECH) Act reinforces HIPAA compliance by requiring breach notifications, regular risk assessments, and business associate agreements (BAAs) with technology vendors that handle PHI.

Therapists working in school settings must also follow the Family Educational Rights and Privacy Act (FERPA), which governs the handling of student educational records, including information shared through telepractice.

During the COVID-19 public health emergency, temporary federal waivers expanded telehealth access and relaxed some licensing and reimbursement restrictions. However, most of those waivers have now expired, restoring pre-pandemic compliance expectations (Pandya et al., 2022).

Clinicians should continue to obtain explicit teletherapy consent from each client, detailing the technology used, session locations, contingency plans for disruptions, and procedures for emergencies.

The role of a HIPAA-compliant teletherapy platform

Selecting an appropriate teletherapy platform is one of the most critical compliance decisions for any clinician. The U.S. Department of Health and Human Services (HHS) emphasizes that telehealth technologies must support HIPAA compliance and that providers must execute a Business Associate Agreement (BAA) with any vendor managing electronic PHI (U.S. Department of Health & Human Services, 2023).

A HIPAA-compliant platform should provide encrypted video and audio, secure file sharing, and audit trails for all client communications. It should also offer e-consent and digital signature capabilities to streamline consent documentation.

If a platform allows session recordings or transcriptions, client permission and data-protection procedures must be clearly established in writing.

Therapists should evaluate vendors for transparency regarding data storage, encryption methods, and breach response policies.

Choosing a platform that integrates secure communication tools, electronic forms, and consent workflows, such as those offered by professional-grade telehealth software providers, can reduce risk and streamline compliance.

Red flags and legal pitfalls to avoid

Despite best intentions, certain compliance gaps can expose practitioners to significant risk. One common issue is providing therapy to clients in states where the clinician is not licensed.

Even a single unauthorized session can result in board complaints or legal action.

Another major risk involves using consumer-grade video platforms, such as free versions of video chat tools that do not offer BAAs or encryption standards required under HIPAA. Using these tools can lead to privacy breaches and regulatory penalties.

Therapists must also ensure that their informed consent specifically covers teletherapy. This consent should include an explanation of potential risks associated with technology use, the limits of confidentiality, and how emergencies will be handled. Failure to obtain this documentation leaves both client and clinician vulnerable to liability.

Finally, clinicians must have a telehealth-specific emergency plan. If a client experiences acute distress during a remote session, the therapist must be able to identify the client’s location and activate local emergency services. Regular review of these plans is a hallmark of ethical, risk-aware practice.

Tips for staying current and compliant with telehealth laws

Maintaining compliance is an ongoing process. Clinicians should subscribe to updates on telehealth laws from their state licensing boards and professional associations to stay informed about new regulations or policy changes.

Participating in peer consultation groups or online professional communities can also help practitioners stay informed about evolving best practices.

Continuing education is another vital element. Many states now require clinicians to complete telehealth-specific continuing education units (CEUs) focused on technology use, ethics, and risk management.

Clinicians can also benefit from periodic self-audits of their teletherapy procedures. This includes verifying client and clinician locations, reviewing technology security measures, updating emergency contact information, and confirming ongoing licensure eligibility for cross-state practice.

Partnering with reputable technology vendors that provide compliance resources, training, and contract templates can further support adherence to regulations and professional standards.

The future of teletherapy laws and regulations

The legal and ethical landscape of teletherapy continues to evolve as technology advances and cross-state collaboration expands. Two key areas of change are licensure compacts and the integration of artificial intelligence (AI) tools in clinical practice.

Licensure compacts such as PSYPACT have set the stage for greater national uniformity in teletherapy regulation. Similar models are emerging for physical and occupational therapists and speech-language pathologists, helping to streamline access and reduce administrative barriers for both clinicians and clients.

AI tools are also increasingly being incorporated into teletherapy platforms. These may include automated transcription, sentiment analysis, or remote monitoring features. While AI can enhance efficiency and offer insights into treatment patterns, it also introduces ethical and legal considerations.

Clinicians must ensure that AI tools comply with HIPAA and state privacy laws, that clients are informed about data use, and that algorithms used in clinical settings are validated and transparent. Responsible integration of AI within secure workflows can strengthen client trust and improve care quality.

Compliance as a foundation for success

While teletherapy compliance can seem complex, it is ultimately a foundation for safe, ethical, and effective clinical practice. By choosing secure technologies, maintaining accurate documentation, following licensure and telehealth laws, and engaging in ongoing education, clinicians can confidently provide remote care that meets both ethical and legal standards.

Compliance should not be viewed as a bureaucratic burden, but rather as a commitment to professionalism and client safety. When therapists align their practice with regulatory expectations, they not only protect themselves but also enhance the therapeutic experience for clients who rely on telehealth for accessible, high-quality mental health care.

Streamline your practice with One EHR

• Scheduling
• Flexible notes
• Template library
• Billing & payments

• Insurance claims
• Client portal
• Telehealth
• E-fax

Learn More

Resources

TheraPlatform is an all-in-one EHR, practice management, and teletherapy software built for therapists to help them save time on admin tasks. It offers a 30-day risk-free trial with no credit card required and supports mental and behavioral health, SLPs, OTs, and PTs in group and solo practices.

More resources

• Top-to-bottom approach to launching teletherapy on-demand video academy
• Teletherapy worksheets
• Teletherapy blog

References

American Psychological Association. (n.d.). Guidelines for the Practice of Telepsychology. https://www.apa.org/about/policy/telepsychology-revisions

American Association for Marriage and Family Therapy. (n.d.). State Guide for Telehealth. https://www.aamft.org/AAMFT/Events/State_Guide_for_Telehealth.aspx

Bassan, S., et al. (2020). Data privacy considerations for telehealth consumers amid COVID-19. JMIR, PMC. https://www.ncbi.nlm.nih.gov/articles/PMC7543610

Cantor, J., Schuler, M. S., Matthews, S., Kofner, A., Breslau, J., & McBain, R. K. (2024). Availability of mental telehealth services in the U.S. JAMA Health Forum, 5(2), Article e235142. https://doi.org/10.1001/jamahealthforum.2023.5142

Center for Connected Health Policy. (n.d.). State Telehealth Policies – Cross-State Licensing / Professional Requirements. Retrieved November 10, 2025, from https://www.cchpca.org/topic/cross-state-licensing-professional-requirements/

Edemekong, P. F. (2024). Health Insurance Portability and Accountability Act (HIPAA). In StatPearls [Internet]. https://www.ncbi.nlm.nih.gov/books/NBK500019/NCBI

Fleddermann, K., et al. (2024). Levels of telehealth use, perceived usefulness, and ease of use among behavioural health providers. PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC11685243

Koonin, L. M., et al. (2020). Trends in the use of telehealth during the emergence of the COVID-19 pandemic – United States, January–March 2020. MMWR, 69(43). https://www.cdc.gov/mmwr/volumes/69/wr/mm6943a3.htm

National Institute of Mental Health. (2024, June 26). Understanding the availability of mental telehealth services. Retrieved November 10, 2025, from https://www.nimh.nih.gov/news/science-updates/2024/understanding-the-availability-of-mental-telehealth-services

Pandya, A., et al. (2022). The regulatory environment of telemedicine after COVID-19. PMC. https://www.ncbi.nlm.nih.gov/articles/PMC9277986

National Association of Social Workers. (n.d.). Telemental Health – HIPAA Help for Social Workers. Retrieved November 10, 2025, from https://www.socialworkers.org/About/Legal/HIPAA-Help-For-Social-Workers/Telemental-Health

Shaver J. The State of Telehealth Before and After the COVID-19 Pandemic. Prim Care. 2022 Dec;49(4):517-530. doi: 10.1016/j.pop.2022.04.002. Epub 2022 Apr 25. PMID: 36357058; PMCID: PMC9035352. https://pmc.ncbi.nlm.nih.gov/articles/PMC9035352

Telehealth Policy: HIPAA rules for telehealth technology. (2023, Nov 6). U.S. Department of Health & Human Services.