Telehealth Compliance Training: Addressing the New Regulatory Landscape of 2025

The acceleration of telehealth during the pandemic offered flexibility and access at a scale the healthcare system had never experienced before. Now, as final rules emerge and others near expiration, training programs must evolve and upskill quickly to ensure every provider, clinical leader, and administrator understands their compliance responsibilities.

Let’s examine the most critical regulatory changes affecting telehealth in 2025 and the training updates needed to keep pace.

New DEA Rules on Telehealth Prescribing

The DEA has established new pathways for legally prescribing controlled substances remotely. These include:

• Special telemedicine registration categories for Schedule II–V prescribing

• Up to six months of buprenorphine prescriptions after an audio-only evaluation

• Required use of Prescription Drug Monitoring Programs (PDMPs) for compliance and fraud prevention

Training should now include:

• Step-by-step instructions on DEA registration under the new rules

• Scenarios showing appropriate vs. inappropriate prescribing in a telehealth setting

• PDMP integration and how it fits into clinical decision-making

Your providers need more than awareness; they need decision-making frameworks for legally compliant remote prescribing.

Medicare Telehealth Flexibility Extended Through September 30, 2025

Earlier this year, Congress extended key Medicare telehealth flexibilities, though only through the end of Q3. These include:

• Removal of geographic and originating site restrictions

• Coverage for home-based care from therapists, pathologists, and audiologists

• Reimbursement eligibility for Federally Qualified Health Centers (FQHCs) and Rural Health Clinics (RHCs)

Training priorities should include:

• Eligibility rules for clinicians delivering Medicare services via telehealth

• Documentation practices to support reimbursement during the extension window

• Workflow checklists to distinguish between telehealth and in-person services for billing

Teams must be prepared now, not later, to operate confidently under flexibilities that are set to expire in less than two months.

Audio-Only Telehealth Services Still Reimbursable

Telehealth access must be equitable. Audio-only services remain critical for patients without video access and they’re still covered for many conditions. Key points include:

• Continued CMS reimbursement for certain CPT codes via phone

• High utility in behavioral health, geriatrics, and rural communities

• Increased reliance on clinical judgment to determine when audio-only is appropriate

Training modules should now include:

• Clear examples of billable audio-only visits by specialty

• Use of appropriate modifiers (e.g., “95”) and documentation techniques

• Privacy best practices for phone consultations

Audio-only care must be trained as intentional, not fallback practice, especially for populations with access barriers.

Virtual Supervision and Teaching Physician Flexibility

Through December 31, 2025, CMS permits real-time virtual supervision for certain clinical encounters. This impacts:

• Teaching physicians overseeing residents remotely

• Incident-to billing models for auxiliary staff

• Virtual team-based care in hybrid or outpatient settings

Training should guide teams through:

• What qualifies as “real-time” under CMS supervision rules

• Documentation protocols for virtual oversight

• Ethical considerations for maintaining care quality when working remotely

Clinical supervision training should now account for the practical workflows and compliance points of video-based oversight.

The October 1, 2025 Policy Cliff

One of the most urgent challenges in telehealth compliance is the policy “cliff” coming this fall. If no action is taken by Congress, the following may revert:

• Reinstatement of rural-only and facility-based restrictions

• Loss of home-based care billing for FQHCs and RHCs

• Expiration of expanded mental health telehealth permissions

Training and planning should now include:

• Parallel workflows: one for waiver extension, one for expiration

• Communication plans for updating clinicians and patients in Q4

• Billing strategy adjustments for different site-of-service limitations

Preparing for what’s next is no longer optional; it’s your organization's compliance lifeline for Q4 and beyond.

HIPAA Security Rule NPRM (Proposed Modernization)

HHS proposed significant HIPAA Security Rule changes in early 2025, aimed at modernizing digital safeguards across telehealth platforms. The proposal includes:

• Mandatory multi-factor authentication (MFA)

• Annual risk assessments and policy reviews

• 24-hour vendor notification for any security contingency activation

Training must now support:

• Organizational preparedness for the final rule later this year

• Staff understanding of stronger password, access, and MFA policies

• Simulated cyber incident drills to build confidence in response

Compliance training must now support a more technical, proactive security culture, especially for organizations operating virtually.

State Licensure and Credentialing Changes

As federal oversight recedes, state-level authority is regaining prominence. While the Interstate Medical Licensure Compact (IMLC) and Nurse Licensure Compact help, many states have:

• Independent telehealth registration requirements

• Mandatory credential verification every 30 days (per NCQA 2025 standards)

• New state-specific exclusion monitoring databases and timelines

Credentialing teams must now be trained to:

• Track active licenses across jurisdictions

• Use centralized dashboards for automated renewal alerts and monitoring

• Understand state-by-state rules affecting telehealth eligibility and risk

Role-specific licensure and credentialing training are no longer optional; they’re mission-critical to avoid operational risk.

Conclusion

The second half of 2025 demands more than awareness; it calls for execution. The rules for telehealth delivery are becoming more detailed, more enforceable, and more state-driven. From prescribing to documentation, supervision to cybersecurity, healthcare professionals face a matrix of expectations that can’t be met with outdated training materials or one-size-fits-all learning.

Organizations that treat compliance as a living, evolving function will stay aligned with policy and protect patient access in the process. That means not only knowing the rules, but training staff to apply them confidently and consistently, even as regulations change mid-year.

At Pivto, we help healthcare organizations build great learning programs that don’t just explain policies but show people how to follow them. Our team works closely with compliance officers, credentialing managers, and training leads to create education that keeps pace with every shift in the healthcare regulatory environment.

‍