New York Telehealth Regulations: 2026 Compliance Guide for Providers

Telehealth Definition and Scope

Telehealth in New York encompasses delivering care at a distance through live video, audio-only when permitted, asynchronous store-and-forward exchange, remote patient monitoring (RPM), and interprofessional e-consults. For 2026 compliance, you should define which modalities you offer, when each is clinically appropriate, and how you will redirect patients to in‑person care when needed.

You generally practice where the patient is located, so New York jurisdiction, scope-of-practice rules, and payer policies apply at the time of service. Confirm whether the patient’s home qualifies as an originating site for the service and payer involved, and document why telehealth is appropriate for the clinical scenario.

Operational checklist

• Record patient and provider locations, modality (video, audio-only, asynchronous, RPM), start/stop times, and all participants present.
• Verify identity, obtain and document informed consent before care begins, and confirm emergency procedures for the patient’s location.
• Use evidence-based protocols to determine when telehealth is suitable versus when in-person evaluation is required.
• Reflect telehealth capacity in scheduling, call-center scripting, and directories to meet Network Adequacy Regulations for timely access.

Eligible Telehealth Providers

Eligible distant-site clinicians are New York–licensed professionals acting within their authorized scope of practice. This typically includes physicians, nurse practitioners, physician assistants, midwives, psychologists, licensed clinical social workers, licensed mental health counselors, marriage and family therapists, physical and occupational therapists, speech-language pathologists and audiologists, dentists, podiatrists, and other licensed practitioners permitted by law and payer policy.

Facilities and organizations (e.g., hospitals, clinics, and group practices) may serve as distant or originating sites when permitted. Align telehealth privileges with medical staff bylaws and supervision or collaboration agreements, ensuring remote supervision rules are followed for professions that require them.

Enrollment and credentialing

• Complete Medicaid Credentialing and enrollment in New York State Medicaid and, when applicable, separate credentialing with managed care plans.
• Maintain accurate NPIs, taxonomy codes, service locations (including telehealth), and delegation/privileging documentation.
• Ensure payer directories show telehealth availability to support access and Network Adequacy Regulations.

Prescribing Controlled Substances via Telehealth

Controlled Substance Prescribing via telehealth must satisfy federal and state law. The federal Ryan Haight Act governs prescribing controlled substances online and generally requires an in‑person medical evaluation unless a specific exception applies. Confirm the DEA’s current telemedicine policy before issuing any controlled prescription in 2026, and ensure you hold appropriate New York licensure and DEA registration covering the patient’s location.

In New York, use electronic prescribing of controlled substances (EPCS) with multi-factor authentication, query the prescription monitoring program (PDMP) as required, and document clinical justification. When telehealth is used, verify patient identity, confirm the patient’s physical location for emergency planning, and coordinate care with local providers or pharmacies when necessary.

Safe-prescribing workflow

• Establish and document a legitimate practitioner–patient relationship using an appropriate telehealth modality.
• Perform a focused exam, assess risk, review PDMP data, and evaluate misuse risk factors before prescribing.
• Issue prescriptions via EPCS; provide patient counseling, safety instructions, and follow-up timing.
• If an in‑person exam is legally required, arrange timely in‑person care and defer prescribing until compliant.

Medicaid Reimbursement Policies

New York Medicaid reimburses telehealth when services are medically necessary, clinically appropriate, and furnished by eligible providers under program rules. Coverage and rates can vary by modality (video, audio-only, asynchronous, RPM) and by delivery system (fee‑for‑service versus managed care). Always confirm service-specific policies, prior authorization requirements, and documentation standards with the applicable program or plan.

Bill using the place-of-service and modifiers designated for telehealth by New York Medicaid and the managed care plan (commonly POS 02 or 10 and modifier 95 for synchronous video). Document modality, clinical appropriateness, and the patient’s location. When permitted, claim any originating-site or facility fee and ensure provider and site enrollment align with the billed service.

Program integrity and audit readiness

• Embed Telehealth Fraud Detection controls: flag impossible schedules, duplicate visits, inappropriate audio-only use, and out-of-state services without licensure.
• Reconcile claims to scheduling logs and platform audit trails; correct and refund overpayments within required timelines.
• Retain encounter notes, consent, PDMP checks, and technology logs to support post‑payment review.

Telehealth Technology Standards

Adopt platforms and workflows that satisfy the HIPAA Security Rules, including risk analysis, access controls, audit logging, integrity controls, and transmission security. Execute business associate agreements with vendors that handle protected health information, and verify subvendor risk management and breach duties.

Secure endpoints with device encryption, patching, and role‑based access. Use multi-factor authentication for clinical systems and EPCS, segment telehealth traffic where possible, and monitor for anomalies. Align your security program with a recognized framework for governance and continuous improvement.

Reliability, safety, and equity

• Set availability targets and failover procedures; test bandwidth, audio/video quality, and emergency fallback to phone when clinically appropriate.
• Provide language access and accessibility features; document interpreter use and ensure effective communication for patients with disabilities.
• Integrate the telehealth platform with your EHR for orders, documentation, consent, and audit logs.

Patient Consent and Confidentiality

Obtain informed consent that clearly explains the telehealth modality, risks and benefits, privacy considerations, alternatives (including in‑person care), potential technology failures, costs, and the process for complaints. Informed Consent Requirements should also cover the provider’s credentials, the patient’s right to withdraw, emergency procedures based on the patient’s location, and any limits on recording.

Consent may be written, electronic, or verbal (when permitted), but it must be documented, time‑stamped, stored in the record, and renewed consistent with policy. For minors or adults lacking capacity, capture consent from an authorized representative and assent from the patient when appropriate. Apply heightened confidentiality rules, including substance use disorder protections, and reinforce privacy by encouraging patients to choose a private setting and use headphones.

Telehealth Service Contingency Plans

Develop and test business continuity and downtime procedures so care can proceed safely if technology fails. At the start of every visit, confirm the patient’s location and a call-back number, then switch to an approved fallback (e.g., audio-only) or reschedule if quality degrades below clinical standards. Document all changes in modality and clinical impact.

Prepare for cybersecurity incidents with defined detection, containment, eradication, and recovery steps, plus breach notification pathways. Maintain paper or offline workflows for essential services, EPCS downtime alternatives that comply with law, and clear escalation to emergency services when red-flag symptoms emerge during a disrupted visit.

Conclusion

To meet New York telehealth requirements in 2026, define your modalities and scope, ensure eligible and properly credentialed providers, follow strict rules for controlled substances, align billing with Medicaid policies, secure technology under the HIPAA Security Rules, obtain robust consent, and rehearse contingency plans. Building these elements into policy, training, and audits keeps care safe, compliant, and sustainable.

FAQs

What are the licensing requirements for telehealth providers in New York?

You must hold an active New York license for your profession and practice within your authorized scope when the patient is located in New York. Telehealth is typically considered the practice of your profession at the patient’s location. If you prescribe, ensure your DEA registration and any required state registrations cover New York. Monitor for any limited permits or compacts relevant to your discipline, and confirm payer participation and site privileges before rendering care.

How does Medicaid reimburse telehealth services in New York?

New York Medicaid reimburses medically necessary telehealth furnished by eligible providers when the service, modality, and setting meet program rules. Use the payer’s required place-of-service codes and modifiers, follow documentation and consent requirements, and verify whether audio-only, asynchronous, or RPM are covered for the specific benefit and plan. Managed care plans may set additional billing and prior authorization rules, so validate policies for each contract.

What regulations govern prescribing controlled substances via telehealth?

Federal law under the Ryan Haight Act and DEA regulations governs controlled prescriptions issued via telemedicine, while New York law adds requirements such as PDMP queries and electronic prescribing. Confirm whether an in‑person evaluation is required or whether a lawful exception applies, verify identity, document clinical justification, and use EPCS with multi-factor authentication. When in doubt, arrange an in‑person exam before prescribing.

How must patient consent be documented for telehealth services?

Capture informed consent in writing, electronically, or verbally (if allowed), then document it clearly in the record with date, time, modality, and the elements discussed: nature of telehealth, risks/benefits, alternatives, privacy considerations, emergency procedures, and limits on recording. Reaffirm consent consistent with your policy, use interpreters when needed, and apply heightened protections for sensitive services such as substance use disorder treatment.