Telehealth Documentation Requirements & Best Practices

Documentation in Telehealth Settings

Telehealth has become a permanent fixture in mental health practice. What began as an emergency adaptation during the COVID-19 pandemic has evolved into a standard service delivery model with its own regulatory framework, documentation requirements, and clinical considerations. Whether you provide telehealth exclusively or as part of a hybrid practice, your documentation must address elements that simply do not exist in face-to-face care.

The core clinical documentation requirements remain the same as in-person practice. You still need comprehensive assessments, treatment plans, progress notes, and risk assessments. However, telehealth adds a layer of documentation related to technology, geography, consent, and safety planning that must be woven into your standard workflows.

State telehealth laws are still evolving, and payer requirements vary significantly. Clinicians must stay current with their state licensing board's telehealth regulations, the requirements of each insurance panel they participate in, and federal guidelines that affect Medicare and Medicaid telehealth billing.

Key Differences from Standard Practice

Client location must be documented every session. The client's physical location at the time of service determines jurisdictional authority, licensing compliance, and emergency response procedures. Unlike in-person practice where the client is always at your office, telehealth clients may be in different locations each session.

Technology platform documentation is required. You must document that you are using a HIPAA-compliant platform and identify the platform by name. Using non-compliant platforms (standard Zoom, FaceTime, or other consumer-grade video tools without a BAA) creates a HIPAA violation.

Informed consent has additional requirements. Telehealth consent must address technology-specific risks, limitations of telehealth, emergency procedures when the client is remote, and data privacy considerations that do not apply to in-person care.

Emergency planning requires location-specific protocols. In an in-person session, you can call 911 and know where to direct responders. In telehealth, you must have a plan for reaching emergency services in the client's location, which may be in a different city, county, or state than your office.

Billing requires telehealth-specific modifiers and place-of-service codes. Incorrect modifiers or place-of-service codes result in claim denials or audit recoupments. The modifier and POS code requirements differ by payer and by whether the session was audio-video or audio-only.

Cross-state practice creates licensing complexity. Most states require you to be licensed in the state where the client is physically located during the session. If a client crosses state lines between sessions, the documentation must reflect the change.

Required Documentation

Telehealth-Specific Consent Documentation

• Informed consent for telehealth services, signed and dated
• Technology platform identified
• Risks and limitations of telehealth explained
• Emergency procedures for remote sessions discussed
• Client's right to request in-person services acknowledged
• Privacy and data security measures explained
• Consent for audio-only sessions if applicable (separate from video consent in many states)

Each Session Must Document

• Modality: synchronous video, audio-only, or asynchronous (specify which)
• Platform used (e.g., "Doxy.me," "SimplePractice Telehealth," "Zoom for Healthcare")
• Client's physical location: city and state
• Clinician's physical location: city and state
• Verification that the client is in a private, confidential setting
• Client identity verified (for new clients or when clinically indicated)
• Start and stop times
• Any technology disruptions and their impact on the session
• Billing modifier applied (95, GT, 93, or FQ as applicable)
• Place of Service code used (02, 10, or as required by payer)

Emergency Safety Protocol Documentation

• Client's current physical address at the start of each session
• Local emergency contact (someone who can physically reach the client)
• Local emergency services number and address for client's location
• Crisis plan specific to remote service delivery
• Back-up communication method if technology fails during a crisis

Best Practices

Verify client location at every session. Do not assume the client is in the same location as last time. A brief check-in at the start of each session serves both clinical and legal purposes. Many clinicians incorporate this into their opening: "Before we begin, can you confirm where you are located today?"

Maintain a telehealth-specific emergency protocol for each client. This protocol should include the client's typical location, local emergency services contact information, a local emergency contact who can physically reach the client, and a plan for what to do if the session is disconnected during a crisis.

Document your clinical assessment of telehealth appropriateness. Not every client or every clinical situation is appropriate for telehealth. When you determine that a client needs in-person services (acute crisis, safety concerns, diagnostic uncertainty requiring in-person observation), document the rationale and the plan for transitioning to in-person care.

Use secure messaging for between-session communication. If you communicate with clients via text or messaging between sessions, use your EHR's secure messaging feature or another HIPAA-compliant platform. Document significant clinical communications in the record.

Stay current on state-specific telehealth regulations. Telehealth laws change frequently. Monitor your state licensing board's updates, review payer bulletins about telehealth coverage changes, and verify interstate compact participation if you see clients in multiple states.

Document audio-only sessions with extra detail. Audio-only sessions limit your observational data. Compensate by documenting the reason audio-only was used (client preference, technology limitation, clinical appropriateness), noting that visual observations were not possible, and relying more heavily on verbal reports and self-assessment tools.

Common Mistakes

Failing to document the platform used. Simply writing "telehealth session" is insufficient. The specific platform must be documented to demonstrate HIPAA compliance.

Not verifying or documenting client location. Providing services to a client in a state where you are not licensed is a practice-act violation. The record must show that you verified the client's location and confirmed it was within your scope of licensure.

Using incorrect billing modifiers. Modifier requirements vary by payer and change frequently. Using the wrong modifier results in claim denials, and using modifiers incorrectly can constitute billing fraud. Verify current requirements with each payer.

Neglecting to obtain telehealth-specific consent. General informed consent for treatment does not cover the unique risks and considerations of telehealth. A separate telehealth consent is required by most states and payers.

Not documenting technology disruptions. If a session is interrupted by technology failure, the record must reflect what happened, how it was addressed, and whether the billed session time accurately reflects the clinical time provided.

Assuming in-person documentation practices translate directly to telehealth. Observations like "client's gait was normal" or "no tremor observed" cannot be documented in a video session that shows only the client's face and shoulders. Document only what you can actually observe via the technology used.

Failing to plan for emergencies specific to remote clients. A safety plan that relies on "go to the nearest emergency room" is insufficient when you do not know where the client is. Telehealth safety plans must include location-specific resources and contacts.