Telehealth Laws by State: The Compliance Guide Every Founder Needs

The Telehealth Legal Landscape in 2025: What Every Founder Needs to Know Before Launch

Here's a number that stops cold anyone thinking about launching a telehealth brand: 47 states have enacted new telehealth legislation since 2020, and the rules change so fast that a compliance strategy that worked last month might be obsolete today.

I talked to three healthcare attorneys last quarter. Every single one told me the same thing: the founders who succeed in telehealth aren't the ones with the best technology or the most funding. They're the ones who understand the regulatory terrain — and respect it.

This isn't about scare tactics. It's about money. The average telehealth brand that gets hit with a compliance warning spends $15,000-$40,000 in legal fees to clean up the mess. Some get fined. A few lose their ability to prescribe entirely. That's a business killer.

So let's talk about what you actually need to know. No legalese. No dense regulatory text. Just the strategic stuff that affects your bottom line.

The State-by-State Reality: Why This Matters More Than You Think

Here's what surprises most first-time telehealth founders: there's no such thing as "federal telehealth rules." The regulations that matter most — prescribing authority, licensure requirements, informed consent, prescribing boundaries — are all state-level.

This creates a genuinely complex business challenge. If you're based in California but your patient is in Texas, which state's rules apply?

The short answer: both.

Your provider needs to be licensed in the state where the patient physically resides at the time of the consultation. Not where your company is headquartered. Not where your server is located. Where the patient is sitting when they log on.

This seems obvious when you say it out loud, but it's where most telehealth brands get into trouble. They set up shop in one state, hire providers licensed there, and then wonder why they're getting cease-and-desist letters from medical boards in other states.

The math is brutal: 50 states means 50 different rulebooks. Some states are extremely permissive. Others have tight restrictions on what conditions can be treated via telehealth, what medications can be prescribed, and how the initial consultation must be conducted.

States Leading the Pack

The most telehealth-friendly states — the ones where you can build with the fewest friction points — include:

• Florida: Very permissive, especially after COVID-era permanent changes. Online prescribing for routine conditions is straightforward.
• Texas: Post-2023, Texas significantly expanded telehealth access. Good for weight management, men's health, and dermatology.
• California: Patient-friendly but with strong informed consent requirements. You need robust documentation.
• Arizona: One of the earliest adopters of telehealth-friendly regulations. Good for establishing provider networks.

States That Require Extra Caution

States with tighter restrictions where you'll need more careful compliance:

• Idaho: Has specific limitations on telehealth prescribing. Not impossible, but you need to know the boundaries.
• Georgia: Recent legislation added new requirements for provider-patient relationships.
• Alabama: More restrictive on prescribing, particularly for controlled substances.
• Nebraska: Requires in-person visits for certain conditions before telehealth can be used.

The point isn't to avoid restrictive states. The point is to build your compliance infrastructure around the strictest rules and then expand from there. That's how the big players do it.

Licensure: The Non-Negotiable Foundation

Let's get the most obvious one out of the way: your providers must be licensed in the state where each patient resides.

This seems straightforward, but it creates real operational complexity. If you want to serve patients in 30 states, you need providers (or provider relationships) licensed in all 30 states.

The numbers tell the story:

• The average multi-state telehealth brand works with 15-25 providers across 8-12 states in their first year
• Provider licensing costs $500-$2,000 per state, depending on the profession and state fees
• Some brands build their entire compliance strategy around the Interstate Medical Licensure Compact (IMLC), which speeds up licensing but doesn't eliminate it

Here's what nobody talks about enough: the licensure game is a competitive advantage. Brands that can efficiently get providers licensed across more states can serve more patients faster. This is why Rimo Health pre-integrates with provider networks covering all 50 states — because that licensing infrastructure is genuinely hard to build from scratch.

What About the DEA Registration?

If you're prescribing any controlled substances — and many of the most profitable telehealth niches involve them — you need to think about DEA registration alongside state licensure.

The Ryan Haight Act historically required an in-person visit before prescribing controlled substances. COVID-era waivers changed this temporarily, and some of those flexibilities became permanent. But the rules are condition-specific and state-specific.

For example:

• Buprenorphine (for opioid use disorder): Permanent telemedicine prescribing flexibility exists, but specific requirements apply
• Testosterone: Generally NOT permitted via telehealth in most states due to DEA concerns about abuse potential
• ADHD stimulants: Extremely restricted. Most states require in-person evaluation.

If your business model involves any controlled substances, you need a compliance attorney review before you launch. This isn't the place to cut corners.

Prescribing Boundaries: What You Can and Can't Do

This is where most telehealth founders make their biggest mistakes. They assume that because a medication is legal, they can prescribe it via telehealth.

Wrong.

Every state has its own rules about what can be prescribed via telemedicine, in what quantities, and under what circumstances. Here's the breakdown:

The Standard of Care Rule (What Applies Everywhere)

Every state requires that the standard of care for a telehealth visit be equivalent to an in-person visit. This sounds vague, but it has concrete implications:

• You need adequate patient information to make a clinical decision
• You need to establish a proper provider-patient relationship
• You need appropriate documentation

The tricky part: "adequate information" and "proper relationship" mean different things in different states.

Medication-Specific Restrictions

Here's a practical breakdown of common telehealth medication categories:

The testosterone point is crucial. I've seen multiple telehealth founders build entire men's health brands around testosterone therapy, only to discover that most state medical boards consider it a controlled substance with telehealth restrictions that make the business model nearly impossible.

The profitable, compliant path is usually men's health without testosterone — focusing on ED medications, hair loss, and preventive health instead.

Informed Consent: The Document That Saves Your Business

If there's one compliance document you cannot afford to get wrong, it's informed consent for telehealth.

In most states, informed consent for telehealth must:

• Explicitly state that the patient is receiving care via telehealth
• Describe the limitations of telehealth compared to in-person care
• Explain how telehealth visits are documented
• Detail the patient's right to refuse telehealth and request in-person care
• Be obtained before the initial consultation

The business reality: States that require robust telehealth-specific informed consent (California, Texas, New York) are also some of the largest markets. If you can't comply with their consent requirements, you're locking yourself out of massive patient populations.

Good informed consent documents aren't just legal protection — they're a competitive advantage. Patients in states with strong consumer protections are more likely to trust brands that clearly explain how telehealth works.

The Compliance Strategy That Actually Works

After talking to dozens of successful telehealth founders, here's what the winning approach looks like:

1. Build for the strictest state first.

Don't start in your home state because it's easy. Start in a state with robust regulations — California or New York, for example — and build your compliance infrastructure to meet their standards. Everything else becomes easier from there.

2. Use pre-vetted provider networks.

Building your own provider network and handling licensure state-by-state is a massive operational burden. Most successful brands use established provider networks that already have multistate coverage. This is one of the key value propositions of platforms like Rimo Health — the provider relationships are already built.

3. Document everything.

Every patient interaction, every prescribing decision, every informed consent — document it like your business depends on it. Because it does. When (not if) you get audited, documentation is your only defense.

4. Budget for legal from day one.

Even with the best compliance infrastructure, you need a healthcare attorney in your corner. Budget $2,000-$5,000 for an initial compliance review before you launch. It's cheaper than the alternative.

5. Stay current.

This is the hardest part. Regulations change constantly. The telehealth legislation that passed in your state last month might change how you operate next quarter. Subscribe to your state medical board's updates. Join telehealth founder communities where people share regulatory changes. Make compliance an ongoing priority, not a one-time checkbox.

The Bottom Line

Here's the honest truth: the regulatory complexity of telehealth is a feature, not a bug.

Yes, it adds friction. Yes, it requires upfront investment. Yes, it means you can't just launch and figure things out as you go.

But that complexity is also what keeps out opportunistic founders who aren't serious. It's what makes compliance a competitive advantage for those who do it right. And it's what creates the foundation for a business that can scale without constant legal risk.

The founders who treat telehealth regulations as an afterthought are the ones who burn through their runway on legal fees or — worse — get shut down entirely.

The ones who build compliance into their business model from day one? They're the ones building the brands that will dominate this industry for the next decade.

The move now: If you're serious about launching a telehealth brand, get a compliance strategy in place before you spend a dollar on marketing. It's the best investment you'll make.