Telehealth Compliance

If you use Apothecare to support telehealth encounters — for example, to document visits conducted via a separate video platform, or to generate clinical notes after a remote consultation — you remain solely and fully responsible for:

• Holding an active, valid license in every jurisdiction where you provide care to patients
• Complying with all applicable state and federal telehealth laws and regulations
• Obtaining and documenting informed consent for telehealth services in accordance with applicable law
• Using a separate HIPAA-compliant platform for any real-time video or audio communication with patients
• Maintaining your own policies and procedures for telehealth services
• Satisfying all applicable prescribing restrictions applicable to telehealth encounters
• Complying with any applicable requirements for establishing a valid patient-provider relationship before prescribing via telehealth

Apothecare makes no representations about the legality or appropriateness of any particular telehealth practice or encounter. Nothing in Apothecare's outputs, documentation, or marketing materials constitutes legal, regulatory, or compliance advice.

Telehealth practice is governed primarily by state law. Requirements vary significantly across jurisdictions, including:

• State-specific licensing requirements — most states require practitioners to hold an active license in the state where the patient is physically located at the time of the encounter
• Interstate compacts — certain professions (physicians, nurses, physical therapists, and others) participate in licensure compacts that may streamline multi-state practice
• Prescribing restrictions — some states impose additional requirements on prescribing medications via telehealth, including controlled substances
• Consent requirements — many states mandate specific informed consent disclosures for telehealth services
• Corporate practice of medicine — some states restrict the employment of physicians by non-physician entities and may affect telehealth business models

Apothecare strongly encourages you to consult qualified legal counsel and review applicable state law before providing telehealth services across state lines or in any jurisdiction where you are uncertain of your obligations.

Many states and professional boards require practitioners to obtain written or verbal informed consent before conducting telehealth encounters. A compliant informed consent process typically should address:

• The nature of the telehealth encounter and how it differs from an in-person visit
• Limitations of telehealth services, including inability to perform a physical examination
• How the patient's health information will be transmitted and stored
• The right to discontinue telehealth services and seek in-person care
• Privacy and security of the communication platform
• Risks associated with receiving care remotely
• How to contact emergency services if needed

Apothecare does not generate or store patient-facing informed consent documents. You are responsible for obtaining and retaining consent in accordance with your jurisdiction's requirements.

The U.S. Department of Health and Human Services has issued guidance on HIPAA compliance in the context of telehealth. Key points include:

• Video platforms used for telehealth encounters must be HIPAA-compliant if the practitioner is a HIPAA-covered entity — this requires a Business Associate Agreement with the platform vendor
• Consumer-grade video tools (e.g., FaceTime, standard Zoom, Google Meet) may not be HIPAA-compliant without appropriate agreements in place
• Practitioners should implement reasonable safeguards to prevent unauthorized access to telehealth communications
• Telehealth encounters generate medical records that must be retained in accordance with applicable state and federal law

Apothecare is a practitioner-side documentation tool and does not participate in real-time patient-provider communication. When you use Apothecare to document telehealth encounters, the same HIPAA obligations applicable to in-person visit documentation apply. Please refer to our Security & Compliance page for details on how Apothecare handles clinical data.

Federal law — specifically the Ryan Haight Online Pharmacy Consumer Protection Act — generally requires an in-person medical evaluation before a practitioner may prescribe controlled substances via the internet, including via telehealth. This requirement has been subject to temporary waivers during public health emergencies, but those waivers are time-limited and subject to change.

Apothecare does not generate prescriptions, prescription recommendations, or controlled substance orders. Any prescribing decisions remain entirely with the licensed practitioner. You are solely responsible for complying with the Ryan Haight Act, the Controlled Substances Act, applicable DEA regulations, and any relevant state controlled substance laws.

Apothecare does not provide telehealth video, audio, or real-time messaging services. If you use Apothecare alongside a telehealth platform, ensure that:

• Your video or communication platform is appropriate for HIPAA-covered use and that you have a Business Associate Agreement in place where required
• Patient data entered into Apothecare during or after telehealth encounters is subject to the same access controls and security practices as in-person patient data
• You do not share Apothecare-generated clinical notes or summaries through non-secure channels
• You maintain appropriate records of telehealth encounters in compliance with applicable state record-keeping requirements