Telehealth Insurance for PAs: Coverage for Your Virtual Practice

Telehealth transformed from a niche convenience into a clinical necessity during the COVID-19 pandemic — and it has not gone back. For physician assistants, virtual care now represents a significant and growing percentage of clinical encounters. PAs work in telehealth across primary care, urgent care, behavioral health, dermatology, chronic disease management, and dozens of other specialties. Some PAs practice exclusively through telehealth platforms. Others incorporate virtual visits into a primarily in-person practice.

The scale of this shift is difficult to overstate. Before 2020, telehealth accounted for a small fraction of outpatient visits nationwide. By mid-2020, it represented the majority. While utilization has normalized since the peak of the pandemic, telehealth volumes remain many times higher than pre-pandemic levels — and the trajectory is clearly upward. For PAs, who are disproportionately represented in primary care and urgent care settings where telehealth adoption is highest, virtual care is now a core part of the job.

But the regulatory and insurance frameworks governing telehealth have not kept pace with clinical adoption. PAs face a unique set of challenges in virtual care that other providers do not:

• Supervision requirements vary by state for telehealth — and many states have not updated their PA practice acts to address whether the supervising physician must be available in real time during virtual visits, or whether asynchronous review is sufficient.
• Prescriptive authority via telehealth is state-specific — some states restrict what PAs can prescribe through virtual encounters, particularly controlled substances.
• Cross-state practice is common but legally complex — a PA licensed in Pennsylvania treating a patient in New Jersey via telehealth is practicing medicine in New Jersey, with all the licensing, supervision, and liability implications that entails.
• Technology introduces new categories of risk — platform failures, data breaches, inadequate documentation of virtual exams, and HIPAA violations create liability exposures that did not exist in brick-and-mortar practice.

Most PA malpractice policies were written — or at least structured — before telehealth became a routine mode of care delivery. The policy language reflects an in-person practice model: covered activities occur at specified clinical locations, during defined practice hours, within a single state’s jurisdiction. Telehealth disrupts every one of these assumptions.

Here are the specific ways standard policies fall short:

Virtual Care May Not Be Explicitly Included

Some policies define “professional services” as care provided in person at a medical facility. Telehealth visits conducted from your home, a private office, or a remote location may not fall within this definition. Even policies that have been nominally updated may treat telehealth as a separate category of risk requiring an endorsement or rider — and if you have not requested and paid for that endorsement, you have no coverage for virtual visits.

Cross-State Claims Fall Outside Your Coverage Territory

Standard malpractice policies typically specify a coverage territory — usually the state or states where you are licensed and practice. When you see a patient via telehealth, the encounter legally occurs in the state where the patient is physically located. If that state is not listed on your policy, a claim arising from that encounter may be denied. This is not a technicality insurers overlook when a claim comes in. It is a standard coverage exclusion that is rigorously enforced.

Supervisory Agreements May Not Cover Telehealth

Your supervisory or collaborative practice agreement defines the scope and conditions under which you practice medicine. Many supervisory agreements were drafted before telehealth became common and do not address virtual care at all. If your agreement does not authorize telehealth practice, and you provide telehealth services, you may be practicing outside the scope of your agreement. Claims arising from out-of-scope practice are routinely excluded from malpractice coverage — both employer-provided and individual policies.

The rules governing controlled substance prescribing via telehealth are in flux. During the pandemic, the DEA temporarily waived the requirement for an in-person evaluation before prescribing Schedule II-V controlled substances via telehealth. Those flexibilities have been evolving as federal rulemaking continues. PAs who prescribe controlled substances via telehealth face a regulatory environment where the rules may change with limited notice, and a prescribing practice that was compliant last month may not be compliant today. Standard malpractice policies were not designed to address this level of regulatory complexity.

This is one of the most consequential issues for PAs in telehealth — and one of the least understood. Physicians have the Interstate Medical Licensure Compact (IMLC), which provides an expedited pathway to licensure in multiple states. Nurses have the Nurse Licensure Compact (NLC), which allows a single license to be recognized across approximately 40 participating states. PAs have neither.

There is no PA interstate licensure compact in effect. The Physician Assistant Licensure Compact has been introduced legislatively, but adoption has been slow and incomplete. As of early 2026, PAs who wish to practice across state lines — including via telehealth — must obtain and maintain a separate license in every state where their patients are physically located.

The practical implications for telehealth are significant:

• License in the patient’s state — when you provide a telehealth visit to a patient located in another state, you are practicing medicine in that state. You must hold an active, unrestricted license there. Practicing without a license — even inadvertently because a patient crossed state lines since their last visit — is a criminal offense in most jurisdictions, not merely a regulatory violation.
• Each state has different supervision rules — it is not enough to hold licenses in multiple states. You must comply with each state’s PA practice act, including its supervision requirements. A PA licensed in a state that permits independent telehealth practice may also be licensed in a state that requires a supervising physician to be available in real time during telehealth encounters. You must comply with the stricter requirement for patients in that state.
• Insurance must cover all practice states — your malpractice policy must explicitly cover claims arising in every state where you hold a license and see patients. A policy that covers only your “home” state leaves you uninsured for telehealth encounters with patients in other states. Multi-state coverage is available, but you must request it and verify that every state is included.
• License maintenance is costly and time-consuming — each state license requires its own application, fees, continuing education compliance, and renewal timeline. The administrative burden is substantial and creates ongoing compliance risk: if a license lapses in one state while you continue to see patients there via telehealth, you are practicing without a license.

Prescribing controlled substances via telehealth is one of the highest-liability activities a PA can engage in. The regulatory framework involves overlapping federal and state rules that are actively evolving, and the consequences of non-compliance range from malpractice claims to DEA enforcement actions to criminal prosecution.

PAs Need Their Own DEA Registration

Unlike some states where PAs historically prescribed under their supervising physician’s DEA number, the federal standard requires that PAs who prescribe controlled substances obtain their own DEA registration. This registration is tied to a specific state and address. If you practice telehealth across multiple states, you may need DEA registrations in each state where you prescribe controlled substances — a requirement that many PAs in telehealth overlook.

Evolving Federal Rules

The DEA’s approach to telehealth prescribing has been in flux since the pandemic. During the COVID-19 public health emergency, the DEA waived the Ryan Haight Act’s requirement for an in-person evaluation before prescribing controlled substances via telehealth. As the emergency declarations ended, the DEA engaged in rulemaking to establish permanent telehealth prescribing rules. These proposed rules have been subject to multiple extensions, revisions, and public comment periods.

The practical reality for PAs is that the rules governing when and how you can prescribe controlled substances via telehealth may change with relatively short notice. What was permissible under emergency flexibilities may not be permissible under permanent regulations. PAs who built telehealth prescribing practices during the pandemic must stay current with federal rulemaking — and must be prepared to modify their practices when rules change.

Cross-State Prescribing Complexity

When a PA prescribes a controlled substance via telehealth to a patient in another state, compliance requires satisfying multiple overlapping legal frameworks simultaneously:

1. Federal DEA regulations — including the Ryan Haight Act requirements and any telehealth-specific prescribing rules currently in effect
2. The prescriber’s state PA practice act — including any limitations on the PA’s prescriptive authority and supervision requirements for controlled substance prescribing
3. The patient’s state PA practice act — which may impose additional restrictions on telehealth prescribing by PAs practicing into that state
4. The patient’s state pharmacy laws — which govern whether and how the prescription can be filled by a pharmacy in that jurisdiction
5. The supervisory agreement — which must authorize both telehealth practice and the specific controlled substance categories being prescribed

Failure to comply with any one of these layers creates liability exposure. And standard malpractice policies are not designed to defend claims arising from regulatory non-compliance with controlled substance prescribing laws.

The PA supervisory model was designed for in-person practice. Applying it to telehealth creates ambiguities and compliance challenges that many states have not fully resolved — and the variation across states is enormous.

State-by-State Variation

States take dramatically different approaches to PA supervision during telehealth encounters:

• Some states require real-time physician availability — the supervising physician must be immediately available by phone, video, or in person during the PA’s telehealth encounters, just as they would be during in-person visits. “Immediately available” may mean the physician must be able to join the encounter or respond to a consultation request within minutes, not hours. This can be logistically challenging when the PA is conducting telehealth visits from home or outside the physician’s practice location.
• Some states accept asynchronous review — the supervising physician reviews telehealth encounter documentation after the fact, on the same schedule as in-person chart reviews (e.g., 10% of charts within 30 days). This is more practical for high-volume telehealth practice but provides less real-time clinical oversight.
• Some states have not addressed telehealth specifically — their PA practice acts reference supervision requirements in general terms without specifying how those requirements apply to virtual care. This ambiguity creates risk: if a board complaint arises from a telehealth encounter, the board’s interpretation of the supervision requirement may differ from yours and your supervising physician’s.
• OTP states may impose fewer telehealth supervision requirements — states that have adopted Optimal Team Practice frameworks have generally reduced or eliminated mandatory supervision requirements, which simplifies telehealth practice. However, even in OTP states, the PA bears greater individual liability for clinical decisions made during virtual encounters.

The Supervisory Agreement Must Address Telehealth

Regardless of what state law requires at minimum, your supervisory or collaborative practice agreement should explicitly address telehealth. If the agreement is silent on virtual care, you are operating in a gray area that becomes a liability problem when something goes wrong. Your agreement should specify:

• Whether telehealth is an authorized mode of clinical practice under the agreement
• The supervision standard for telehealth encounters (real-time availability vs. asynchronous review)
• How the PA contacts the supervising physician during a telehealth visit if consultation is needed
• Which states the PA is authorized to see patients in via telehealth
• Any limitations on the types of conditions or treatments that can be managed via telehealth
• The chart review schedule for telehealth encounters specifically
• Prescriptive authority for telehealth visits, including controlled substance limitations

Practical Step: If your current supervisory agreement does not mention telehealth, request an amendment. This is not an adversarial conversation — it is a professional necessity that protects both you and your supervising physician. A well-drafted telehealth addendum clarifies expectations, establishes compliance with state law, and provides a documented basis for insurance coverage of your virtual care activities.

Multi-State Supervision Challenges

If you see telehealth patients in multiple states, you may need to comply with different supervision standards for patients in different states — during the same clinical day. A patient in a state requiring real-time physician availability needs a different supervision protocol than a patient in a state accepting asynchronous review. Managing these requirements in real time is operationally complex, and failures are difficult to detect until a complaint is filed.

Some PAs address this by defaulting to the strictest supervision standard across all their practice states — ensuring real-time physician availability for all telehealth encounters regardless of the individual state’s minimum requirement. This approach is legally conservative and administratively simpler, but it requires a supervising physician who is available and willing to provide that level of access.

A malpractice policy that adequately covers PA telehealth practice must go beyond traditional coverage. Here is what to look for — and what to demand from your carrier:

Interstate Practice Coverage

Your policy must cover professional liability claims arising in every state where you hold a license and see telehealth patients. This is not a default inclusion in most policies. You need to verify that:

• Every state where you are licensed is listed in the coverage territory
• The policy does not restrict coverage to in-person encounters at specified physical locations
• The policy covers claims filed in any state’s court system, not just your home state
• Adding new states mid-policy is permitted without waiting for renewal

Technology and Platform Claims

Telehealth introduces technology-specific liability that traditional malpractice policies were not designed to address:

• Platform failure claims — a video connection drops during a critical encounter, or audio quality degrades during a medication counseling session, leading to misunderstanding and harm. The patient alleges that the technology failure contributed to the adverse outcome.
• Inadequate virtual examination claims — a patient alleges that the inherent limitations of telehealth (inability to perform hands-on physical exam, limited visual assessment, no ability to auscultate or palpate) led to a missed diagnosis that would have been caught in person.
• Documentation gaps — telehealth encounters may lack the documentation detail of in-person visits if the PA does not actively compensate for the virtual medium, creating defense challenges when claims arise months or years later.

HIPAA and Privacy Coverage

Telehealth creates elevated privacy risk. Patient data traverses digital networks, is stored on third-party platforms, and may be accessible on personal devices. HIPAA violations in telehealth settings — whether from platform security failures, unsecured Wi-Fi connections, or inadvertent disclosure when a family member walks into the room during a visit — create liability exposure. Your policy should include coverage for:

• Defense costs for HIPAA violation investigations and proceedings
• Privacy breach notification costs (which can be substantial when many patients are affected)
• Regulatory fines and penalties to the extent they are insurable in your jurisdiction

Board Defense for Telehealth-Related Complaints

State PA boards can and do receive complaints related to telehealth practice. Common telehealth-specific board complaints include allegations of inadequate supervision during virtual visits, practicing across state lines without a valid license in the patient’s state, prescribing without an appropriate telehealth evaluation, and failing to comply with telehealth-specific documentation requirements. Your policy must include board complaint defense that explicitly covers telehealth-related investigations — not just traditional in-person malpractice allegations.

Cyber Liability

If you use personal devices, home internet connections, or third-party platforms for telehealth, you have cyber liability exposure. A data breach involving patient information from your telehealth practice creates notification obligations, potential regulatory fines, and litigation risk. Some malpractice policies include basic cyber liability coverage; others require a separate cyber liability endorsement or a standalone policy. Verify your coverage before you need it — not after an incident occurs.