Here’s a concise, practical guide to telehealth compliance in Australia (key obligations, recent changes you must know, and a short checklist for providers and practices). I’ve cited official sources for the most important points.

Summary — top obligations and recent policy points

• Medicare / MBS eligibility and item rules: Many telehealth services are MBS-rebated but subject to eligibility rules such as an established clinical relationship and MyMedicare registration changes that took effect or were announced in 2024–2025. The MBS also continues to evolve (item changes announced 1 March 2025 and 1 July 2025). Check MBS Online / Services Australia for the specific item numbers you use. (servicesaustralia.gov.au)
• Professional regulation and safe practice: AHPRA / the National Boards require practitioners to ensure telehealth is clinically appropriate, to maintain professional standards (assessment, prescribing, supervision), and to obtain informed consent for telehealth. Regulators have warned about unsafe practices (e.g., prescribing without adequate assessment, inappropriate use of AI). Follow relevant Board guidance and your profession’s college guidance (RACGP, allied health colleges). (theguardian.com)
• Privacy and health information: The Privacy Act 1988 and the Australian Privacy Principles (APPs) apply to handling health information via telehealth. The Office of the Australian Information Commissioner (OAIC) published an updated Guide to Health Privacy (May 2025) with specific obligations on collection, use/disclosure, security, cross-border transfers, and breach notification—apply these to telehealth platforms and workflows. (oaic.gov.au)
• Documentation and records: Telehealth consultations must be documented to the same standard as in-person care (clinical notes, consent, tech failures, referral/follow-up plan). This is required by professional regulators and for Medicare compliance. (health.gov.au)
• Security, platforms and cybersecurity: Use secure, appropriately configured platforms that protect confidentiality (encryption, access controls). Consider device policies, staff access controls and record-retention policies to meet APP security obligations. The OAIC guide covers practical steps for health service providers. (oaic.gov.au)

More detail (what to do and why)

1. Medicare / MBS compliance

• Verify patient eligibility for the specific MBS telehealth item (established clinical relationship rules and MyMedicare registration changes apply to many items). Keep evidence of eligibility in the record. Services Australia and MBS Online list current items and any temporary/ongoing exceptions. (servicesaustralia.gov.au)

2. Clinical standards, prescribing and use of technology

• Only deliver telehealth where clinically appropriate. Ensure you can do an adequate assessment remotely; if not, arrange face-to-face. Be cautious with new patients and when prescribing (many regulators require real-time contact and adequate assessment before prescribing controlled medicines). Regulators have raised concerns about automated/AI-only prescribing workflows. Follow your profession’s Board and college guidance. (theguardian.com)

3. Consent and patient information

• Obtain and document informed consent for a telehealth consultation (explain limitations, privacy risks, how recordings will be handled, contingency plans if the connection fails, and alternative options). Note any language or disability support required. The consent process should be explicit and recorded in the clinical notes. (oaic.gov.au)

4. Privacy, data handling and cross‑border issues

• Comply with the APPs: notify patients about collection/use/disclosure, only collect what’s necessary, secure health information, limit use/disclosure, allow access and correction, and report eligible data breaches to OAIC. If using cloud services or vendors that store data offshore, assess cross-border transfer risks and document safeguards. Use the OAIC Guide to Health Privacy for practical steps. (oaic.gov.au)

5. Records, documentation and billing

• Keep the same standard of records as for in-person services: clinical notes, consent, mode of telehealth (video/phone), start/stop times, who was present, technical issues, clinical reasoning and follow-up. Ensure MBS claims are supported by documented eligibility and service provision. (health.gov.au)

6. Platform selection and cybersecurity

• Choose platforms that provide appropriate security (end-to-end encryption where available, role-based access, secure storage). Put policies for device security, staff access, password management and incident response in place. Document vendor due diligence (security controls, data location, BAAs/contracts). OAIC guidance includes practical controls for health providers. (oaic.gov.au)

7. Advertising, third‑party vendors and delegated services

• Comply with health advertising laws and AHPRA rules when offering telehealth services or using third-party platforms. If using third parties for e-prescribing, remote triage or AI, ensure they meet clinical governance, privacy and safety requirements; maintain oversight and clear allocation of responsibilities. (theguardian.com)

Practical compliance checklist (for clinicians and practices)

• Confirm which MBS telehealth items you will use and the patient eligibility rules; document eligibility before billing. (servicesaustralia.gov.au)
• Check AHPRA / National Board guidance and your professional college guidance for telehealth and prescribing rules; implement CPD and supervision as required. (theguardian.com)
• Use a secure telehealth platform; document vendor security, data storage location and contract terms. (oaic.gov.au)
• Obtain and record informed consent specifically for telehealth. (oaic.gov.au)
• Keep full clinical records (including tech interruptions) and audit trails for telehealth sessions. (health.gov.au)
• Apply the OAIC Guide to Health Privacy: privacy policy, breach response plan, staff training, access/correction processes. (oaic.gov.au)
• If prescribing remotely: ensure adequate assessment, document rationale, check PBS / controlled medicines rules and your Board’s expectations. Be cautious with automated prescribing/AI-only models. (theguardian.com)
• Train staff on telehealth workflows, privacy, billing rules and incident reporting. Keep logs for audits. (oaic.gov.au)

Where to go for authoritative, up‑to‑date details

• Services Australia / MBS Online — for item numbers, eligibility and recent MBS changes (watch 1 March 2025 and 1 July 2025 updates). (servicesaustralia.gov.au)
• Department of Health — national telehealth policy and consumer advice. (health.gov.au)
• AHPRA / National Boards and your professional registration Board — guidance on professional standards, prescribing and scope of practice. (Check your Board’s telehealth and prescribing guidance pages.) (theguardian.com)
• OAIC — Guide to Health Privacy (May 2025 update) for privacy and APP obligations in health. (oaic.gov.au)
• Professional colleges (RACGP, allied health colleges) for operational guidance and templates. (www1.racgp.org.au)

If you want, I can:

• produce a short telehealth policies template (consent script, privacy notice, recordkeeping template and incident response flow), or
• check a specific telehealth platform/vendor contract for the key privacy and security clauses to look for.

Which would you prefer?