Visit app.televerify.org and click "Sign Up." You'll provide your National Provider Identifier (NPI), email, and a password. Your credentials are automatically pulled from the NPPES registry — no manual verification needed. Once verified, you're ready to run compliance checks immediately.

You'll need:

• Your NPI: Your unique National Provider Identifier (10 digits)
• Email address: For account login and password recovery
• Password: A secure password for your account

That's all. TeleVerify automatically retrieves your name, specialty, and initial credential information from CMS's NPPES registry. You can update your licensed states after login.

When you provide your NPI, TeleVerify queries the CMS NPPES registry (the official National Plan & Provider Enumeration System) to verify that the NPI is valid and active. This pulls your official name, specialty code, and credential status. The verification happens in the background — you don't need to upload anything.

This means your account is always using authoritative credential data from the government database, not self-reported information.

After signing up, go to your account Settings (click your name or avatar in the top right). Select "Licensed States" and check the boxes for every state where you hold an active, unrestricted license. You can also configure interstate compact memberships here if you belong to IMLC, PSYPACT, NLC, PT Compact, ASWB Mobility Compact, or the Counseling Compact.

TeleVerify uses this information to determine whether compliance checks will return COMPLIANT or COMPLIANT_VIA_COMPACT.

From Settings, select "Zoom Integration" and click "Connect." You'll be redirected to Zoom's OAuth screen to authorize TeleVerify to access your Zoom meetings. Once authorized, the TeleVerify sidebar will appear automatically in your meetings. No additional setup needed.

Your Zoom OAuth tokens are encrypted and stored securely. You can disconnect at any time, and all Zoom data will be deleted immediately.

Absolutely. You can run compliance checks directly through the TeleVerify web app anytime — before a session, during it, or even in "Quick Check" mode without a live patient. Zoom integration is optional and only adds convenience if you use Zoom for telemedicine.

TeleVerify works with the following telehealth platforms:

• Zoom — via the TeleVerify Zoom App (runs inside the Zoom sidebar)
• Doxy.me — via the TeleVerify Chrome extension
• SimplePractice — via the TeleVerify Chrome extension
• TherapyNotes — via the TeleVerify Chrome extension
• Jane App — via the TeleVerify Chrome extension

The Chrome extension is a single install that covers Doxy.me, SimplePractice, TherapyNotes, and Jane App. It activates automatically when you open a video session on any of these platforms.

You can also use TeleVerify directly at televerify.org without any integration — just log in and start a session manually.

There are three ways to run a check:

1. In Zoom: When a meeting starts, the TeleVerify sidebar appears automatically. Enter the patient's state and click "Check." The result appears in under 2 seconds.
2. Web app (with patient): Go to your dashboard, click "Run Check," enter the patient's state (or let the patient verify their location), and you'll get an instant result.
3. Quick Check: Run a check without a live patient present — useful for pre-screening or planning. Go to Settings > "Quick Check Mode" to enable it.

Each check produces a signed compliance packet automatically logged to your audit trail.

If you enter the patient's state on their behalf, they don't need to do anything. However, TeleVerify can also send the patient a verification link (or code) so they can confirm their location themselves. This is useful for privacy — the patient confirms their own location without telling you where they are.

The patient clicks the link, verifies their location (via IP geolocation, GPS, or self-report), and you receive confirmation that the verification is complete. The check then proceeds automatically.

TeleVerify verifies patient location using one or more of these methods:

• IP Geolocation: The patient's IP address is looked up to approximate their state. This is the fastest method but least precise (could be off by miles in border areas).
• GPS: If available, the patient's device GPS provides precise coordinates, which are then reverse-geocoded to identify the state.
• Self-Report: The patient manually selects their state. This creates documentation that the patient claimed to be in that state.

TeleVerify uses whichever method is available and documents which was used in the compliance packet.

IP Geolocation: Fast, passive, but approximate. A patient's IP address resolves to a general location (usually accurate to a city or region). Border areas and VPNs can cause inaccuracy.

GPS: Precise, active (requires the patient's device GPS to be enabled), and creates a record of the patient's exact coordinates at time of check. If the patient has GPS enabled, TeleVerify will use it for higher confidence.

Most checks use IP geolocation first, then overlay GPS if available. The compliance packet documents which methods were used.

If a patient appears to be using a VPN, proxy, or other IP masking service, the compliance check will flag this as a "suspicious connection." This doesn't automatically fail the check, but it's noted in the result and the compliance packet so you're aware.

If you can't verify the patient's location reliably, you have the option to cancel the check and reschedule, or proceed with an emergency consultation or established patient override (if enabled).

COMPLIANT means you are licensed to practice in the state where the patient is located. The check verified:

• The patient's location (via IP, GPS, or self-report)
• Your active license in that state
• No OIG exclusion issues

You can proceed with the session with confidence. A signed compliance packet documenting this result is automatically added to your audit log.

COMPLIANT_VIA_COMPACT means you don't have a direct license in the patient's state, but you're covered by an interstate compact. The check verified:

• The patient's location
• You belong to the applicable compact (e.g., IMLC, PSYPACT, NLC)
• The patient's state participates in that compact
• No OIG exclusion issues

You can proceed. The compliance packet documents that you're practicing under compact authority, not a direct state license. This is fully legal and a common scenario.

NON_COMPLIANT means you are not authorized to practice in the patient's state. This could mean:

• You don't have a license in that state
• You're not covered by an applicable interstate compact
• Your license is inactive, expired, or restricted
• You're flagged on the OIG exclusion list

You cannot proceed with the session. You can reschedule, refer the patient, or document an exception (emergency consultation) if your state's regulations allow it.

You have several options:

• Reschedule: If the patient is in a state where you can't practice, offer to reschedule with a colleague who can, or refer them elsewhere.
• Verify the patient's location: If there's a border area or connectivity issue, ask the patient to confirm their state manually (they may be in a state where you are licensed).
• Use an override: If your account has emergency consultation or established patient overrides enabled, you can document the exception and proceed (see the "Overrides & Exceptions" section below).
• Contact support: If you believe the check is incorrect (e.g., you know your license is active), email support@televerify.org with your NPI and the patient's state.

Whatever you decide, TeleVerify documents it in your audit log. Having a documented NON_COMPLIANT check is far better than operating without any verification at all.

Quick Check lets you run a compliance check without a live patient session present — useful for pre-planning or testing. To enable it:

1. Go to Settings > "Quick Check"
2. Toggle it on
3. Return to your dashboard and click "Quick Check"
4. Enter a state and run the check

The check produces the same signed compliance packet and audit log entry as any other check. You might use this to verify you're licensed in a state before accepting a new patient, or to audit your own practice.

Yes, absolutely. You can run a compliance check at any time — hours before, minutes before, or during the session. There's no requirement to wait until the patient is on the call. Many providers run checks when they first schedule the patient, before the appointment.

Keep in mind that if a patient travels between states, a new check should be run when they connect — but you can pre-check using their expected location.

You configure your compact memberships in Settings > "Licensed States." For each compact you belong to (IMLC, PSYPACT, NLC, PT Compact, ASWB Mobility Compact, Counseling Compact), you check the box and select which states you've designated under that compact.

TeleVerify then uses this configuration to determine whether a patient in another state is covered by one of your compacts. If they are, the check returns COMPLIANT_VIA_COMPACT.

TeleVerify recognizes and screens the following interstate compacts:

• IMLC: Interstate Medical Licensure Compact (MDs, DOs)
• PSYPACT: Psychology Interjurisdictional Compact (Psychologists)
• NLC: Nurse Licensure Compact (RNs, LPNs)
• PT Compact: Physical Therapy Compact (PTs, PTAs)
• ASWB Mobility Compact: Social Work Mobility Compact (LCSWs, LMSWs)
• Counseling Compact: Licensed Professional Counselors and Licensed Marriage and Family Therapists

If your profession is covered by one of these compacts and you're a member, configure it in your Settings. TeleVerify will evaluate compact coverage automatically on every check.

It means you can legally treat this patient because:

• You don't have a direct license in the patient's state (or you do, but that's not why the check passed)
• You belong to an interstate compact (e.g., IMLC, PSYPACT, NLC)
• Both you and the patient's state participate in that compact
• You've met the compact's eligibility requirements (e.g., PSYPACT requires supervised hours)

Compact coverage is legally equivalent to a state license for the purposes of that encounter. Your signed compliance packet documents this. You can proceed and bill for the session normally.

First, verify that you've entered it correctly in Settings. Double-check that you selected the correct compact and the correct states.

If you know you're a member but it's still not showing, check:

• Your Compact Commission account (or the organization that manages your compact) — confirm your membership is active
• The specific states you designated under the compact (some compacts require state-by-state registration)

If there's a discrepancy, email support@televerify.org with your NPI and the compact name. We can help debug it.

No. Compact coverage is not a substitute for licensure — it's an alternative way to be authorized to practice in another state without getting a separate state license. You still need an active, unrestricted license in at least your home state, and you must meet the compact's eligibility requirements.

For example, under PSYPACT, you need a valid license in your home state plus supervised practice hours to be eligible for compact coverage in other states. TeleVerify checks all of this automatically.

If a state withdraws from a compact you rely on, you would no longer be authorized to practice in that state under that compact's authority. TeleVerify's data is updated regularly to reflect changes in compact membership.

If a check suddenly returns NON_COMPLIANT for a state where it previously returned COMPLIANT_VIA_COMPACT, it likely means that state left the compact. Contact the Compact Commission directly to confirm, and update your TeleVerify settings accordingly.

From your dashboard, click "Audit Log" (usually in a sidebar menu or under Settings). You'll see a chronological list of every compliance check you've run, with results, timestamps, and status. Each entry is clickable to view the full details and download the signed compliance packet.

Each audit log entry contains:

• Check timestamp (date and time)
• Patient state verified
• Compliance result (COMPLIANT, COMPLIANT_VIA_COMPACT, NON_COMPLIANT)
• Verification method used (IP geolocation, GPS, self-report)
• Any flags (VPN/proxy detection, OIG exclusion)
• License status in that state
• Applicable interstate compact (if applicable)
• Override used (if applicable)
• Ed25519 cryptographic signature and hash

This is complete documentation of the compliance check in a single record.

Audit log records are retained indefinitely for compliance purposes. Your provider account and all associated records persist until you manually delete your account. If you're audited by an insurer or regulator, you'll have the full history of your compliance checks available.

This is by design — your audit trail is your defense in a compliance dispute.

Each compliance packet is digitally signed using Ed25519 cryptography. This signature mathematically proves two things:

• The packet was created by TeleVerify (authentic)
• It hasn't been altered since creation (tamper-proof)

Anyone — an insurer, auditor, or regulator — can verify the signature independently using TeleVerify's public key, without needing access to TeleVerify's systems. This makes your compliance records third-party verifiable evidence, not just self-generated documentation.

Yes. From your Audit Log, there's an export button (usually in the top right). You can export to CSV or PDF format. The exported file includes all audit entries with full details and compliance packet links.

This is useful for your own records, annual reviews, or providing to auditors/insurers.

If an insurer audits a claim, they may ask for documentation that you verified the patient's location and your licensure status at the time of service. Here's how to respond:

1. Find the relevant check in your Audit Log by date
2. Download the signed compliance packet
3. Provide the packet to the insurer
4. The insurer can verify the signature independently using TeleVerify's public key

This third-party verification is far stronger documentation than a chart note saying "I asked the patient where they were." Insurers understand this distinction.

No. Individual packets are cryptographically signed — any alteration breaks the signature instantly. The audit log is also hash-chained: each record is mathematically linked to the previous one via SHA-256 hashing. Altering, removing, or reordering any record breaks the chain and is immediately detectable.

This makes your entire audit trail cryptographically immutable.

An emergency consultation override allows you to proceed with a session in a state where you're not licensed if you can document that the situation qualifies as an emergency. Examples include:

• A patient has an acute medical crisis and can't wait for a licensed provider in their state
• A patient is stranded in another state and needs urgent care

If your account has emergency consultation override enabled, you can use it when a check returns NON_COMPLIANT. You'll be asked to document the reason, which becomes part of the compliance packet.

An established patient override allows you to proceed with a NON_COMPLIANT check for a patient you've already treated in a licensed state, where you're continuing an ongoing relationship.

For example: You have a patient in Pennsylvania (where you're licensed). They travel to Ohio (where you're not licensed) and want a follow-up. An established patient override documents that this is a continuation of an existing therapeutic relationship, which some states' regulations allow.

Again, this documents an exception — it's not a blank check to practice unlicensed. Use it only when you genuinely have an established relationship with the patient.

The default answer is: Don't proceed. If a check returns NON_COMPLIANT, reschedule, refer, or ask the patient to verify their location manually.

Use an override only if:

• It's a genuine emergency (emergency consultation)
• You have a documented ongoing relationship with the patient (established patient)
• Your state's regulations and your malpractice insurance policy explicitly allow it
• You're willing to defend the decision if audited

When in doubt, err on the side of caution. Your audit log will show you documented the exception.

Yes. If you use an override, it's explicitly recorded in the compliance packet and audit log. You'll be asked to note the reason (emergency vs. established patient), and that reason becomes part of the permanent record.

This documentation is your protection — if audited, you can show that you identified the compliance gap and made a deliberate, documented exception. That's far better than operating with no documentation at all.

Overrides are controlled by your account administrator (if you're part of an organization) or by TeleVerify's default policy for individual providers. Some organizations disable overrides entirely for stricter compliance. Others enable them with audit requirements.

Check your Settings to see whether overrides are available on your account. If you think an override should be enabled, contact your organization's admin or email support@televerify.org.

The HHS Office of Inspector General maintains the List of Excluded Individuals & Entities (LEIE), which contains NPIs of healthcare providers who have been:

• Convicted of fraud
• Terminated from Medicare or Medicaid
• Involved in other federal healthcare violations

TeleVerify automatically screens every compliance check against this list (8,375+ excluded NPIs, updated daily). If a provider is on the LEIE, billing federal programs for their services is prohibited.

First, verify it's real. Go to the official HHS OIG Exclusions Database and search for your NPI. If you're listed, you need to:

• Contact the OIG directly to understand why and begin the reinstatement process
• Notify your malpractice insurance company
• Stop billing Medicare, Medicaid, VA, or other federal programs immediately

Until you're delisted, TeleVerify compliance checks will flag the exclusion. You can't be reinstated without OIG approval.

TeleVerify pulls the OIG exclusion list daily and compares it against your NPI. The OIG updates their list continuously as exclusions are added and providers are reinstated.

If you were recently excluded, it may take up to 24 hours to appear in your TeleVerify checks. If you were recently reinstated, the same — typically within a day.

If you believe you're on the LEIE in error, or if the information is outdated:

1. Check the official HHS OIG Exclusions Database
2. Contact the OIG directly (they manage the list and requests for correction)
3. Once the OIG corrects their records, TeleVerify will reflect the change within 24 hours

If you believe TeleVerify's screening is wrong even though the OIG database is correct, email support@televerify.org with your NPI.

TeleVerify stores only state-level location data. We do not store:

• Patient names
• Medical records or diagnoses
• Addresses or coordinates
• Any protected health information (PHI)

Location resolves to a state code in the compliance packet. That's all. This minimalist approach is intentional — the less data we store, the less you have to worry about HIPAA, breach notification, or data loss.

No. TeleVerify never accesses your EHR, EMR, or clinical documentation. We only interact with you (the provider) and the compliance check (state verification). We have no connection to your practice management system, billing system, or patient records.

Session data (compliance check results) are automatically deleted after 4 hours. This is for privacy — once the session is over and documented in your audit log, the raw session data is purged.

Your audit log records persist indefinitely, but the underlying session data doesn't.

Yes. TeleVerify's Business Associate Agreement (BAA) is available for organizations that require HIPAA covered entity status. Since TeleVerify stores minimal patient data (state only, no PHI), most organizations don't require a BAA, but one is available upon request.

Email support@televerify.org if you need a BAA.

Only you (and anyone you explicitly share the packet with). Your audit log is private to your account. No one else can access your compliance history unless you download and share a specific packet.

If an insurer or regulator asks for compliance documentation, you decide what to share. TeleVerify doesn't sell, share, or disclose your data.

Go to Settings (click your name/avatar in the top right) and select "Licensed States." Check the boxes for every state where you hold an active, unrestricted license. For states where you hold a license but it's restricted or limited, leave it unchecked — TeleVerify will treat you as unlicensed in those states.

You can update this anytime. Changes take effect immediately.

Go to Settings > "Account." You'll find options to update your email address and password. For security, you'll be asked to verify your current password before changing either one.

Go to Settings > "Account" and scroll to the bottom. You'll find a "Delete Account" button. This will:

• Permanently delete your account and all associated data
• Delete all session data and audit logs
• Disconnect your Zoom integration (if connected)

This action is irreversible. Consider exporting your audit log first if you need records for compliance purposes.

Email support@televerify.org with your question. Include your account email and NPI. Our team will get back to you within 24 hours with answers about subscription, invoicing, or payment methods.

Try these steps:

1. Ask the patient to enable GPS: If their device has GPS, enabling it usually resolves the issue. TeleVerify will use GPS instead of IP geolocation.
2. Ask the patient to refresh: Have them reload the verification page in their browser and try again.
3. Check for VPN/proxy: Ask if they're on a VPN. If so, ask them to disable it and try again. VPNs mask location and cause verification to fail.
4. Manual confirmation: As a last resort, ask the patient to manually confirm their state (self-report). This creates documentation that the patient claimed to be in that state.

If none of these work, email support@televerify.org with the patient's state and the error message they see.

Try these steps:

1. Disconnect and reconnect: Go to Settings > "Zoom Integration" and click "Disconnect." Then click "Connect" and go through the OAuth flow again.
2. Check Zoom permissions: Make sure you're authorizing TeleVerify to access your meetings. The OAuth screen shows what permissions are being requested — approve all of them.
3. Check browser cookies: Make sure third-party cookies are enabled in your browser (needed for OAuth).
4. Try a different browser: If the issue persists, try a different browser (Chrome, Safari, Firefox) to rule out browser-specific issues.

If the integration still won't connect, email support@televerify.org with your NPI and a screenshot of the error.

There are a few possibilities:

• Wrong state entered: Double-check the patient's location. IP geolocation can be off by miles, especially in border areas. Ask the patient to confirm their state manually.
• Your licensed states are outdated: Check your Settings > "Licensed States." If you just got a new license or your license was restricted, TeleVerify reflects what you've configured. Update it and run the check again.
• License data is stale: TeleVerify pulls license data from state boards regularly, but updates can lag by a few days if a state board is slow to publish changes. If you know your license is active and TeleVerify says it's not, email support@televerify.org with your NPI and state.
• Compact membership data is wrong: If you expect COMPLIANT_VIA_COMPACT but got NON_COMPLIANT, check your Settings > "Licensed States" to verify you've configured the compact correctly.

If you believe the result is truly wrong, email support@televerify.org with your NPI, the patient's state, and the check result. Include a screenshot if helpful.

Try these steps:

1. Reset your password: Go to the login page and click "Forgot Password." Enter your email and follow the reset link.
2. Clear your browser cache: TeleVerify uses local storage for session data. Clear your browser cache and cookies and try logging in again.
3. Try a different browser: If the issue persists, try a different browser to rule out browser-specific problems.
4. Check your email: Make sure you're using the email address you signed up with.

If you still can't log in, email support@televerify.org with the email address on your account and the error message you're seeing.

This usually means one of three things:

1. Location verification is failing: The patient's IP or GPS isn't confirming their state. Ask them to enable GPS, disable any VPN, or manually confirm their state.
2. Your licensed states are wrong: Check your Settings > "Licensed States." If you don't have that state checked, the check will fail. Update it and run the check again.
3. Patient's location data is inaccurate: If the patient is in a border area, they might be slightly across the state line (GPS is precise to within meters). Ask them to confirm their exact address or state.

If you've done all of this and the result still seems wrong, email support@televerify.org with your NPI, the patient's state (as they report it), the check result you got, and your licensed states. We can help debug it.

The admin dashboard is a separate login from the provider app. Navigate to your organization's admin URL (typically admin.televerify.org) and sign in with your admin credentials.

Admin accounts are created by your organization's designated account owner during setup. If you need access but don't have an account, contact your organization administrator.

Provider login: Individual clinicians access this to run compliance checks for their own patients. Providers see only their own check history and can download compliance packets for their sessions.

Admin login: Compliance officers and operations managers access this to oversee all providers in their organization. Admins see organization-wide analytics, manage provider accounts, configure compliance settings, and export audit logs for compliance reviews and insurer audits.

The two logins are completely separate and have different permission models.

In the admin dashboard, navigate to the Providers tab and click Add Provider. You'll be prompted to enter:

• Provider name and NPI (required)
• Specialty (optional, for filtering)
• Licensed states (select all states where the provider holds active licensure)
• Interstate compact memberships (if applicable)

Once added, the provider receives an invitation email with a setup link. They complete their own credential verification before they can run checks.

Yes. Many organizations have multiple admins to ensure compliance oversight doesn't depend on a single person. Common structures include:

• One primary compliance officer + one backup
• One ops manager + one clinical director
• One admin per department (if you manage multiple practices)

All admins have full access to audit logs, provider management, and settings. There's no role-based permission system; all admins are equivalent. If you need permission tiers (read-only auditor vs. full admin), contact support about custom configurations.

Phase 1: Account Setup — Your organization's account owner creates an admin login and selects an organization plan. The admin URL is configured.

Phase 2: Provider Onboarding — You add your providers to the system via the Providers tab. Providers receive invitation emails and complete their own credential verification.

Phase 3: Configuration — In the Settings tab, you configure override policies (which compliance gaps providers can override in emergencies). This is typically a 10-minute conversation with your compliance team.

Phase 4: Go-live — Providers begin running checks. You monitor the Audit Log to ensure checks are running correctly and compliance rates are where you expect them.

Most organizations are fully operational within 1–2 weeks of signing up.

Providers can only manage their own account and view their own check history. Admins have organization-wide capabilities:

• View all checks across all providers (Audit Log)
• Filter checks by provider, date range, and compliance status
• Export audit logs as CSV for external audits
• Drill into individual check details and signed compliance packets
• Add and manage provider accounts
• Configure override settings for the whole organization
• View provider-level analytics (check counts, compliance rates)
• Generate compliance reports for insurers and regulators

Admins cannot override individual compliance checks (that's the provider's choice in their app). Admins can only control which override options are available to providers via the Settings tab.

The admin dashboard has three main tabs:

1. Audit Log: A system-wide view of every compliance check run by every provider. Filterable by provider (dropdown), time range (Today, This Week, This Month, All Time), and compliance status (Compliant, Compliant via Compact, Non-Compliant). Exportable as CSV. This is your primary tool for compliance oversight.

2. Providers: A list of all registered providers in your organization, showing their NPI, licensed states, total check count, and compliance rate. Click any provider to drill into their individual check history and analytics.

3. Settings: Organizational configuration. You control two toggle options here: "Allow Emergency Consultation Override" and "Allow Established Patient Override." These settings determine what override options your providers see when a compliance check returns NON_COMPLIANT.

The dashboard header displays organization-wide metrics:

• Total Checks: Cumulative compliance checks run by all providers to date
• Compliance Rate: Percentage of checks that returned COMPLIANT or COMPLIANT_VIA_COMPACT. This is your key performance metric — it shows what percentage of your encounters have documented, verified compliance.
• Active Providers: Number of providers registered in your organization (not the same as "checks run by active providers this week")
• Checks This Month: New checks in the current calendar month

Use the Compliance Rate as your primary audit-readiness indicator. Most organizations target 95%+ compliance rates. Rates below 90% indicate gaps in provider adoption or policy issues that need investigation.

COMPLIANT: The provider is licensed in the patient's state through direct state licensure. No compact needed.

COMPLIANT_VIA_COMPACT: The provider is not directly licensed in that state, but is covered by an interstate compact (IMLC, PSYPACT, NLC, PT Compact, etc.) and meets all compact requirements for that specific encounter.

NON_COMPLIANT: The provider is neither directly licensed nor covered by an applicable compact. The encounter does not have a legal compliance pathway. The provider must either reschedule the patient, refer out, or document an emergency exception (if override options are enabled).

The audit log shows the actual determination in each row. Use the status filters to see breakdowns (e.g., "How many checks returned COMPLIANT_VIA_COMPACT this month?").

The dashboard updates in real-time. When a provider runs a compliance check in their app, it appears in your Audit Log within seconds. The overall compliance rate and check counts update immediately as well.

If you need historical snapshots (e.g., "what was our compliance rate on March 15?"), export the CSV and filter it locally or import it into your compliance database.

The dashboard view is fixed — all admins see the same three tabs and metrics. However, you can:

• Filter the Audit Log by provider and date range
• Sort and search the Providers tab list
• Export data as CSV for further analysis in Excel or your compliance database
• Drill into individual provider analytics for detailed performance tracking

If you need custom dashboarding or deeper analytics integrations, contact support about advanced reporting options.

At the top of the Audit Log tab, you'll see a Provider dropdown. Click it to select a single provider, or select "All Providers" to see the entire organization's log.

Filtering by a specific provider is useful for:

• Investigating a particular provider's compliance history
• Preparing provider-specific reports for your credentialing committee
• Troubleshooting a compliance issue (e.g., "has Dr. Smith run checks in Kentucky?")

The filter persists until you change it, so you can export the filtered log as CSV without re-filtering.

Next to the Provider dropdown, you'll see a Date Range selector with presets:

• Today: Current calendar day
• This Week: Sunday–Saturday of current week
• This Month: First–last day of current month
• All Time: All records in your account history

These presets are designed for quick audits. If you need a custom date range (e.g., "March 15–April 22"), export the "All Time" log and filter it locally in Excel.

Click the Export as CSV button at the top-right of the Audit Log tab. The system generates a CSV file containing all rows matching your current filter (provider and date range).

The file downloads to your computer immediately. You can then open it in Excel, import it into your compliance database, or share it with external auditors.

The CSV includes these columns:

• Timestamp: Date and time the check was run (ISO 8601 format)
• Provider Name: Name of the checking clinician
• Provider NPI: National Provider Identifier
• Patient State: State where the patient's location was verified
• Compliance Status: COMPLIANT, COMPLIANT_VIA_COMPACT, or NON_COMPLIANT
• Compact Used: Name of the compact (if COMPLIANT_VIA_COMPACT), or empty if not applicable
• Override Flag: Whether the provider overrode a non-compliant determination (true/false)
• Override Reason: If overridden, the reason selected (Emergency Consultation, Established Patient, etc.)
• Packet Hash: The cryptographic hash of the signed compliance packet (for verification purposes)

All timestamps are in UTC. Packet hashes can be used to independently verify packet integrity.

Use the filter dropdown to select the provider involved. This narrows the log to that provider's checks only. Then scan visually or open the CSV in Excel and use Ctrl+F (Cmd+F) to search for a date, patient state, or other identifier.

If you're looking for a session from a specific patient encounter, ask the provider for the approximate time the check was run. You can then filter by date and scan the results.

Each entry in the audit log represents a single compliance check run by a provider. The entry shows:

• Timestamp: When the check was run
• Provider: Name and NPI of the checking clinician
• Patient State: Where the patient was located
• Status: COMPLIANT, COMPLIANT_VIA_COMPACT, or NON_COMPLIANT
• Compact Info: Which compact was used (if applicable)
• Override Flag: Whether the determination was overridden

Click on any entry to expand it and see the full signed compliance packet. This packet contains the complete cryptographic proof and can be forwarded to insurers or regulators.

Audit records are retained indefinitely. Your organization owns all compliance data, and TeleVerify does not automatically delete records.

You can delete records only through a formal data deletion request to compliance@televerify.org (rare, and requires documentation of a data error or compliance issue). Normal compliance audits do not trigger record deletion.

The audit log uses SHA-256 hash-chaining to create a tamper-proof record sequence. Each new entry contains a hash of the previous entry, creating an unbroken chain back to your organization's first-ever compliance check.

This means:

• If someone tries to alter a historical record, its hash changes
• The next record's hash (which depends on the prior one) breaks the chain
• The tampering is instantly detectable

The hash chain is cryptographic proof that your audit log is complete and unaltered. This is extremely valuable in regulatory audits — it shows that your compliance data is authentic and hasn't been falsified.

You can verify the hash chain integrity yourself using TeleVerify's open-source verification tools. Export your audit log as CSV, then run the verification command (Python, JavaScript, or curl provided on the audit verification page at /audit).

The verification tool walks the chain and confirms that every record's hash links correctly to the previous one, proving the sequence is unaltered.

Records cannot be modified after creation. The cryptographic signature on each packet makes tampering detectable.

Records can only be deleted by TeleVerify staff in response to a formal data deletion request, and only if there's a documented reason (e.g., a data error or patient privacy request). Standard compliance audits never trigger deletion.

When a record is deleted, the hash chain breaks, and the gap is cryptographically visible. This prevents silent deletion.

In the Providers tab, each provider row shows a Licensed States field listing all states where they hold active licensure (e.g., "CA, TX, FL, NY").

Click on any provider to see more details, including:

• Full list of licensed states
• Expiration dates for licenses (if tracked)
• Interstate compact memberships
• When license information was last verified

If a provider's licensed states are incorrect, contact them to update their account. They can add/remove states in their provider profile.

The Providers tab shows each provider's Compliance Rate — the percentage of their checks that returned COMPLIANT or COMPLIANT_VIA_COMPACT (as opposed to NON_COMPLIANT).

A high compliance rate (95%+) suggests the provider understands location requirements and is running checks correctly. A low rate (<80%) suggests:

• The provider takes encounters in many states and lacks compact coverage in those states
• The provider is operating in states without licensure (a red flag)
• There may be a data issue or misunderstanding of their license status

Use the compliance rate to identify providers who may need training or credentialing review.

Click on a provider's name to drill into their analytics. You'll see:

• Check Count Over Time: A graph showing how many checks the provider has run by week/month
• Compliance Breakdown: Pie chart of COMPLIANT vs. COMPLIANT_VIA_COMPACT vs. NON_COMPLIANT
• States Served: Map showing which states the provider has served patients in
• Recent Checks: Table of their 20 most recent checks
• Overrides: Count of how many times they've overridden non-compliant determinations (and reasons)

This view is useful for credentialing committees, compliance reviews, and provider feedback conversations.

In the Providers tab, click the Remove button on any provider's row. You'll be asked to confirm.

Important: Removing a provider does not delete their historical compliance records. The audit log retains all checks they ran. Only their active provider account is deactivated — they can no longer run new checks.

This is the intended behavior for compliance. You need to retain providers' check history for audits, even after they leave your organization.

License expiration is not automatically detected by TeleVerify. It's the provider's responsibility to update their licensed states in their profile before their license expires.

If a provider's license expires and they continue to run checks without updating their state list:

• The system will show them as licensed in that state
• Checks may incorrectly return COMPLIANT when they should return NON_COMPLIANT
• You'll have incorrect audit documentation

Best practice: Set a calendar reminder to reach out to all providers 30 days before their license renewal deadlines and confirm they've updated their TeleVerify profile. This prevents expired licenses from creating compliance gaps in your audit trail.

Override settings control which compliance gaps your providers are permitted to override. When a compliance check returns NON_COMPLIANT, a provider can:

• Proceed with the encounter and document why (if override options are enabled)
• Reschedule the encounter for a time when they have compliance coverage
• Refer the patient to another provider

If override options are disabled, NON_COMPLIANT checks block the encounter entirely (no override option offered).

Override settings are organization-wide, configured in the Settings tab. All providers in your organization see the same override options.

This is a policy decision for your compliance team and legal counsel.

Arguments for enabling: Emergency situations exist (stroke, sepsis, etc.) where delaying care for compliance documentation is harmful. The emergency override acknowledges this reality and requires the provider to document why they proceeded. This is better than having undocumented emergencies.

Arguments for disabling: Every NON_COMPLIANT determination should trigger a reschedule or referral. Allowing overrides, even documented, creates liability exposure.

Middle ground (common): Enable the emergency override but require a detailed explanation (e.g., "patient had active chest pain, EMS already notified, continuing assessment is clinically appropriate"). Review override usage in your audit log monthly to ensure providers are using it appropriately, not as a rubber stamp.

This override allows providers to proceed with established patients even if compliance checking returns NON_COMPLIANT on a particular encounter (e.g., a patient temporarily in a state where the provider isn't licensed).

Arguments for enabling: Continuity of care is valuable. A patient who has been seeing a provider for 2 years and is temporarily visiting another state might reasonably continue care with their regular provider if there's follow-up documentation.

Arguments for disabling: "Established patient" has no legal weight. State licensing law applies regardless of prior relationship. The provider must be licensed in the patient's current location, period.

Real-world practice: Many organizations enable this but with high audit friction. They allow the override to document continuity-of-care situations, but flag every override for compliance review. This satisfies both liability concerns and practical care delivery.

When a provider overrides a NON_COMPLIANT determination, the audit log entry shows:

• Override Flag: true
• Override Reason: The documented reason (Emergency Consultation, Established Patient, etc.)
• Provider Notes: Any additional text the provider entered to explain the override

The compliance status stays NON_COMPLIANT — the override doesn't retroactively mark it as compliant. The override flag just indicates the provider proceeded anyway.

When you export the CSV, these override fields are included. This allows you to filter for all NON_COMPLIANT-with-override entries and audit them separately.

Not through the current dashboard interface. Settings are organization-wide — all providers see the same override options.

However, you can achieve per-provider policies through manual review:

• Enable override options for the whole organization
• Document and audit override usage in your monthly compliance reviews
• If a specific provider is abusing overrides, escalate to their clinical leadership

For true role-based settings (e.g., "mid-level providers can override, physicians cannot"), contact support about custom policy configurations.

Insurers typically request one of three things:

1. Audit Log CSV: Export your full audit log (Audit Log tab → Export as CSV) and share via secure email or file transfer. The CSV contains all check records and is self-documenting.

2. Individual Compliance Packets: For specific encounters, click on the audit entry and download the signed compliance packet. This packet is independently verifiable and provides cryptographic proof of compliance for that session.

3. Portfolio-wide Compliance Summary: Your dashboard shows your overall compliance rate. You can screenshot the stats and share as a summary: "Our organization ran 18,500 checks this year with a 97.2% compliance rate."

Insurers often have data-sharing agreements that cover what format they need. Contact them directly about their preferred submission method.

A compliance packet is a complete record of a single compliance check, signed with TeleVerify's private Ed25519 key. The packet contains:

• Provider NPI and name
• Patient location (state)
• Timestamp of the check
• License verification result (licensed/not licensed in that state)
• Compact coverage determination
• OIG exclusion screening result
• The final compliance status (COMPLIANT, COMPLIANT_VIA_COMPACT, NON_COMPLIANT)
• Ed25519 digital signature proving authenticity and tamper-proof integrity

The signature mathematically proves two things: (1) TeleVerify created this packet, and (2) nothing has been altered since creation.

An insurer, auditor, or regulator can verify a TeleVerify compliance packet without accessing TeleVerify's systems. They need only:

• The compliance packet (a JSON string)
• TeleVerify's public Ed25519 key (published publicly at a fixed endpoint)
• Verification code (provided in JavaScript, Python, or curl+openssl)

They run the verification code and get a yes/no answer: "This packet is authentic" or "This packet is forged/altered."

This is independent verification — no account, no API key, no TeleVerify intermediary needed. It's how compliance packets become third-party evidence.

TeleVerify's public Ed25519 key is published at:

https://api.televerify.org/public-key

It's also embedded in the audit verification page at /audit, which provides a browser-based verification tool.

The key is immutable and versioned. Any changes are announced in advance through our blog.

Navigate to /audit. The page provides:

• Browser-based packet verifier: Paste a compliance packet JSON and verify its signature instantly (no account needed)
• Verification code samples: Copy-paste code to verify packets in your own application (JavaScript, Python, curl)
• Hash chain verification: Instructions for verifying the integrity of entire audit logs

This page is useful to share with insurers and auditors so they can verify your compliance records independently.

Prepare these materials:

• Audit log CSV: Full export of all checks during the audit period
• Organization compliance summary: Overall compliance rate, total checks, breakdown by state
• Sample packets: 2–3 individual compliance packets demonstrating what a signed packet looks like
• Override log: Summary of any NON_COMPLIANT-with-override entries and the reasons
• Hash chain verification report: If requested, proof that your audit log is unaltered (run the verification script)
• Policy documentation: Your written policies on override settings, license verification frequency, etc.

Most insurers only ask for the CSV and a summary. Provide the rest only if requested. Having these materials ready allows you to respond quickly to surprise audits.

No. Insurers cannot log into your admin dashboard. They can only access compliance records through:

• CSV exports you share with them
• Individual compliance packets you forward
• Independent verification of packets using the public key

This protects your organization's privacy. Insurers see only the specific compliance data you choose to share, not your provider list, settings, or other operational details.

Negligence in compliance documentation usually means "we didn't check at all" or "we checked but didn't keep records." A TeleVerify compliance packet proves the opposite:

• It proves you checked: The packet documents that a compliance verification was performed at the time of service
• It proves third-party verification: It's not just your word — a signed packet from an independent service
• It proves you understood the result: The packet clearly states whether the encounter was compliant or non-compliant
• It proves integrity: The cryptographic signature proves you didn't alter the record later

If a NON_COMPLIANT check was overridden, the packet documents that decision too. Regulators and insurers see "you identified the non-compliance and made a deliberate choice to proceed despite it," which is far more defensible than operating without any verification.

The HHS Office of Inspector General publishes the List of Excluded Individuals & Entities (LEIE), containing 8,375+ NPIs of providers who have been convicted of healthcare fraud, terminated from Medicare/Medicaid, or violated other federal healthcare laws.

Why it matters: If your organization bills federal programs (Medicare, Medicaid, Veterans Affairs, TRICARE, etc.) for services provided by a provider on this list, you violate the Anti-Kickback Statute and False Claims Act. Penalties are severe: treble damages + civil penalties of $13,946–$27,894 per occurrence (2025 figures), plus possible criminal liability.

Your responsibility: You must screen all providers against LEIE before credentialing and periodically after. TeleVerify screens every provider on every check. This is automated proof that you're complying with this requirement.

TeleVerify updates the OIG exclusion list daily. The HHS publishes updates roughly weekly, and we refresh our copy the next business day. This means exclusions are current within a few days of publication.

TeleVerify will immediately flag any checks run by that provider as NON_COMPLIANT due to exclusion status. You'll see this in the Audit Log.

Your next steps:

1. Immediately notify the provider and your legal team
2. Verify the exclusion with HHS (visit https://exclusions.oig.hhs.gov/ directly)
3. If the exclusion is a mistake (rare, but possible), help the provider file an appeal with HHS
4. If the exclusion is valid, immediately stop credentialing that provider and stop submitting claims for their services
5. Audit all claims submitted during the time the provider was excluded to assess whether you owe federal programs refunds
6. Document the discovery, the date you became aware, and the remedial actions taken

Each audit log entry includes an "OIG Screening" field (or it's embedded in the compliance packet). It will show either "PASS" (provider not on list) or "EXCLUDED" (provider on list).

To verify screening is running consistently:

1. Export your audit log as CSV for a specific time period
2. Count the entries. This is the number of checks run.
3. Verify that every entry has an OIG Screening result (no blanks)
4. If all entries have a result, screening is running on every check

If you find entries without OIG Screening results, contact support.

Civil Penalties: False Claims Act violations: treble damages (3x the amount improperly billed) + civil penalties of $13,946–$27,894 per occurrence. If your organization billed $500,000 in services by an excluded provider, liability could exceed $2 million.

Program Exclusion: HHS can exclude your entire organization from federal healthcare programs, effectively ending your ability to bill Medicare/Medicaid.

Criminal Liability: Knowing violations can result in criminal prosecution of organization leadership, with fines and imprisonment.

License/Credentialing Loss: Joint Commission, state boards, and other accrediting bodies can revoke your organization's credentials if you bill with excluded providers.

TeleVerify stores each provider's interstate compact memberships (IMLC, PSYPACT, NLC, PT Compact, etc.) in their profile. On each check, the system evaluates:

1. Is the provider directly licensed in the patient's state? If yes, COMPLIANT.
2. Is the patient's state in one of the provider's compact memberships? If yes, and all compact requirements are met for that encounter, COMPLIANT_VIA_COMPACT.
3. If neither applies, NON_COMPLIANT.

This evaluation runs automatically on every check across all providers. You don't need to manually track who's in which compacts — the system does it.

This is handled correctly by the system. Each provider's record stores their individual compact memberships. So:

• Dr. Smith: IMLC member (can practice psychology in most states)
• Dr. Jones: PSYPACT member (can practice psychology in most states, but different set)
• PT Sarah: PT Compact member (can practice PT in PT Compact states)

When Dr. Smith checks a patient in a non-licensed state, the system checks "Is this state in IMLC?" When Dr. Jones checks the same state, the system checks "Is this state in PSYPACT?" Different results are possible and expected.

At scale with 50+ providers, each potentially in different compacts, this multi-provider compact handling is essential. TeleVerify handles it automatically.

Compact memberships change when a provider joins or withdraws from a compact. The provider is responsible for updating their profile in their own provider account.

How to monitor changes:

• Review the Providers tab quarterly and verify the "Compact Memberships" field matches your credentialing records
• When you receive provider profile update notifications, confirm compact changes are reflected in TeleVerify
• If a provider's compliance rate suddenly drops, it may indicate a compact membership change or loss — investigate

If a provider updates their compact membership in TeleVerify but it doesn't immediately affect their checks, there may be a sync delay. Wait a few minutes and retry.

TeleVerify categorizes compliance into three pathways:

direct_only: The provider is directly licensed in the patient's state (no compact needed). Example: Dr. Smith is licensed in California and checks a patient in California. Compliance pathway: direct_only.

compact_full: The provider is not directly licensed in the patient's state, but is fully covered by an interstate compact. Example: Dr. Smith holds an IMLC license and checks a patient in Arizona (IMLC member state where Dr. Smith doesn't hold direct licensure). Compliance pathway: compact_full.

compact_partial: This pathway is less common. It indicates the provider is covered by a compact for that state, but with restrictions or limitations (e.g., limited supervision or specific patient population). Some compacts have partial membership tiers.

In your audit log, these pathways appear in the compliance packet details. Use them to understand the legal basis for each encounter's compliance determination.

States not in any compact (rare, but examples include California, which is not part of IMLC despite being a major telehealth market) require direct state licensure. There's no compact workaround.

If a provider isn't directly licensed in a non-compact state, TeleVerify will return NON_COMPLIANT. The only options are:

• Provider obtains direct licensure in that state (if they want to serve patients there)
• Reschedule the patient for another time when they're in a state where the provider is licensed
• Refer the patient to a provider licensed in that state
• Override the check if your policy permits (with documentation)

Compact coverage cannot bridge the gap for non-compact states. This is a hard legal constraint, not something TeleVerify policy can soften.

About providers: NPI, name, licensed states, specialty, interstate compact memberships, credential verification timestamp.

About patients: State-level location only. No names, no medical record numbers, no diagnoses, no contact information. Just the state where the patient was located at the time of the check.

About encounters: Timestamp, provider NPI, patient state, compliance result, compact used (if applicable), OIG screening result.

Deleted data: IP addresses and GPS coordinates used for location verification are not stored long-term. They're used only to determine the state and are then discarded.

TeleVerify does not store PHI and operates under a "data minimization" principle. Because we collect only provider NPI and patient state-level location, standard HIPAA Safe Harbor does not apply in the usual sense — there's no patient identifier to worry about.

However, state and patient location could theoretically be combined by a data broker to re-identify patients. For this reason:

• Data is encrypted in transit (HTTPS)
• Data is encrypted at rest in our database
• Access is restricted to authorized personnel
• We perform regular security audits

A Business Associate Agreement (BAA) is available for organizations that want contractual HIPAA compliance assurances. Contact support to request one.

Yes. If your organization requires a Business Associate Agreement for HIPAA compliance, contact support@televerify.org and request a BAA. We have a standard template that can be executed within 5–10 business days.

The BAA covers:

• Data minimization practices
• Encryption and security standards
• Access controls and audit trails
• Breach notification procedures
• Data deletion timelines
• Liability and indemnification

Even without a formal BAA, your compliance records are secure and encrypted. A BAA is mainly useful if you need contractual assurances for your own compliance documentation.

In transit: All connections use HTTPS with TLS 1.3. Data moving between your browser and TeleVerify, or between your EHR and TeleVerify, is encrypted end-to-end.

At rest: Patient location data and provider information are encrypted in our PostgreSQL database using AES-256-GCM encryption. The encryption keys are managed separately from the database.

Compliance packets: Each packet is signed with Ed25519 cryptography, which is not encryption but provides tamper-proof integrity. The packet contents are not themselves encrypted (they're readable), but the signature proves they're authentic.

Your audit log is retained indefinitely by default. Your organization owns the data and can request deletion, but standard compliance practice recommends retaining it permanently.

If you want to purge data older than a certain date (e.g., keep only 5 years), contact support. This is a custom request and requires documentation of the reason and compliance with your retention policies.

TeleVerify employees with access to production systems are limited to:

• Engineering team (for system maintenance and bug fixes)
• Compliance/security team (for audit purposes)

Access is logged and monitored. Customer data is never accessed for marketing, analytics, or other business purposes without explicit consent.

For detailed information about data access controls, request our System & Organization Controls (SOC 2) Type II report from compliance@televerify.org.

Licensed states in TeleVerify are managed by the provider themselves in their profile. You (as admin) cannot directly edit a provider's licensed states.

To fix this:

1. Ask the provider to log into their provider account
2. Have them navigate to their profile / settings
3. Ask them to update their "Licensed States" field with the correct states
4. They save, and the change takes effect immediately
5. Future checks will use the updated state list

Verification: After the provider updates, check the Providers tab in your admin dashboard. Refresh the page — the updated state list should appear within a minute.

This likely means a provider ran a check outside of normal operations. Possible explanations:

• Provider running a test: They may have clicked the check button to see how the system works (without a real patient)
• Check from another organization: If your admin dashboard includes providers from multiple organizations, the check belongs to one of them
• Zoom integration test: If a provider recently integrated TeleVerify with Zoom, they may have run a test check
• Provider onboarding: New providers often run a test check to ensure they understand how to use the system

To investigate: Click on the audit entry and examine the details. Check the timestamp — was this during normal business hours for the provider? Drill into their analytics to see if this check is an outlier or part of a pattern.

If the check seems fraudulent: Contact support immediately with the entry details.

Step 1: Verify your URL — Is your admin URL correct? It's typically admin.televerify.org or a custom domain your organization configured. Check your onboarding email for the exact URL.

Step 2: Verify your credentials — Are you using the correct email and password? If you've forgotten your password, click "Forgot Password" on the login page.

Step 3: Check your account status — Your admin account may have been deactivated if your organization's subscription ended or your account was removed for security reasons. Contact your organization's account owner to verify.

Step 4: Check browser cache — Clear your browser cookies and cache, then try again. Sometimes stale session data causes login issues.

Step 5: Contact support — If none of the above work, email support@televerify.org with your email and the exact error message you're seeing. We can investigate account access issues.

In the Settings tab, you toggle "Allow Emergency Override" and "Allow Established Patient Override." If these settings don't save:

Step 1: Wait and refresh — Sometimes there's a slight delay in the UI updating. Wait 5 seconds, then refresh the page. Do the settings persist after refresh?

Step 2: Check your admin permissions — Only admins with "settings edit" permissions can modify these toggles. If you don't have permission, you'll see the toggles but they won't save. Contact your organization's primary admin to verify you have settings edit permission.

Step 3: Try a different browser — Browser extensions or cached data can interfere. Try a different browser (Firefox vs. Chrome, etc.) to see if the issue persists.

Step 4: Contact support — If none of the above work, contact support@televerify.org. We can check the server logs to see why the settings update is failing.

If a check returned a compliance status you disagree with, investigate:

Step 1: Verify the provider's licensed states — Click on the provider in the Providers tab and confirm they're listed as licensed in the patient's state. If the provider's licensed states are wrong in TeleVerify, that explains the incorrect determination. Have the provider update their profile (see "A provider says their licensed states are incorrect").

Step 2: Verify the compact membership — If the check returned NON_COMPLIANT but should have returned COMPLIANT_VIA_COMPACT, check if the provider's compact memberships are correctly registered. The provider can update these in their profile.

Step 3: Review the signed packet — Click on the audit entry to see the full compliance packet. This shows exactly which states and compacts the system checked. Is the data in the packet correct?

Step 4: Contact support — If you believe the determination is wrong despite correct provider data, contact support with the audit entry details. There may be a bug in the verification logic.