Complete guide to managing TeleVerify across your organization.
Log in at app.televerify.org/login with your work email and password. The dashboard auto-detects your role — if you're an org admin, you'll land in the admin view with organization-wide controls.
Org admins are typically created during signup at /signup — select 'Organization' on the first step. To add more admins later, invite them from the Team page and promote them to admin role.
Provider view: Individual clinicians see their own sessions, licenses, regulatory intelligence, and integrations. Providers manage their own compliance data only.
Admin view: Org admins see organization-wide analytics — the Team roster, every session across the org, the Compliance Issues queue, and the org's Regulatory Intelligence coverage map.
Both roles log in at the same URL (app.televerify.org/login). The dashboard auto-detects your role. Org admins can switch between views using the Switch to Provider View / Switch to Org Admin View link at the bottom of the sidebar.
In the admin dashboard, open the Team tab and click Invite Provider. The modal asks for:
Send the invite and the provider receives an email with a setup link. When they accept, TeleVerify automatically pulls their name, credentials, specialty, and initial licensed-state list from the NPPES registry — you don't need to enter any of that yourself.
For multiple providers at once, click Bulk Invite next to Invite Provider to paste or enter several email/NPI pairs in one go.
Yes. Many organizations have multiple admins so compliance oversight doesn't depend on a single person. Common structures:
TeleVerify supports three customer roles: org admin (full team management, organization-wide visibility, billing), compliance admin (sees the Compliance Queue and can co-sign waivers), and provider (individual clinician with their own sessions and licenses). Each role gets a tailored sidebar. Org admins can also flip between their admin and provider views via the link at the bottom of the sidebar.
Setup is mostly same-day:
Phase 1 — Sign up. Visit /signup and select 'Organization' to create your organization and your first admin account. Add a payment method when you're ready (14-day free trial included).
Phase 2 — Invite providers. Open the Team tab, click Invite Provider (or Bulk Invite for many at once). Each provider gets an email with a setup link. Their name, credentials, and initial licensed-state list pull from NPPES automatically when they accept.
Phase 3 — Review settings. Open Settings to set notification preferences, designate compliance admins, and configure the waiver co-sign policy.
Phase 4 — Monitor. Use the Sessions page to see every check across the org, Compliance Issues to triage flagged sessions, and Regulatory Intelligence for coverage-map and alerts.
Most orgs are running compliance checks the same day they sign up.
Providers manage their own account and see only their own session history. Admins have organization-wide capabilities:
Admins don't override individual session decisions — that stays with the provider at session time. Admins control policy through compliance-admin assignment and the co-sign workflow.
The admin sidebar has these sections:
Overview — organization compliance metrics at a glance: pass rate, compact utilization, flagged sessions count, and a setup checklist for new orgs.
Team — every provider in your organization, with NPI, total sessions, and compliance rate. Click any provider to drill into their detail.
Sessions — every session across every provider. Filter by provider, state, status, and time range. Export to CSV.
Compliance Issues — triage queue for license-mismatch sessions. Lifecycle is Open → Acknowledged. Click any row for the detail drawer.
Compliance Queue — sessions awaiting a co-sign from a designated Compliance Admin (when the waiver co-sign policy is on).
Regulatory Intelligence — six-pillar regulatory framework (Cross-State Licensing, Compacts, Consent, Online Prescribing, Board Standards, Modality + Privacy), the org's coverage map, and live regulatory alerts.
Expand Practice — recommended state-license or compact moves that would close coverage gaps, ranked by impact.
Integrations — Zoom Marketplace and Chrome Extension status, plus EMR/EHR webhook configuration.
Settings — Your Profile, Platform URLs, Billing & Plan, Notification Preferences, Compliance Admins, Waiver Co-Sign Policy, and Organizations.
A ranked list of state-license or compact moves that would close the biggest coverage gaps in your (or your organization's) practice footprint. Each recommendation shows the dollar exposure it would resolve and the states it would add. Pursue any that align with your growth strategy — the page updates as sessions accrue and the picture changes.
Your organization is in its 14-day free trial. Add a payment method from Settings → Billing & Plan before the trial ends to keep running new sessions. Existing records stay accessible regardless. After conversion to a paid plan, the badge changes to "Active."
The admin Overview shows your organization's compliance metrics for a selected time range (7 days / 30 days / 90 days / All time):
Dollar-exposure figures (using the published CMS per-session rate of $11,665) appear in Compliance Issues and Regulatory Intelligence to help size the impact of unresolved gaps.
TeleVerify returns one of four statuses on every compliance check:
Sessions discontinued by the provider after a non-compliant verdict show as Discontinued (not counted in compliance analytics).
Filter and breakdown views are on the Sessions page.
The dashboard updates in real time. When a provider runs a compliance check, it appears on your Sessions page within seconds; compliance rate and flagged-session counts on Overview update at the same time.
For historical snapshots (e.g., "what was our compliance rate on March 15?"), export the CSV from Sessions and filter locally.
The sidebar structure is the same for every admin, but the data is filterable in several ways:
If you need custom dashboards or BI integration, email support — we can talk about API access.
At the top of the Sessions page, you'll see a Provider dropdown. Click it to select a single provider, or select "All Providers" to see the entire organization's sessions.
Filtering by a specific provider is useful for:
The filter persists until you change it, so you can export the filtered log as CSV without re-filtering.
On the Sessions page, filter to Non-Compliant. Sessions where the provider proceeded with EPA show "Exception" in the status column and include the EPA detail (location, clinical reason, GPS confirmation timestamp) in the signed Compliance Verification Record. Open any such session and click View Compliance Record to download the full attested record.
Next to the Provider dropdown, you'll see a Date Range selector with presets:
These presets are designed for quick audits. If you need a custom date range (e.g., "March 15–April 22"), export the "All Time" log and filter it locally in Excel.
Click the Export as CSV button at the top-right of the Sessions page. The system generates a CSV file containing all rows matching your current filter (provider, date range, state, and status).
The file downloads to your computer immediately. You can then open it in Excel, import it into your compliance database, or share it with external auditors.
If you export a very large log (e.g., 50,000+ checks), the file may take 10–15 seconds to generate. Be patient and don't close the page.
The CSV includes these columns:
All timestamps are in UTC. Packet hashes can be used to independently verify CVR integrity.
Use the filter dropdown to select the provider involved. This narrows the Sessions list to that provider's checks only. Then scan visually or open the CSV in Excel and use Ctrl+F (Cmd+F) to search for a date, patient state, or other identifier.
If you're looking for a session from a specific patient encounter, ask the provider for the approximate time the check was run. You can then filter by date and scan the results.
You cannot search by patient name or medical record number — TeleVerify stores only state-level location data, not patient identifiers. If you need to tie a check to a specific patient encounter, cross-reference the timestamp with your EHR.
Each entry in the Sessions list represents a single compliance check run by a provider. The entry shows:
Click on any entry to expand it and see the full signed Compliance Verification Record (CVR). This CVR contains the complete cryptographic proof and can be forwarded to insurers or regulators.
Audit records are retained indefinitely. Your organization owns all compliance data, and TeleVerify does not automatically delete records.
You can delete records only through a formal data deletion request to compliance@televerify.org (rare, and requires documentation of a data error or compliance issue). Normal compliance audits do not trigger record deletion.
Because records are hash-chained, any deletion is cryptographically detectable. This maintains audit integrity even if individual records are removed.
The signed audit log uses SHA-256 hash-chaining to create a tamper-proof record sequence. Each new entry contains a hash of the previous entry, creating an unbroken chain back to your organization's first-ever compliance check.
This means:
The hash chain is cryptographic proof that your signed audit log is complete and unaltered. This is extremely valuable in regulatory audits — it shows that your compliance data is authentic and hasn't been falsified.
Open /verify-record, paste the signed Compliance Verification Record JSON (or upload the file from a CSV export), and the page validates the Ed25519 signature against TeleVerify's public key. You can also fetch the public key directly at /.well-known/verification-key.pem and verify offline with openssl or any Ed25519 library.
Records cannot be modified after creation. The cryptographic signature on each packet makes tampering detectable.
Records can only be deleted by TeleVerify staff in response to a formal data deletion request, and only if there's a documented reason (e.g., a data error or patient privacy request). Standard compliance audits never trigger deletion.
When a record is deleted, the hash chain breaks, and the gap is cryptographically visible. This prevents silent deletion.
Do not attempt to delete or modify records yourself. This is not possible through the admin dashboard and would violate the integrity of your audit trail. If you need records corrected, contact support.
On the Team page, click any provider's name to open their detail view. The detail shows:
If a provider's licensed states are incorrect, the provider updates them on their own Licenses page (admins don't directly edit another provider's licenses).
The Team page shows each provider's Compliance Rate — the percentage of their checks that returned COMPLIANT or COMPLIANT_VIA_COMPACT (as opposed to NON_COMPLIANT).
A high compliance rate (95%+) suggests the provider understands location requirements and is running checks correctly. A low rate (<80%) suggests:
Use the compliance rate to identify providers who may need training or credentialing review.
Click any provider's name on the Team page to open their detail view:
Use this view for credentialing reviews, compliance check-ins, or quick performance snapshots.
On the Team page, click the Remove button on any provider's row. You'll be asked to confirm.
Important: Removing a provider does not delete their historical compliance records. The Sessions list retains all checks they ran. Only their active provider account is deactivated — they can no longer run new checks.
This is the intended behavior for compliance. You need to retain providers' check history for audits, even after they leave your organization.
TeleVerify pulls license status and expiration dates from NPPES and the state license sources we track. When a license is past its expiration date, TeleVerify treats the provider as unlicensed in that state from the expiration date forward — so future compliance checks correctly return Non-Compliant rather than incorrectly returning Compliant.
The provider's Licenses page surfaces upcoming expirations, and the Regulatory Intelligence coverage map flags states where renewal is overdue.
Set a calendar reminder ~60 days before known renewal dates to give the provider time to act. If a state's licensing board is slow to publish renewal data, contact support — we can refresh that license from the source.
Org admin settings live under Settings. The compliance-relevant ones are:
In-session decisions (Continue Session / Discontinue Session) stay with the provider at session time. TeleVerify does not offer a "click to proceed anyway" override — the available paths after a non-compliant verdict are Discontinue Session, or Continue Session with an Emergency Patient Address that captures the actual location for the audit record.
Open Settings → Compliance Admins and add a team member by email. They'll get access to the Compliance Queue and can co-sign waived sessions. Compliance Admins can be different from org admins — many orgs split the roles (org admin = billing/team management; compliance admin = clinical/compliance oversight).
When the policy is on, any non-compliant session that proceeded with an Emergency Patient Address requires a Compliance Admin co-sign before it's considered closed. Pending sessions show up in the Compliance Queue. The policy is off by default; turn it on in Settings → Waiver Co-Sign Policy.
When the Waiver Co-Sign Policy is on, non-compliant sessions that proceeded with an Emergency Patient Address require a co-sign from a designated Compliance Admin before they're considered closed. The Compliance Queue surfaces those pending sessions to anyone with the compliance_admin role. Click any row to review and co-sign or send back with a note. Note: this surface ships when your organization enables the Waiver Co-Sign Policy.
Open Compliance Issues, filter by Open / Acknowledged / All, click any row to open the detail drawer, review the mismatch context, and click Acknowledge to mark it triaged. Optional notes save with the acknowledgement and appear in the audit trail. Once acknowledged, the row drops out of the default Open filter and moves to Acknowledged.
Both are paths the provider can take after a Non-Compliant verdict:
No. Verdicts are written into the signed Compliance Verification Record at session time and are immutable. Admins can mark Compliance Issues as Acknowledged, co-sign EPA-continued sessions when the policy requires it, and add notes for context — but the underlying compliance verdict stays as it was at the moment of the session.
Insurers and auditors typically request one of three artifacts:
1. Sessions CSV — Export from the Sessions page (filter to the relevant period first). The CSV contains every session record with state, status, and the record ID you can plug into /verify-record.
2. Individual Compliance Verification Records (CVRs) — Click into any session, then View Compliance Record or View Certificate to download the signed CVR. Each CVR is independently verifiable using TeleVerify's public Ed25519 key.
3. Organization summary — Click Export Report on the Overview to generate a portfolio-wide summary with totals, pass rate, and breakdowns by state.
Anyone can verify a Compliance Verification Record at /verify-record (no login required). The page validates the Ed25519 signature against TeleVerify's public key, which is also published at /.well-known/verification-key.pem for offline / scripted verification. Send insurers the CVR JSON file plus the /verify-record URL and they can confirm authenticity in seconds.
A Compliance Verification Record (CVR) is a complete record of a single compliance check, signed with TeleVerify's private Ed25519 key. The CVR contains:
The signature mathematically proves two things: (1) TeleVerify created this CVR, and (2) nothing has been altered since creation.
An insurer, auditor, or regulator can verify a TeleVerify Compliance Verification Record without accessing TeleVerify's systems. They need only:
They run the verification code and get a yes/no answer: "This CVR is authentic" or "This CVR is forged/altered."
This is independent verification — no account, no API key, no TeleVerify intermediary needed. It's how Compliance Verification Records become third-party evidence.
TeleVerify's public Ed25519 key is published at:
It's also embedded in the verification page at /verify-record, which provides a browser-based verification tool.
The key is immutable and versioned. Any changes are announced in advance through our blog.
Navigate to /verify-record. The page provides:
This page is useful to share with insurers and auditors so they can verify your compliance records independently.
Prepare these materials:
Most insurers only ask for the CSV and a summary. Provide the rest only if requested. Having these materials ready allows you to respond quickly to surprise audits.
No. Insurers cannot log into your admin dashboard. They can only access compliance records through:
This protects your organization's privacy. Insurers see only the specific compliance data you choose to share, not your provider list, settings, or other operational details.
A signed CVR is third-party evidence that you ran a verification at the time of service, that the result is what it is, and that you didn't change it later. It's a stronger paper trail than self-generated documentation, full stop.
Compliance Verification Records aren’t a liability shield, but they are clear evidence that your organization took compliance seriously and followed a documented process.
The HHS Office of Inspector General publishes the List of Excluded Individuals & Entities (LEIE) — NPIs of providers who have been convicted of healthcare fraud, terminated from Medicare/Medicaid, or violated other federal healthcare laws.
Billing federal programs (Medicare, Medicaid, VA, TRICARE) for services provided by a provider on this list exposes the organization to False Claims Act liability.
TeleVerify screens every provider against the LEIE on every compliance check. Results appear in the signed CVR for each session.
TeleVerify updates the OIG exclusion list daily. The HHS publishes updates roughly weekly, and we refresh our copy the next business day. This means exclusions are current within a few days of publication.
Very recent exclusions (added within the last 48 hours) may not yet be reflected in your checks. For critical credentialing decisions, perform a manual check at https://exclusions.oig.hhs.gov/.
If TeleVerify flags a provider as OIG-excluded:
If the flag is a false positive (e.g., NPI confused with someone else's), email support@televerify.org with the provider's NPI; we'll re-screen and update the record.
Each session entry includes an "OIG Screening" field (or it's embedded in the Compliance Verification Record). It will show either "PASS" (provider not on list) or "EXCLUDED" (provider on list).
To verify screening is running consistently:
If you find entries without OIG Screening results, contact support.
For a deeper explanation of how federal-program exclusion penalties work, see /how-telehealth-compliance-works.
TeleVerify stores each provider's interstate compact memberships (IMLC, PSYPACT, NLC, PT Compact, etc.) in their profile. On each check, the system evaluates:
This evaluation runs automatically on every check across all providers. You don't need to manually track who's in which compacts — the system does it.
This is handled correctly by the system. Each provider's record stores their individual compact memberships. So:
When Dr. Smith checks a patient in a non-licensed state, the system checks "Is this state in IMLC?" When Dr. Jones checks the same state, the system checks "Is this state in PSYPACT?" Different results are possible and expected.
At scale with 50+ providers, each potentially in different compacts, this multi-provider compact handling is essential. TeleVerify handles it automatically.
Compact memberships change when a provider joins or withdraws from a compact. The provider is responsible for updating their profile in their own provider account.
How to monitor changes:
If a provider updates their compact membership in TeleVerify but it doesn't immediately affect their checks, there may be a sync delay. Wait a few minutes and retry.
In each signed CVR, the pathway field documents the legal basis for the verdict:
States not in any compact (rare, but examples include California, which is not part of IMLC despite being a major telehealth market) require direct state licensure. There's no compact workaround.
If a provider isn't directly licensed in a non-compact state, TeleVerify will return NON_COMPLIANT. The only options are:
Compact coverage doesn't extend to states that aren't compact members — direct licensure is the only pathway in those states.
About providers: NPI, name, licensed states, specialty, interstate compact memberships, credential verification timestamp.
About patients: State-level location only. No names, no medical record numbers, no diagnoses, no contact information. Just the state where the patient was located at the time of the check.
About encounters: Timestamp, provider NPI, patient state, compliance result, compact used (if applicable), OIG screening result.
Deleted data: IP addresses and GPS coordinates used for location verification are not stored long-term. They're used only to determine the state and are then discarded.
TeleVerify does not store Protected Health Information (PHI). It's designed to verify compliance with minimal data exposure.
TeleVerify does not store PHI and operates under a "data minimization" principle. Because we collect only provider NPI and patient state-level location, standard HIPAA Safe Harbor does not apply in the usual sense — there's no patient identifier to worry about.
However, state and patient location could theoretically be combined by a data broker to re-identify patients. For this reason:
A Business Associate Agreement (BAA) is available for organizations that want contractual HIPAA compliance assurances. Contact support to request one.
Yes. If your organization requires a Business Associate Agreement for HIPAA compliance, contact support@televerify.org and request a BAA. We have a standard template that can be executed within 5–10 business days.
The BAA covers:
Even without a formal BAA, your compliance records are secure and encrypted. A BAA is mainly useful if you need contractual assurances for your own compliance documentation.
In transit: All connections use HTTPS with TLS 1.3. Data moving between your browser and TeleVerify, or between your EHR and TeleVerify, is encrypted end-to-end.
At rest: Patient location data and provider information are encrypted in our PostgreSQL database using AES-256-GCM encryption. The encryption keys are managed separately from the database.
Compliance Verification Records: Each CVR is signed with Ed25519 cryptography, which is not encryption but provides tamper-proof integrity. The CVR contents are not themselves encrypted (they're readable), but the signature proves they're authentic.
If you need more detailed security documentation (penetration testing reports, etc.), contact our compliance team.
Your Sessions list is retained indefinitely by default. Your organization owns the data and can request deletion, but standard compliance practice recommends retaining it permanently.
If you want to purge data older than a certain date (e.g., keep only 5 years), contact support. This is a custom request and requires documentation of the reason and compliance with your retention policies.
Deleting audit records breaks the hash chain and is cryptographically visible. Only delete data if you have a documented business reason and legal/compliance sign-off.
TeleVerify employees with access to production systems are limited to:
Access is logged and monitored. Customer data is never accessed for marketing, analytics, or other business purposes without explicit consent.
For detailed information about data access controls and security practices, contact support@televerify.org.
This likely means a provider ran a check outside of normal operations. Possible explanations:
To investigate: Click on the audit entry and examine the details. Check the timestamp — was this during normal business hours for the provider? Drill into their analytics to see if this check is an outlier or part of a pattern.
If the check seems fraudulent: Contact support immediately with the entry details.
Step 1: Verify your URL — The dashboard is at app.televerify.org/login. Make sure you're not on a different site or a cached page.
Step 2: Verify your credentials — Are you using the correct email and password? If you've forgotten your password, click "Forgot Password" on the login page.
Step 3: Check your account status — Your admin account may have been deactivated if your organization's subscription ended or your account was removed for security reasons. Contact your organization's account owner to verify.
Step 4: Check browser cache — Clear your browser cookies and cache, then try again. Sometimes stale session data causes login issues.
Step 5: Contact support — If none of the above work, email support@televerify.org with your email and the exact error message you're seeing. We can investigate account access issues.
Decisions about Continue Session vs Discontinue Session stay with the provider at session time. Emergency Patient Address remains the only path for a provider to proceed with a non-compliant verdict in true emergencies.
Have a question not answered here? Email our compliance support team at support@televerify.org. We typically respond within 24 hours.