Security & compliance, built in from day one

TeleVerify is designed for healthcare. HIPAA compliance, data encryption, and privacy-first architecture are foundational, not afterthoughts.

🛡
HIPAA Compliant
📄
BAA Available
🔒
Encrypted at Rest & Transit
📋
Data Encryption

Data Protection

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • No PHI stored beyond compliance verification records
  • Minimal data collection — we store only what's needed for compliance documentation
  • Regular security audits

HIPAA Compliance

  • Business Associate Agreement (BAA) signed with all customers
  • Access controls and role-based permissions
  • Audit logging of all system access
  • Workforce training and security awareness

Infrastructure

  • Hosted on Railway with automatic scaling
  • PostgreSQL database with encryption
  • No data shared with third parties
  • Geographic redundancy and backup

Independent Verification

TeleVerify provides third-party verification — not self-grading. Compliance records are independently generated and timestamped. Records cannot be modified after creation. Designed to withstand regulatory scrutiny and legal discovery.

  • Compliance records are independently generated and timestamped
  • Records cannot be modified after creation
  • Designed to withstand regulatory scrutiny and legal discovery
  • Third-party verification — not self-grading

Compliance Certificates

Every session generates a printable compliance certificate at a unique, auditor-accessible URL. Contains: provider name/NPI, patient state, compliance status, verification method, timestamps. Contains NO patient names, diagnoses, or clinical information. Designed to be attached to patient charts using an opaque session reference token. TeleVerify stores the compliance record; the provider stores the token in their EHR — neither side shares PHI.

Data Handling Practices

Transparency in what we collect, what we don't, and how we handle your data.

What We Collect

  • Provider licenses
  • Patient state-level location
  • Session timestamps
  • Compliance results
  • Compliance certificates (no patient identifiers)

What We Don't Collect

  • Patient names or identifiers
  • Session content or recordings
  • Diagnosis or treatment info
  • Billing or insurance data

Data Retention

  • Compliance records retained per your organization's policy
  • Configurable retention periods
  • Secure deletion on request

Your Rights

  • Export all data anytime
  • Delete your account and data
  • Request data correction
  • Transparent data practices

EHR / EMR Webhook Delivery

When configured, TeleVerify posts compliance results to your EHR system automatically after each session.

What's Included

  • ✓ Session reference token (opaque, not a patient identifier)
  • ✓ Provider NPI
  • ✓ Patient state
  • ✓ Compliance status and method
  • ✓ Timestamp

What's Never Included

  • ✕ Patient name
  • ✕ Date of birth
  • ✕ Diagnosis or treatment info
  • ✕ Insurance or billing data
  • ✕ Any PHI

Need a Business Associate Agreement?

We provide a BAA to every customer. If you're evaluating TeleVerify for your organization, we're happy to share our BAA template and discuss your compliance requirements.

Request BAA

Questions about security?

We're happy to discuss our security practices, provide documentation, or walk through our architecture.

Contact Us Start Free Trial