📋 Compliance Onboarding

Telehealth Provider
Compliance Assessment Form

Complete this assessment so we can map your regulatory obligations across HIPAA, federal law, state requirements, and website compliance standards.

50States Covered

2,400+Regulations Tracked

~12 minEst. Completion

Organization

Services

Licensing

HIPAA

Website

Prescribing

✓

Summary

🏥

Organization Information

Tell us about your practice so we can tailor your compliance profile.

ℹ️

Why we ask: Your organization type, size, and states of operation directly determine which regulations apply to you.

Legal Business Name *

Primary Contact Name *

Contact Email *

Contact Phone

Website URL

Organization Type *

Solo Provider / Independent Practitioner Group Practice (2–20 providers) Telehealth Company / Digital Health Startup Hospital / Health System Pharmacy / Dispensing Entity Other

Number of Providers / Practitioners

State of Primary Incorporation / Registration *

🌎

Services & States of Operation

Select every state where you see patients or plan to operate — this drives your multi-state compliance map.

What type of telehealth services do you provide? *

Select all that apply

Primary / Urgent Care Visits Mental Health / Behavioral Health (therapy, psychiatry) Chronic Disease Management (diabetes, hypertension, etc.) Prescription / Medication Management (Rx-focused) Controlled Substance Prescribing (Schedule II–V) Dermatology / Async (store-and-forward) Specialty Consultations (cardiology, neurology, etc.) Remote Patient Monitoring (RPM) Lab Ordering / Diagnostic Services DME / Medical Device Ordering

Visit modality *

Video (synchronous) Audio-only / Phone Asynchronous (messaging / store-forward) RPM / Wearable data

Patient age groups served

Adults (18+) Pediatric (<18) Geriatric / Medicare

States where you operate or plan to operate *

Click to select. These states drive your multi-state licensing, prescribing, and website compliance requirements.

0 states selected

Is your organization part of the Interstate Medical Licensure Compact (IMLC)?

Yes, active IMLC member No Not sure

Do you accept Medicare or Medicaid patients?

Both Medicare & Medicaid Medicare only Medicaid only Neither / Private pay only

🪪

Licensing & Credentialing

State licensure is the #1 compliance gap for telehealth organizations operating across multiple states.

⚠️

High-risk area: Practicing in a state without an active license is a federal and state violation, regardless of where the patient or provider is physically located.

What provider types are in your organization? *

Select all that apply

MD / DO (Physician) Nurse Practitioner (NP) Physician Assistant (PA) LCSW / Licensed Therapist Psychiatrist RN / LPN Pharmacist Other licensed clinician

Do all providers currently hold active licenses in each state where they see patients?

Yes — all providers are licensed in all states where they practice Partially — some states may be missing No — we need help identifying gaps Unsure — we have not fully audited this

Do any providers hold a DEA registration for controlled substance prescribing?

Yes No In process

Are your NPs / PAs operating under a collaborative practice agreement where required?

Some states (e.g., Texas, Florida, Alabama) require collaborative or supervisory agreements with a physician.

Yes, agreements in place No / N/A Not sure

Do you have a credentialing process for new providers joining your platform?

Yes, formal process Informal / ad hoc Not yet established

Additional notes on licensing (optional)

🔒

HIPAA & Privacy Compliance

As a covered entity or business associate, federal HIPAA obligations apply regardless of state.

Is your organization a HIPAA Covered Entity? *

Yes — Covered Entity Business Associate only Unsure

Do you have a current, signed Notice of Privacy Practices (NPP) posted and distributed to patients?

Yes No Partially / needs update

Do you have signed Business Associate Agreements (BAAs) with all relevant vendors?

Vendors include EHR, telehealth platform, billing, cloud storage, email, etc.

Yes — BAAs in place with all vendors Partially — some vendors may be missing No BAAs in place Unsure

Have you completed a HIPAA Security Risk Assessment (SRA) within the last 12 months?

Yes No Overdue / >12 months ago

Do staff / providers receive HIPAA training annually?

Yes, documented Informally / not documented No

Do you use any AI tools, chatbots, or automation that may process PHI?

Yes No Not sure

Do you have a Breach Notification Policy and documented incident response plan?

Yes, documented No Partial / in development

Are you subject to any state-specific privacy laws more stringent than HIPAA?

Examples: California CMIA, New York SHIELD Act, Texas HB 300

Yes No Not sure

🌐

Website Compliance

Telehealth websites have specific required disclosures, accessibility standards, and state-mandated postings.

📌

Note: Many states require specific disclosures on telehealth provider websites. Missing these can trigger regulatory action even if clinical care is compliant.

Your Website URL *

Enter the full URL of your telehealth website so we can reference it during your compliance review.

Does your website have a publicly accessible Privacy Policy? *

Yes No Yes, but may be outdated

Does your website have a Terms of Service / Terms of Use?

Yes No Outdated

Which of the following are currently posted on your website? *

Check all that currently exist on your site

Notice of Privacy Practices (NPP) — HIPAA required Telehealth Informed Consent State-specific telehealth disclosures (e.g., licensure info, state of practice) No guarantee of prescription / treatment outcome disclosure Emergency services / 911 disclaimer Provider credentials and licensure information Fee schedule / pricing transparency Patient complaint / grievance process Cookie Policy / Banner (if collecting analytics) None of the above

Is your website ADA / WCAG 2.1 accessible?

Required for organizations receiving federal funding; strongly recommended for all healthcare providers.

Yes, WCAG 2.1 AA compliant Partially compliant Not assessed

Does your website collect patient intake forms or health information?

Yes No

Is your website secured with HTTPS / SSL throughout?

Yes No Not sure

Do you use third-party trackers (Google Analytics, Meta Pixel, etc.) on your site?

HHS guidance: third-party trackers on patient-facing healthcare sites may violate HIPAA.

Yes No Not sure

💊

Prescribing & Patient Communications

Prescription practices and patient-facing communications carry distinct federal and state obligations.

Does your organization prescribe medications via telehealth? *

Yes No

Which categories of medications are prescribed?

Non-controlled medications (general) Stimulants (Adderall, Ritalin — Schedule II) Opioids / pain medications (Schedule II–III) Benzodiazepines (Schedule IV) Buprenorphine / MAT (requires X-waiver or DEA waiver) Compounded medications GLP-1 / weight loss medications (Ozempic, Wegovy, etc.) Hormone therapy (HRT, testosterone, etc.)

Are you complying with the Ryan Haight Online Pharmacy Consumer Protection Act requirements?

Requires an in-person exam before prescribing controlled substances, unless covered by a DEA telemedicine exception.

Yes — we are compliant (in-person eval completed or DEA exception applies) N/A — we do not prescribe controlled substances Uncertain / needs review

Does your organization use a Prescription Drug Monitoring Program (PDMP) before prescribing?

Required in most states for controlled substances. Many states now mandate PDMP queries for all prescriptions.

Yes, always Sometimes No N/A

How do you communicate with patients? *

HIPAA-compliant patient portal / EHR messaging Encrypted email Regular (unencrypted) email SMS / text messaging Phone calls WhatsApp / iMessage / non-HIPAA platforms

Do you obtain patient consent before communicating via SMS or email with PHI?

Yes, documented consent No N/A

Does your platform obtain telehealth informed consent from patients before their first visit?

Yes — signed and documented Verbal only / not documented No Unsure

Any additional compliance concerns or notes you want us to know?

📊

Your Compliance Assessment

Based on your responses, here is your preliminary compliance profile and required action checklist.

📋 OneVi Internal Review Panel

This section is visible to your compliance advisor. Review the submission, add notes, and assign priority follow-up actions.

—Critical Items

—High Priority

—States Selected

✅

Next step: A OneVi compliance advisor will review your submission and contact you within 1–3 business days to walk through your requirements and proposed remediation plan. A copy of this assessment will be sent to your email automatically upon submission.

🔒 SSL Encrypted

🏥 HIPAA-Aware

🔐 Confidential

🚫 No Third Parties

Telehealth ProviderCompliance Assessment Form

Organization Information

Services & States of Operation

Licensing & Credentialing

HIPAA & Privacy Compliance

Website Compliance

Prescribing & Patient Communications

Your Compliance Assessment

📋 OneVi Internal Review Panel

Telehealth Provider
Compliance Assessment Form