Checklist 8 min read

The HIPAA Telehealth Compliance Checklist

Every configuration item we verify before a telehealth platform goes live — use it to audit your own setup.

HIPAA compliance in telehealth is not a single switch — it is a set of configuration decisions across access, logging, encryption, and vendor agreements. This checklist mirrors the verification pass we run on every platform we configure.

Access & identity

Confirm role-based access is enabled, least-privilege permissions are applied, multi-factor authentication is required for staff, and inactive accounts are deactivated promptly.

Auditing & monitoring

Verify audit logs capture access to patient records, that logs are retained, and that someone owns reviewing them.

Encryption & data handling

Check encryption in transit and at rest, confirm no patient data lives in unmanaged exports, and document where data is stored.

Vendor agreements

Ensure a Business Associate Agreement is in place with every vendor that touches patient data — including your video and messaging providers.

Want this configured for you?

Our team sets up every system described here as part of a one-time platform setup.

View Setup Plans

Keep Reading

Related resources

Guide

SimplePractice vs Practice Better vs Spruce

A practical comparison of the three platforms we set up — and how to choose the right one for your specialty.

10 min read Read

Playbook

Building Intake Forms That Reduce No-Shows

How form design — not just reminders — changes whether patients actually show up for their first visit.

6 min read Read

Playbook

The Insurance Billing Workflow Playbook

A step-by-step look at the billing workflow we configure — from eligibility to superbill to paid claim.

9 min read Read