Compliance & Security

Remote Practitioner is built on a foundation of regulatory compliance, data security, and clinical credentialing standards. We follow HIPAA Rules and support CMS telemedicine credentialing pathways.

HIPAA Compliant

Privacy, Security, and Breach Notification Rules

Credentialing by Proxy

CMS CoPs 42 CFR §482.22 alignment

Secure Infrastructure

Encrypted transmission and audit logging

State Licensing

Active licenses & privileges as required

Important: No PHI is stored on this public website. All patient data is handled in compliance with HIPAA standards within secure clinical systems.

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for protecting patient health information. Remote Practitioner adheres to all applicable HIPAA Rules:

Privacy Rule

Protects the privacy of individually identifiable health information (Protected Health Information, or PHI).

•Minimum necessary use and disclosure of PHI
•Patient rights to access and control their information
•Appropriate authorizations and consents

Security Rule

Establishes national standards for securing electronic protected health information (ePHI).

•Administrative safeguards: Security management processes, workforce training, contingency planning
•Physical safeguards: Facility access controls, workstation security, device management
•Technical safeguards: Access controls, audit controls, integrity controls, transmission security

Breach Notification Rule

Requires covered entities and business associates to provide notification following a breach of unsecured PHI. We maintain incident response procedures and breach notification protocols in accordance with HHS guidance.

Business Associate Agreements (BAAs)

Remote Practitioner executes Business Associate Agreements with all covered entities (hospitals) prior to accessing PHI. BAAs establish clear responsibilities for safeguarding patient data and outline breach notification procedures.

Reference: HHS Telehealth Guidance | Privacy & Security Best Practices

Credentialing by Proxy (CBP)

CMS Conditions of Participation (CoPs) allow hospitals to rely on credentialing and privileging decisions made by distant-site telemedicine entities under certain conditions. This expedites the onboarding process while maintaining clinical quality standards.

42 CFR §482.22 - Medical Staff

The CMS regulation permits hospitals to grant privileges to telemedicine physicians based on credentialing and privileging performed by the distant-site hospital or telemedicine entity, provided a written agreement is in place.

Key Requirements:

•Written agreement between originating and distant-site entities
•Distant-site entity must be a Medicare-participating hospital or telemedicine entity accredited by The Joint Commission, DNV, or HFAP
•Originating hospital retains the right to review credentials and performance
•Performance monitoring and ongoing professional practice evaluation (OPPE)

The Joint Commission Alignment

The Joint Commission has aligned its standards with CMS CoPs to support credentialing by proxy for accredited telemedicine organizations. This ensures consistency across accreditation bodies and simplifies multi-site credentialing.

Remote Practitioner Approach

We support both traditional credentialing/privileging at the originating site and credentialing by proxy arrangements where appropriate. Our team works with your medical staff office to determine the best pathway for your institution.

References: 42 CFR §482.22 (eCFR) | CMS Guidance | The Joint Commission

State Licensure & Privileging

All Remote Practitioner physicians maintain active, unrestricted medical licenses in the states where they provide telemedicine services. State licensure requirements vary, and we ensure full compliance with each jurisdiction.

Licensure Requirements

•Full state license: Physicians hold unrestricted licenses in states where patients are located
•Interstate Medical Licensure Compact (IMLC): We support physicians participating in the IMLC for multi-state practice
•Telemedicine exemptions: Where applicable, we comply with state-specific telehealth provisions

Hospital Privileges

Remote intensivists obtain privileges at partner hospitals through standard medical staff processes or credentialing by proxy agreements. Privileges are scope-appropriate for tele-ICU and specialty consults.

Data Security & Audit Logging

Transmission Security

•End-to-end encryption: All video, audio, and data transmissions use industry-standard encryption (TLS 1.2+)
•Secure authentication: Multi-factor authentication for all clinical users
•Network isolation: Recommendation for VLANs to segregate telehealth traffic

Access Controls

•Role-based access: Clinicians only access data necessary for patient care
•Session timeouts: Automatic logout after periods of inactivity
•Device management: Only approved, secured devices access clinical systems

Audit Logging & Monitoring

•Comprehensive logs: All PHI access and system activities are logged with timestamps and user identifiers
•Regular audits: Periodic review of access logs for anomalies and compliance
•Incident response: Documented procedures for security incidents and breach notification

Data Retention

Clinical documentation is retained in accordance with hospital medical records policies and state/federal regulations. Audit logs are maintained for the periods required by HIPAA and accreditation standards.