Telehealth Accreditation and Certification Bodies

Accreditation and certification in telehealth sit at a specific intersection of clinical quality, patient safety, and institutional credibility — and the landscape is more layered than most providers expect when they first encounter it. This page covers the major bodies that accredit telehealth organizations and certify telehealth technologies, how the accreditation process actually works, and where the meaningful distinctions lie between voluntary certification and regulatory requirement.

Definition and scope

Accreditation, in the healthcare sense, is a formal external review process by which an independent organization evaluates whether a healthcare entity meets a defined set of standards. Certification is a related but narrower concept — typically applied to individual practitioners, specific technologies, or discrete programs rather than entire organizations.

For telehealth, both concepts took on sharper urgency as virtual care scaled dramatically after 2020. A platform or practice that handles HIPAA-regulated data, remote patient monitoring, and multi-state licensure complexities operates across jurisdictions and technical domains simultaneously — which is exactly why external validation has value beyond mere optics.

The three organizations that most directly shape accreditation in the U.S. telehealth space are:

  1. The Joint Commission (TJC) — accredits hospitals, ambulatory care settings, and telehealth programs delivered by those organizations. Its telehealth standards are embedded in its hospital and ambulatory accreditation manuals rather than standing as a separate telehealth track.
  2. URAC — offers a dedicated Telehealth Accreditation Program covering organizational infrastructure, clinical protocols, and patient safety practices. URAC accreditation is widely recognized by payers and employers.
  3. National Committee for Quality Assurance (NCQA) — focuses primarily on health plans and medical groups, with standards that increasingly address virtual care delivery and quality metrics for telehealth encounters.

On the technology side, the Office of the National Coordinator for Health Information Technology (ONC) administers the Health IT Certification Program under the 21st Century Cures Act, which certifies electronic health record (EHR) modules including those that support telehealth workflows. Certification under ONC's program is required for providers seeking to demonstrate Promoting Interoperability compliance under CMS programs.

How it works

URAC's telehealth accreditation process offers the most granular window into how these reviews actually unfold. An organization seeking URAC accreditation submits a detailed application documenting its policies, clinical protocols, credentialing processes, and technology infrastructure. URAC reviewers then evaluate that documentation against published standards — covering areas like provider qualifications, informed consent practices, and security controls.

The review cycle typically spans several months and culminates in a formal decision granting accreditation, granting accreditation with requirements, or denying it. Accreditation is not permanent; URAC's telehealth accreditation runs on a 2-year cycle, requiring re-evaluation at each renewal. The Joint Commission operates on a 3-year accreditation cycle for most programs.

For technology platforms specifically, ONC certification involves testing by an ONC-Authorized Certification Body (ONC-ACB) — currently Drummond Group and Leidos are among the authorized testers — against the criteria defined in 45 CFR Part 170. This matters practically for any telehealth platform whose clients need certified EHR data to support federal billing programs.

Telehealth credentialing and privileging for individual providers operates through a parallel track — governed by the medical staff bylaws of receiving facilities and, for CMS-participating hospitals, by the Medicare Conditions of Participation at 42 CFR §482.12(a)(8-9).

Common scenarios

The accreditation path an organization pursues depends heavily on what it is and who it serves.

A direct-to-consumer telehealth company operating a national platform — say, one connecting patients to mental health providers across 40 states — would typically pursue URAC telehealth accreditation to signal credibility to employer health plan clients and to support contract negotiations with health systems. This type of organization faces scrutiny across prescribing rules, informed consent, and mental health telehealth standards simultaneously.

A hospital system extending its services through a regional telehealth hub-and-spoke model would likely maintain Joint Commission accreditation as its primary credential, with telehealth standards folded into its existing accreditation scope. The Joint Commission's 2020 updated standards specifically addressed telehealth within hospitals, codifying requirements for provider qualifications at the distant site.

A chronic disease management company integrating wearables and remote monitoring for chronic disease telehealth may find ONC certification relevant if it transmits structured clinical data to provider EHRs, and may additionally pursue NCQA recognition programs tied to HEDIS measure performance.

Decision boundaries

The central question any organization must answer first: is accreditation a regulatory requirement, a contractual requirement, or a voluntary differentiator?

For most telehealth companies operating outside hospital walls, accreditation remains voluntary under federal law. However, a growing number of state Medicaid programs and commercial payers treat URAC or Joint Commission accreditation as a prerequisite for network participation. Checking specific payer and state Medicaid contracts before assuming voluntary status is the only reliable method — not assumptions based on federal baseline rules. Medicaid telehealth coverage policies, for instance, vary considerably by state in their credentialing expectations.

The second decision boundary involves scope: organization-level accreditation versus program-level or technology-level certification. These are not mutually exclusive, and larger health systems often hold multiple credentials simultaneously. ONC certification governs technology, not the organization using it. URAC accreditation governs the organization, not the technology itself. A compliant telehealth policy and regulation strategy addresses both layers.

A third boundary worth naming: accreditation is not the same as licensure. The Joint Commission or URAC cannot authorize a provider to practice across state lines — that remains the exclusive domain of state medical boards. Accreditation speaks to organizational quality standards, not legal authorization. The practical overlap is real, but the legal distinction is absolute.

References

📜 1 regulatory citation referenced  ·   · 

Read Next

HIPAA Compliance in Telehealth: Privacy and Security Requirements ANA › Life Services Authority › National Tele Health HIPAA Compliance in Telehealth: Privacy and Security Requirements HIPAA's privacy... Remote Patient Monitoring: Devices, Data, and Clinical Integration ANA › Life Services Authority › National Tele Health Remote Patient Monitoring: Devices, Data, and Clinical Integration A patient leaves... State Telehealth Laws and Interstate Licensure Compacts ANA › Life Services Authority › National Tele Health State Telehealth Laws and Interstate Licensure Compacts Medical licensure in the...