KiviCare WordPress - Documentation
KiviCare Google meet telemed & woocommerce (Addon)
Core Concepts
Last updated 2 weeks ago

Authentication & HIPAA-Ready Security

Security and patient privacy are essential in telemedicine workflows. The KiviCare Google Meet Addon is designed with multiple security layers to protect sensitive healthcare data while maintaining compliance-ready standards.

Authentication Mechanisms

OAuth 2.0 (User-Managed Authorization)

The addon uses Google OAuth 2.0, the industry-standard authentication method. Doctors securely authorize KiviCare to access their Google Calendar without sharing passwords.

  • Access Tokens: The system stores both access_token and refresh_token.
  • Automatic Renewal: Tokens are refreshed automatically in the background when they expire, ensuring uninterrupted service.
  • Secure Storage: Tokens are saved as encrypted JSON data within each doctor’s WordPress user metadata.

This approach ensures secure, permission-based access while maintaining full control at the user level.

Clinical Security Features (HIPAA Readiness)

Google’s Enterprise-Grade Security

Google Meet operates on Google’s global security infrastructure, the same system used to protect Google’s internal services. This infrastructure supports compliance with major privacy and security regulations.

Secure, Unique Meeting Links

Each telemedicine appointment generates a unique Google Meet link:

  • Links are created dynamically per appointment.
  • Only invited participants can access the session.
  • The doctor, as the event owner, retains full control over meeting access and participants.
Attendee Management

The plugin can automatically add both the doctor and patient as attendees in the Google Calendar event. This:

  • Associate the meeting with their Google accounts.
  • Improves meeting authenticity and access control.
  • Enables a smoother and more secure join experience.

Data Protection & Privacy Controls

  • No Video Storage: KiviCare does not store video recordings or meeting transcripts. All video and audio streams are handled entirely within Google’s encrypted infrastructure.
  • Encrypted Communication: All API communication uses TLS 1.2 or higher encryption standards.
  • Strict Access Control: Only the assigned doctor and authorized administrators can view or manage meeting links within the KiviCare Dashboard.

Suggestions & Improvements

Your email address will not be published. Required fields are marked *