{"id":1508,"date":"2026-01-17T07:22:14","date_gmt":"2026-01-17T07:22:14","guid":{"rendered":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/?p=1508"},"modified":"2026-01-24T06:27:16","modified_gmt":"2026-01-24T06:27:16","slug":"authentication-hipaa-ready-security","status":"publish","type":"post","link":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/kivicare-google-meet-telemed-woocommerce-addon\/documentation\/core-concepts-doc\/authentication-hipaa-ready-security\/","title":{"rendered":"Authentication & HIPAA-Ready Security"},"content":{"rendered":"
\n

Security and patient privacy are essential in telemedicine workflows. The KiviCare Google Meet Addon<\/strong> is designed with multiple security layers to protect sensitive healthcare data while maintaining compliance-ready standards.<\/p>\n\n\n\n

\n\n\n\n

Authentication Mechanisms<\/strong><\/h2>\n\n\n\n
OAuth 2.0 (User-Managed Authorization)<\/strong><\/h5>\n\n\n\n

The addon uses Google OAuth 2.0<\/strong>, the industry-standard authentication method. Doctors securely authorize KiviCare to access their Google Calendar without sharing passwords.<\/p>\n\n\n\n

    \n
  • Access Tokens:<\/strong> The system stores both access_token<\/code> and refresh_token<\/code>.<\/li>\n\n\n\n
  • Automatic Renewal:<\/strong> Tokens are refreshed automatically in the background when they expire, ensuring uninterrupted service.<\/li>\n\n\n\n
  • Secure Storage:<\/strong> Tokens are saved as encrypted JSON data within each doctor\u2019s WordPress user metadata.<\/li>\n<\/ul>\n\n\n\n

    This approach ensures secure, permission-based access while maintaining full control at the user level.<\/p>\n\n\n\n

    \n\n\n\n

    Clinical Security Features (HIPAA Readiness)<\/strong><\/h2>\n\n\n\n
    Google\u2019s Enterprise-Grade Security<\/strong><\/h5>\n\n\n\n

    Google Meet operates on Google\u2019s global security infrastructure, the same system used to protect Google\u2019s internal services. This infrastructure supports compliance with major privacy and security regulations.<\/p>\n\n\n\n

    Secure, Unique Meeting Links<\/strong><\/h5>\n\n\n\n

    Each telemedicine appointment generates a unique Google Meet link<\/strong>:<\/p>\n\n\n\n

      \n
    • Links are created dynamically per appointment.<\/li>\n\n\n\n
    • Only invited participants can access the session.<\/li>\n\n\n\n
    • The doctor, as the event owner, retains full control over meeting access and participants.<\/li>\n<\/ul>\n\n\n\n
      Attendee Management<\/strong><\/h5>\n\n\n\n

      The plugin can automatically add both the doctor and patient as attendees in the Google Calendar event. This:<\/p>\n\n\n\n

        \n
      • Associate the meeting with their Google accounts.<\/li>\n\n\n\n
      • Improves meeting authenticity and access control.<\/li>\n\n\n\n
      • Enables a smoother and more secure join experience.<\/li>\n<\/ul>\n\n\n\n
        \n\n\n\n

        Data Protection & Privacy Controls<\/strong><\/h2>\n\n\n\n
          \n
        • No Video Storage:<\/strong> KiviCare does not<\/strong> store video recordings or meeting transcripts. All video and audio streams are handled entirely within Google\u2019s encrypted infrastructure.<\/li>\n\n\n\n
        • Encrypted Communication:<\/strong> All API communication uses TLS 1.2 or higher<\/strong> encryption standards.<\/li>\n\n\n\n
        • Strict Access Control:<\/strong> Only the assigned doctor and authorized administrators can view or manage meeting links within the KiviCare Dashboard.<\/li>\n<\/ul>\n<\/div>","protected":false},"excerpt":{"rendered":"

          Security and patient privacy are essential in telemedicine workflows. The KiviCare Google Meet Addon is designed with multiple security layers to protect sensitive healthcare data while maintaining compliance-ready standards. Authentication Mechanisms OAuth 2.0 (User-Managed Authorization) The addon uses Google OAuth 2.0, the industry-standard authentication method. Doctors securely authorize KiviCare to access their Google Calendar without […]<\/p>\n","protected":false},"author":12,"featured_media":0,"parent":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[],"class_list":["post-1508","post","type-post","status-publish","format-standard","hentry","category-core-concepts-doc"],"featured_image_src":null,"author_info":{"display_name":"wordpressadminiq","author_link":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/author\/wordpressadminiq\/"},"_links":{"self":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/1508","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/comments?post=1508"}],"version-history":[{"count":5,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/1508\/revisions"}],"predecessor-version":[{"id":1600,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/1508\/revisions\/1600"}],"wp:attachment":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/media?parent=1508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/categories?post=1508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/tags?post=1508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}