{"id":1840,"date":"2026-01-20T12:26:47","date_gmt":"2026-01-20T12:26:47","guid":{"rendered":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/?p=1840"},"modified":"2026-04-01T10:56:56","modified_gmt":"2026-04-01T10:56:56","slug":"authentication-hipaa-ready-security-2","status":"publish","type":"post","link":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/kivicare-telemed-addon\/documentation\/core-concepts-telemed-addon\/authentication-hipaa-ready-security-2\/","title":{"rendered":"Authentication Security"},"content":{"rendered":"<div class=\"nolwrap\">\n<p>Security is critical in Telemedicine. The KiviCare Telemedicine Addon implements several layers of protection to ensure patient confidentiality and data integrity.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd11 Authentication Mechanisms<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">OAuth 2.0 (User Managed)<\/h3>\n\n\n\n<p>This is the modern standard. Instead of sharing passwords, doctors &#8220;Authorize&#8221; the KiviCare app.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tokens:<\/strong> The plugin stores <code>access_tokens<\/code> (expires in 1 hour) and <code>refresh_tokens<\/code>.<\/li>\n\n\n\n<li><strong>Handling:<\/strong> Tokens are automatically refreshed in the background during API calls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Server-to-Server OAuth<\/h3>\n\n\n\n<p>Used for institutional accounts. It allows the Admin to manage meetings for multiple doctors under one master account.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security:<\/strong> Requires an <code>account_id<\/code>, <code>client_id<\/code>, and <code>client_secret<\/code>.<\/li>\n\n\n\n<li><strong>Storage:<\/strong> These are stored in the WordPress Options table and protected by standard WordPress security protocols.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udfe5 Clinical Security Features<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Anonymous Join Prevention<\/h3>\n\n\n\n<p>The plugin enforces authentication where possible. By default, it encourages patients to have a display name or Zoom account, preventing &#8220;Zoom-bombing.&#8221;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mandatory Waiting Rooms<\/h3>\n\n\n\n<p>All meetings created via KiviCare are configured with <strong>Waiting Rooms Enabled<\/strong>. The doctor must manually admit the patient, ensuring no unauthorized party enters the &#8220;Digital Exam Room.&#8221;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dynamic Passcodes<\/h3>\n\n\n\n<p>Every meeting is generated with a unique, high-entropy passcode. This is embedded in the <code>join_url<\/code> so the patient can click once, but the underlying meeting remains private.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd12 Data Protection<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>No Video Storage:<\/strong> KiviCare <strong>never<\/strong> stores video recordings or transcripts on your local server. All media flows through Zoom\u2019s encrypted infrastructure.<\/li>\n\n\n\n<li><strong>Encrypted Communication:<\/strong> All API calls use TLS 1.2+ encryption.<\/li>\n\n\n\n<li><strong>Capability Checks:<\/strong> Only the specific doctor assigned to an appointment and the super-admin can view the <code>start_url<\/code>.<\/li>\n<\/ul>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Security is critical in Telemedicine. The KiviCare Telemedicine Addon implements several layers of protection to ensure patient confidentiality and data integrity. \ud83d\udd11 Authentication Mechanisms OAuth 2.0 (User Managed) This is the modern standard. Instead of sharing passwords, doctors &#8220;Authorize&#8221; the KiviCare app. Server-to-Server OAuth Used for institutional accounts. It allows the Admin to manage meetings [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":0,"parent":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55],"tags":[],"class_list":["post-1840","post","type-post","status-publish","format-standard","hentry","category-core-concepts-telemed-addon"],"featured_image_src":null,"author_info":{"display_name":"wordpressadminiq","author_link":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/author\/wordpressadminiq\/"},"_links":{"self":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/1840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/comments?post=1840"}],"version-history":[{"count":6,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/1840\/revisions"}],"predecessor-version":[{"id":3129,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/1840\/revisions\/3129"}],"wp:attachment":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/media?parent=1840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/categories?post=1840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/tags?post=1840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}