Medical Video App Development in 2026: HIPAA, EHR & Cost Playbook

Why Fora Soft wrote this medical video app development playbook

We have built and shipped HIPAA-compliant medical video apps for paying clinicians in three different healthcare markets. CirrusMED is a subscription telemedicine platform for private US practices. MyOnCallDoc is an on-demand video consultation product. Cloud Doctors is a Brazilian telemedicine platform that handles thousands of video consultations a month. Each of those products had to pass the same gates yours will: a real BAA chain, an EHR integration that clinicians actually use, audio-video quality good enough for a clinical decision, and a recording workflow that does not blow up the next time a state attorney general asks for an audit trail.

Beyond the medical work, our team has spent more than two decades on real-time video. We are WebRTC engineering specialists, and we run video, voice and AI features in production for clients across telehealth, EdTech, surveillance and broadcast. That cross-domain depth is what lets us move quickly on the things that usually slow medical builds down: SFU sizing, recording pipelines, low-bandwidth fallback, NAT traversal in hospital networks, and the dozens of tiny clinical-workflow choices that decide whether providers actually use your product.

This guide is the playbook we use internally on every new medical video app development engagement. It is opinionated, focused on what actually ships, and grounded in the public guidance from HHS OCR, CMS, the FDA and the engineering reality of 2026. Read it before you sign any vendor contract.

The 2026 market reality for medical video apps

Telehealth did not retreat after the pandemic — it normalised. McKinsey’s Telehealth Insights series shows utilisation stabilised at roughly 38 times the pre-COVID baseline through 2023 and held that floor into 2024 and 2025. Grand View Research and Fortune Business Insights both project the global telemedicine market to compound at 17–21% per year through 2030, on a base in the $60–$80B range. That is not a fad number; that is sustained demand.

Two patterns dominate inside that growth. First, video is winning over phone-only. The share of telehealth visits with a video component has climbed past the audio-only share in most US specialties. Second, payors are no longer treating video as exotic. CMS extended the major telehealth flexibilities through at least 2025 in the year-end omnibus, and most state Medicaid programs now reimburse video visits at parity with in-office for primary care, behavioural health and chronic-disease follow-ups.

The implication for buyers: this is no longer the right time to bolt a free Zoom link onto your patient portal. Patients expect a real product. Clinicians expect EHR access from inside the call. Compliance teams expect a documented audit trail. The bar has moved.

The three viable paths for medical video app development

Almost every medical video project lands on one of three architectures. Picking the wrong one is the most expensive mistake in the entire build, and the choice is not about “which is best” — it is about who you are.

Path A — Vertical telehealth SaaS (Doxy.me, VSee, Updox, eVisit)

A pre-packaged HIPAA video product. You sign a BAA, point patients at a branded waiting-room URL and you are live in a week. Pricing typically lands at $35–$200 per provider per month for the base tier. Customisation is shallow — you cannot rewire the call UI or splice in a custom EHR launch flow — but you also do not have to.

Path B — EHR-bundled video (Epic Telehealth, Cerner / Oracle Health, athenahealth, eClinicalWorks)

If your hospital or health system already runs Epic, Oracle Health (Cerner) or athena, your EHR vendor sells a video module that lives inside the existing chart. The BAA is already in place, scheduling integration is native, and clinicians do not learn a second product. You pay for it as part of the EHR contract or as a per-visit fee.

Path C — Custom WebRTC build on LiveKit, mediasoup or Janus

A custom medical video app built on an open-source WebRTC SFU and your own infrastructure. You own the patient experience end-to-end, you choose where data lives, and you can integrate any device, EHR, payment processor, AI model or specialist workflow you want. This is the path most digital-health vendors, multi-state telehealth networks, RPM platforms and connected-device companies eventually take. We unpack the engineering trade-offs in our Agora.io alternatives playbook and our P2P vs MCU vs SFU comparison.

Medical video stack comparison matrix

A side-by-side of the seven platforms that come up most often in medical video app development discovery calls in 2026. Pricing is rounded to the public list rate; volume discounts move the numbers but not the relative ordering.

Two notes on the table. First, “BAA” means the vendor will sign a Business Associate Agreement that explicitly covers their telehealth video product, not just the parent company — ask for the document, do not take a sales rep’s word for it. Second, the LiveKit / mediasoup row is the only one where you also pay engineering time; we cover the realistic cost shape in the cost model section below.

HIPAA, BAAs and the regulatory floor every medical video app must clear

There is exactly one rule that decides which technology stacks you can even consider: the HIPAA Security Rule (45 CFR §§ 164.302–318), interpreted through HHS OCR’s telehealth guidance and the BAA chain. Most engineering teams underestimate how much architecture this single rule dictates. Here is the floor.

1. Signed BAA from every vendor that touches PHI. Your video provider, your cloud, your transcription / captioning service, your storage, your CDN, your error-tracking SaaS — every one of them. OCR’s 2022 telehealth notice and the August 2023 sunset of pandemic enforcement discretion mean consumer Zoom, FaceTime, Skype and the consumer tier of WhatsApp are off-limits for routine PHI exchange.

2. Encryption in transit and at rest. TLS 1.2+ for signalling, SRTP for the media plane, AES-256 for stored recordings and transcripts. KMS-backed customer-managed keys are now the audit-friendly default; we cover the broader picture in our WebRTC security guide.

3. Access control, audit log and integrity. Unique user IDs, role-based access, MFA for clinicians. Tamper-evident audit logs of every PHI access — OCR will ask for these in any breach investigation. Integrity checks (hash, checksum) on stored video and transcripts.

4. Recording-consent gating. Two-state two-party consent law applies in 12+ US states. Best practice is a double prompt: ask to record, then ask to store. Capture the consent, version it, and store the consent record alongside the recording. Set a retention policy (typically 7–10 years for clinical records, but check state law).

5. Cross-border data and additional regimes. If patients live in the EU, GDPR applies and the European Health Data Space (EHDS) framework is becoming relevant from 2025 onward. UK NHS deployments need to clear DCB0129 / DCB0160. Brazil triggers LGPD. Canada triggers PIPEDA and provincial overlays. Each adds documentation, not architecture, but you will not pass a hospital procurement without it. Our healthcare software compliance playbook goes deeper on the multi-jurisdiction stack.

Reference architecture for a custom HIPAA medical video app

When clients ask us to design a medical video app from scratch, this is the reference architecture we start from. It is a defensible default for a 50–500 concurrent-call platform — large enough to carry a real telehealth network, small enough to not over-engineer for a Series A.

Client tier. A React or Next.js web app, plus iOS and Android native shells when push, background audio or device integrations matter. Mobile is non-negotiable for behavioural health and rural use cases.

Real-time media tier. A LiveKit SFU cluster, or mediasoup if you need maximum customisation, on Hetzner AX-series or AWS c7g instances. SFU sizing rule of thumb: one mid-tier server handles 200–400 concurrent participants at 720p; double it at 1080p. Add TURN servers in the regions your patients live in.

Application tier. Node.js or Go API behind an authenticated gateway. Postgres for clinical metadata. Redis for session state. A Kafka or Redpanda stream for audit events and webhooks.

Storage tier. Recordings to S3 with SSE-KMS, Object Lock for retention, lifecycle to Glacier after 90 days. Wasabi is a popular cheaper alternative when egress is predictable. Transcripts to Postgres with field-level encryption for PHI columns.

Identity and EHR tier. SAML / OIDC SSO for clinicians, magic-link or OTP for patients. SMART on FHIR for in-EHR launches. HL7 v2 ADT feeds for legacy hospital systems.

AI and intelligence tier. Real-time captioning and PHI redaction (Deepgram / AssemblyAI with BAA, or self-hosted Whisper). Optional medical translation via LiveKit + interpreter pool — we wrote up the architecture in our LiveKit AI agent guide. Optional clinical summary generation with a HIPAA-aware LLM provider.

Must-have features in a 2026 medical video app

Patients judge a telehealth app the way they judge a banking app: on the small details. Clinicians judge it on whether it saves them clicks. Below are the features that move both meters — everything else is debatable.

Pre-visit virtual waiting room. A branded URL, an auto check-in flow, intake-form pre-fill from the EHR, insurance card scan, and consent capture. The waiting room is where 80% of churn happens; it deserves the polish of an onboarding screen, not a placeholder page.

In-call clinical workspace. Notes side panel, problem list, allergies, current medications. Quick links to e-prescribe (Surescripts), order labs (LabCorp / Quest) and request imaging. The fastest way to lose clinician adoption is to make them alt-tab to the EHR mid-conversation.

Multi-party joins. Specialist consult, family member, sign-language or medical interpreter, scribe. The app must let any of them join with one tap and audit the consent for each.

Real-time captioning + medical translation. Captions improve accessibility scores and accuracy of clinical notes. Translation unlocks entire patient populations — we wrote the playbook in our OpenAI Realtime + WebRTC integration guide.

Connected device input. BLE pulse-ox, BP cuff, glucose meter, Tyto Care otoscope or derm cam. Show the live reading as an overlay during the call and persist it to the visit record.

Recording with two-step consent and retention policy. Ask to record, then ask to store. Encrypt, version the consent, set a retention policy that matches state and specialty rules.

Low-bandwidth fallback. Audio-only, then SMS-with-photo, in that order. Rural broadband is still the largest single source of dropped visits.

Tokenised copay collection. Stripe or Square inside the call, with insurance-eligibility check before the visit so the patient is not surprised by a balance.

EHR integration is the project, not a feature

Clinician adoption lives or dies on EHR integration. A medical video app that requires a doctor to switch tabs and re-key the encounter into Epic will be uninstalled inside three months — we have watched it happen. Plan for two integration patterns from day one.

SMART on FHIR launch. The clinician opens the patient’s chart in the EHR, clicks “Start Video Visit”, and your app launches inside a context-aware iframe with the patient and encounter ID pre-populated. Notes write back through FHIR DocumentReference and Encounter resources. This is the modern, audited pattern, and it is required for App Orchard / Epic Marketplace listings.

HL7 v2 ADT bridge. A surprising number of community hospitals and behavioural-health networks still run on legacy HL7 v2. You will need an interface engine (Mirth Connect, Rhapsody, Iguana) to translate ADT, ORM and SIU messages into FHIR resources your app understands. Budget for it — this is where unsuspecting startups lose six weeks.

Do not ignore eRx and lab orders. Surescripts requires its own onboarding (about 8–12 weeks) and the controlled-substance flow (EPCS) needs DEA-compliant identity proofing. Every state board is slightly different.

Audio-video quality is a clinical safety issue

A glitchy call in a SaaS demo costs you a deal. A glitchy call in a dermatology consult costs the patient a missed melanoma. Set quality targets like a clinical product, not a chat app.

Bitrate floors by specialty. Dermatology and wound care need 5–8 Mbps and 1080p with stable colour. Primary care and behavioural health are fine at 2–4 Mbps 720p. Audio-only is acceptable for triage but must be flagged in the encounter record.

Quality KPIs. Track MOS-LQO (target > 4.0), packet loss (< 2% sustained), jitter (< 30 ms), P95 join time (< 3 s) and P99 freeze rate (< 1%). Send them to your audit log alongside the encounter, not just to your engineering dashboard.

Business KPIs. No-show rate before vs after deploying video, completion rate, time-to-third-available appointment, RPM enrolment, copay collection rate, patient NPS (target > 50 for telehealth), clinician adoption (target > 80% within 90 days).

Reliability KPIs. SFU uptime (> 99.95%), recording-pipeline success rate (> 99.9%), audit-log write success (must be 100% — missed audit logs are a HIPAA finding).

Mini case — CirrusMED, MyOnCallDoc and Cloud Doctors

Three of our medical video projects show how the same playbook adapts to different markets.

CirrusMED is a subscription-based US telemedicine platform aimed at private practices. The team had a clinical model and a patient base; what they needed was a HIPAA-grade video product that did not bleed cash on per-minute SaaS fees as they scaled. We built a custom WebRTC stack, integrated provider scheduling and the EHR side panel, and shipped recording with two-step consent and KMS-encrypted storage. See the CirrusMED case study.

MyOnCallDoc is an on-demand US telehealth product where patients connect to the next available provider. The architecture problem was different — queueing, provider availability, surge capacity — so we built a routing layer in front of the SFU and tuned join times under three seconds at the P95 even with a cold provider pool. See the MyOnCallDoc case study.

Cloud Doctors is a HIPAA-aligned Brazilian telemedicine platform. The local layer here was LGPD compliance, Portuguese-language transcription and integration with Brazilian payment rails. Same SFU, different compliance, different identity stack. See the Cloud Doctors case study. Want a similar compressed assessment for your product? Book a 30-minute scoping call.

Cost model — what a medical video app actually costs in 2026

Most online cost guides for medical video app development quote $200K–$500K. Those numbers come from agency rate cards built before AI-assisted engineering reset productivity. Our actual 2026 numbers, after the move to spec-driven Agent Engineering, are lower. We will publish a tighter range only when the use case is clear, but here is the honest shape.

MVP (12 weeks). Web-only, single-state, 1:1 video, basic recording, light EHR side panel, BAA-friendly cloud. Realistic landing zone: $60K–$120K of engineering plus $300–$1,000 / month of infrastructure during pilot.

Production-grade (4–6 months). Web + iOS + Android, multi-party, real-time captioning, deep SMART-on-FHIR EHR integration, recording with retention, vital-sign overlay, multi-region SFU. Realistic landing zone: $150K–$300K plus $1,500–$5,000 / month infrastructure at modest scale.

Compliance, audit, certifications. HITRUST CSF or SOC 2 Type II first issuance: $25K–$60K plus 4–8 weeks. Annual surveillance after that.

Run-rate. A custom LiveKit-on-Hetzner stack at 50–100 concurrent calls runs at $400–$1,500 / month all-in. Compare that to $0.004–$0.025 per participant-minute on a SaaS API: at 200,000 participant-minutes / month you cross the break-even line and the custom stack becomes meaningfully cheaper. We unpack the per-minute math in our telemedicine platform cost guide.

A decision framework — pick your medical video stack in five questions

Run this framework end-to-end before you talk to a vendor. It will collapse a six-month evaluation into one afternoon.

1. Are you a HIPAA Covered Entity, a Business Associate, or neither? If yes to either of the first two, every vendor must sign a BAA and audit logging is non-optional. If neither, you may still need GDPR, LGPD, PIPEDA or local consumer-privacy compliance — check with counsel.

2. Will you prescribe DEA-controlled substances over video? If yes, you need EPCS-compliant identity proofing, two-factor authentication for prescribers, and you must monitor the evolving Ryan Haight Act / DEA telemedicine flexibilities. This eliminates several SaaS options.

3. Does the EHR you must integrate with already have a video module worth using? If you are an Epic shop and your providers will not learn anything new, the answer is usually “use Epic Telehealth.” If you are a multi-EHR network or a digital-health vendor selling across systems, the answer is almost always “build it” or “buy a customisable WebRTC API.”

4. How many states / countries / languages? One state, one language → Doxy.me / VSee may be enough. Multi-state → you need state-board licensing automation. Multi-country → you need a regional SFU strategy and additional regulatory work (GDPR, LGPD, EHDS, PIPEDA).

5. Are connected medical devices part of the encounter? If yes — Tyto Care, Welch Allyn digital scopes, BLE pulse-ox, BP cuff — you almost certainly need a custom build. The SaaS options do not expose deep enough hooks for medical device data fusion at the call layer.

Five pitfalls that derail medical video app development projects

1. Skipping the BAA chain audit. Every PHI-touching SaaS in the stack — transcription, error tracking, analytics, push provider, file storage — needs a signed BAA. The most common breach pattern is a developer wiring up Sentry, LogRocket or a third-party transcript provider on a Friday and exposing the org to a six-figure HIPAA penalty by Monday.

2. Treating EHR integration as “phase two”. Clinician adoption fails without it. Plan the SMART on FHIR launch and at least one HL7 v2 ADT bridge in the MVP, even if you ship them at week 12 instead of week 4.

3. Recording without two-step consent and a retention policy. Two-state consent, dual prompts (record? store?), versioned consent records, and a documented retention policy that matches state and specialty rules. Otherwise the first state AG inquiry takes the platform offline.

4. No low-bandwidth fallback. Patients in rural counties drop off above 30% if you do not offer audio-only and SMS fallback. The fallbacks need to fail safe into the same encounter record — do not start a parallel chat thread that escapes audit.

5. Confusing “HIPAA-ready” with “HIPAA-certified.” There is no such thing as HIPAA certification — it is a self-attested compliance regime. What you can get is HITRUST CSF certification or SOC 2 Type II, which most large hospital procurement teams now require. Plan for the audit early; do not retrofit.

When you should not build a custom medical video app

Custom is not always the right answer. Three situations where a vertical SaaS or EHR-bundled module is honestly the better business decision:

You are a small clinic. Under 15 providers, single state, no DEA Rx, no specialty workflow that the SaaS does not cover. Doxy.me or VSee will be ready in a week, BAA-signed, $35–$60 per provider per month. Custom would be a vanity expense.

You are an Epic shop with no patient-facing differentiation. Epic Telehealth is bundled, native, and your providers know the chart already. Building a parallel video product to compete with the EHR’s own module rarely earns its budget back.

You have less than $40K and need to launch in 30 days. Custom is not the move. Pick a SaaS, ship the pilot, prove demand and revenue, then revisit the build conversation in six months with real data. We have written that whole sequence up in our healthcare video conferencing playbook.

AI features that earn their keep in a medical video app

AI is the noisiest part of the 2026 medical video conversation. Most of it is hype. The handful of features below are the ones we have actually shipped to clinicians who keep using them.

Real-time medical transcription. Whisper-large or Deepgram Nova for English; specialty-tuned models for cardiology, oncology and behavioural health vocabularies. Pair it with PHI auto-redaction before any text leaves the BAA boundary.

Ambient clinical scribe. The transcript becomes a structured SOAP note draft that the clinician edits in 60 seconds instead of writing in 6 minutes. The clinician owns the final note — AI never auto-files. This single feature has been the biggest adoption lever we have seen in the past 18 months.

Real-time medical translation. A LiveKit agent runs alongside the call, transcribes, translates and re-synthesises in the patient’s language. Useful for paediatrics, ED triage and refugee health programmes. We deep-dive the architecture in our voice AI agents on LiveKit guide.

Triage and intake bots. A patient-facing chat that runs the structured intake before the visit starts. Reduces clinician cognitive load and produces a clean problem list inside the first 15 seconds of the encounter.

Vital-sign anomaly flags. If the call ingests live BLE pulse-ox or BP, an on-device model can flag clinically significant trends in real time. Useful for chronic-care RPM, never a substitute for the clinician’s judgement.

Mobile, accessibility and the patient experience details that decide adoption

Roughly 60% of telehealth visits in the US are now joined from a phone. Behavioural health goes higher — closer to 80%. If your medical video app does not feel native on iOS and Android, you are leaving market on the table.

Native shells over PWA. CallKit on iOS for system-level call UI, ConnectionService on Android. Picture-in-picture so the patient can read the EHR-issued instructions or take medicine while the call continues. Background audio support so the clinician can take notes in a separate app.

Network resilience. Adaptive bitrate, ICE restart on network change, audio-priority degradation when bandwidth collapses. Assume cellular, plan for spotty.

WCAG 2.2 AA + Section 508. Captions, screen-reader labels on every UI element, large-touch-target controls, colour contrast 4.5:1 minimum. Federally funded health systems require it. Most state Medicaid procurements now require it. It is also just the right thing to do.

Security deep dive — what HIPAA actually expects from your stack

HIPAA does not specify technologies; it specifies outcomes. The technical safeguards in § 164.312 translate into a fixed set of architectural patterns for a video app:

Identity and access. Unique user IDs, MFA enforced for clinicians, session timeout (15 minutes is a common default), automatic logoff, role-based access with least privilege, deprovisioning workflow tied to your HR system.

Audit and integrity. Append-only audit log of every PHI access. KMS-signed log entries. Daily integrity checks on stored recordings (hash). Quarterly access reviews.

Transmission and storage encryption. TLS 1.2+ everywhere, SRTP for the media plane, AES-256 for storage with customer-managed keys. End-to-end encryption is increasingly available in WebRTC stacks; just be aware it breaks server-side recording and transcription unless you decrypt at a HIPAA-aware media gateway.

Vulnerability management and response. Documented patching cadence, a tested incident response plan with notification timelines (60 days for breach notification under HITECH), at least annual penetration testing.

Specialty-specific build checklists

A medical video app for paediatric behavioural health is not the same product as one for tele-dermatology. Three quick checklists for the specialties we get the most enquiries for.

Behavioural health. Long-session stability (45–60 minutes), waiting-room privacy controls, group-therapy breakouts with HIPAA-safe rooms, mood-tracking integrations, escalation pathway to crisis support. No screen recording on patient side. Closed captioning for accessibility.

Dermatology and wound care. 1080p with stable colour rendition, manual colour-temperature lock, ability to pause and capture a high-resolution still and tag it to the encounter, follow-up scheduling baked into the visit close.

Primary care and chronic-disease follow-up. RPM device ingest (pulse-ox, BP, glucose), trend graphs in the call UI, e-prescribing integration, asynchronous photo upload between visits, refill workflow.

Build new vs migrate from Twilio Video, Vonage or Agora

Twilio Video’s sunset is the largest forced migration in healthcare video this decade — the platform was officially retired at the end of 2024, and many medical SaaS apps and digital-health products were caught flat-footed. Most of them now sit on one of three options.

Lift-and-shift to Vonage Video. Fastest path. Similar API surface, BAA available, per-minute pricing comparable. Migration usually 4–6 weeks for a typical clinical app.

Re-platform on LiveKit Cloud or Daily.co. Modern API, lower per-minute pricing, better recording. Migration 8–12 weeks. Best fit if you wanted to refactor anyway.

Custom build on self-hosted LiveKit / mediasoup. The right answer above ~200,000 participant-minutes per month. Migration 4–6 months for a production app. Run-rate falls 5–10x at scale, you own the stack, and you remove vendor concentration risk.

A 12-week MVP roadmap for medical video app development

If you are starting from scratch, this is the realistic 12-week MVP plan. Anything tighter and quality slips; anything longer and momentum dies.

Weeks 1–2. Discovery, regulatory mapping, BAA chain audit, EHR contact, clinical workflow shadow sessions. Output: a signed-off feature scope and an architecture diagram.

Weeks 3–5. SFU stand-up, identity, baseline patient and provider apps, waiting room, 1:1 video, recording.

Weeks 6–8. EHR side panel, SMART on FHIR launch, intake and consent, copay collection, audit log infrastructure.

Weeks 9–10. QA on a clinician pilot panel. Quality benchmarks: MOS-LQO > 4.0, P95 join < 3 s, P99 freeze < 1%. Iterate.

Weeks 11–12. Compliance hardening, penetration test, BAA review, soft launch with the pilot panel. Begin SOC 2 Type II or HITRUST kick-off in parallel.

FAQ

What to Read Next

Ready to ship a medical video app worth using?

Medical video app development in 2026 is a solved engineering problem and an unsolved business one. The hard parts — HIPAA, the BAA chain, EHR integration, clinical adoption, recording consent, low-bandwidth fallback — are exactly the parts most vendors gloss over in their first call. The right partner will spend the first 30 minutes on those, not on a product demo.

Three live products on our portfolio — CirrusMED, MyOnCallDoc, Cloud Doctors — show that the playbook in this guide is the same one we run on real engagements. If you want a defensible scoping doc, sized SFU plan and a 12-week MVP estimate inside 48 hours, the next step is a 30-minute call with our medical video team.