STUN (Session Traversal Utilities for NAT) is a lightweight discovery protocol a device uses to learn its own public network address — the address the rest of the internet sees, which is usually different from its private address behind a home or office router. Armed with that public address, two devices can often establish a direct peer-to-peer media path through ordinary NAT (network address translation) without relaying anything through a server.
For a telemedicine product, STUN is the cheap first line of connectivity. A STUN server does almost no work — it answers a small request telling the device what address it appears to be coming from — so it costs very little to operate and succeeds for the majority of home and consumer networks. When STUN is not enough, typically because of a symmetric NAT or a strict corporate or hospital firewall, the connection framework (ICE) falls back to a TURN relay instead.
The important property for compliance is that no media ever flows through a STUN server; it only helps with address discovery during connection setup. As a result, STUN carries no PHI by itself and does not, on its own, sit inside the same heightened compliance boundary that a media-relaying TURN server does. The practical pitfall is assuming STUN alone guarantees connectivity — it does not, and a product that provisions STUN but neglects TURN will leave a meaningful share of clinical calls unable to connect on restrictive networks.
