Telehealth Video Platform

Telehealth Video Calling

Secure 1:1 video consultations between patient and doctor using LiveKit SFU with waiting room, admission control, and real-time session management

LiveKit SFU
HIPAA Compliant
Waiting Room
1:1 Consultations
LiveKitSpring BootReactRedisWebRTCJWT

Feature Overview

Core capabilities and future enhancements for telehealth video consultations

Must-Have (MVP)

  • JWT-based authentication with role-based access (PATIENT/DOCTOR)
  • Appointment CRUD with ownership validation
  • Call session lifecycle (WAITING → RINGING → IN_CALL → ENDED)
  • LiveKit token issuance with short TTL and room scoping
  • Waiting room with admission control (Redis-backed)
  • Doctor admit/reject workflow with audit logging
  • Real-time presence tracking with TTL-based cleanup
  • WebRTC media routing via LiveKit SFU

Nice-to-Have (Later)

  • Group consultations (multi-participant)
  • Screen sharing and file transfer
  • Recording and transcription storage
  • Appointment reminders and notifications
  • Patient health records integration
  • E-prescribing workflow
  • Billing and insurance claims integration
  • Admin dashboard with analytics

System Architecture

Microservices architecture with clear separation of concerns

Frontend (React + TypeScript)

Appointment workflows, LiveKit call room, waiting room UI, and in-call controls

  • Auth module (login/logout, token storage)
  • Appointments (list, details, start visit)
  • Call Room (LiveKit integration)
  • Waiting room UI with admission status
  • In-call controls (mute, camera, leave)

Backend (Spring Boot)

Control plane for authentication, appointments, call sessions, and LiveKit token issuance

  • JWT authentication with role-based access
  • Appointment service (CRUD)
  • Call session service (lifecycle management)
  • Waiting room service (Redis-backed)
  • LiveKit token service (scoped grants)
  • Audit service (lifecycle events)
  • Webhook receiver (LiveKit events)

Redis (Real-time State)

TTL-based session state for waiting room, admission, and presence tracking

  • call:{id}:status → WAITING/RINGING/IN_CALL/ENDED
  • call:{id}:admitted:{patientId} → true/false
  • call:{id}:presence:{userId} → lastSeen
  • Automatic TTL-based cleanup

Database (PostgreSQL)

Persistent storage for users, appointments, call sessions, and audit events

  • Users (role-based: PATIENT/DOCTOR)
  • Appointments (doctor-patient mapping)
  • CallSessions (state machine)
  • AuditEvents (lifecycle tracking)

LiveKit (SFU Media Plane)

WebRTC media routing for low-latency video consultations

  • Room naming: appointment-{appointmentId}
  • Participant identity: userId
  • Track management (audio/video)
  • Webhook events (join/leave/state)

Core Workflows

Step-by-step flows from appointment to call completion

Doctor Starts Visit

1

Doctor opens Appointment Details

2

Clicks Start Visit button

3

Backend creates CallSession (status: RINGING)

4

Initializes Redis state with TTL

5

Writes audit event SESSION_CREATED

6

Doctor joins LiveKit room automatically

Patient Joins Waiting Room

1

Patient clicks Join Call

2

Frontend requests LiveKit token

3

Backend validates patient ownership

4

Issues token with restricted grants (subscribe-only)

5

Patient connects to LiveKit room

6

UI shows 'Waiting for doctor to admit you'

Doctor Admits Patient

1

Doctor sees patient in waiting room

2

Clicks Admit Patient button

3

Backend sets admitted=true in Redis

4

Writes audit event PATIENT_ADMITTED

5

Patient receives new token (publish enabled)

6

Both parties can now see and hear each other

End Call

1

Doctor clicks End Call button

2

Backend updates CallSession to ENDED

3

Clears Redis keys (status, admission, presence)

4

Writes audit event CALL_ENDED

5

Clients disconnect from LiveKit

6

UI shows 'Visit ended' message

Security & Compliance

HIPAA-compliant architecture with multi-layered security controls

JWT Authentication

Role-based access control (PATIENT/DOCTOR) with strict RBAC per appointment relationship

LiveKit Token Rules

Short-lived tokens (5-10 min) with room scoping, identity mapping, and role-based grants

Webhook Security

Signature validation for LiveKit webhooks using shared secret to prevent spoofing

PHI Protection

No PHI in logs; audit stores only operational metadata with encrypted sensitive data

Admission Control

Doctor must explicitly admit patient from waiting room before enabling video/audio

State Machine Enforcement

Backend enforces call lifecycle transitions and prevents unauthorized state changes

LiveKit Token Grant Matrix

Doctor

  • Publish audio/video
  • Subscribe to all tracks
  • Admin privileges
  • Admit participants

Patient (Before Admission)

  • Subscribe only (watch doctor)
  • No audio/video publishing
  • Read-only presence

Patient (After Admission)

  • Publish audio/video
  • Subscribe to doctor tracks
  • Full participation

Key Benefits

Enterprise-grade telehealth video platform with proven architecture

Production-Ready Architecture

Robust state machine, Redis-backed real-time state, and comprehensive audit logging

99.9% Uptime

HIPAA Compliance

PHI protection, encrypted tokens, webhook signature validation, and audit trails

Enterprise-Grade Security

Scalable Media Infrastructure

LiveKit SFU handles WebRTC complexity with low latency and efficient bandwidth usage

Sub-100ms Latency

Admission Control

Doctor-controlled waiting room prevents unauthorized access and manages patient flow

Zero Unauthorized Access

Real-Time State Management

Redis TTL-based cleanup ensures consistent state without manual intervention

Automatic Cleanup

Cost-Effective Deployment

Managed LiveKit or self-hosted options with stateless backend for horizontal scaling

Flexible Hosting

Build Your Next Product With AI Expertise

Experience the future of software development. Let our GenAI platform accelerate your next project.

Schedule a Free AI Blueprint Session