How much does it cost to build a telehealth app?

Building from scratch with Twilio Video + Deepgram transcription + custom HIPAA layer costs $8,000-$15,000/month in vendor fees plus $50,000-$200,000 in development. V100 consolidates video, transcription, AI clinical notes, and HIPAA compliance into one API at $2,000-$3,000/month, with an MVP buildable in 2-4 weeks by a single developer.

Is V100 HIPAA compliant for telehealth?

V100 provides the technical controls required for HIPAA compliance: end-to-end encryption, audit logging, access controls, and BAA availability. However, HIPAA compliance is an organizational responsibility, not just a technology feature. You must also implement proper administrative safeguards, staff training, and policies. V100 handles the technical infrastructure; you handle the operational compliance.

Can V100 generate clinical notes from video visits?

Yes. V100 transcribes video visits in real time and uses AI to generate structured clinical notes in SOAP format (Subjective, Objective, Assessment, Plan). The AI also extracts action items, follow-up tasks, and medication mentions. These notes are drafts that require physician review and approval before being added to the patient record.

What is post-quantum signed recording and why does telehealth need it?

Post-quantum (PQ) signed recordings use Dilithium digital signatures that are resistant to quantum computing attacks. For telehealth, this matters because medical recordings may need to be verified for authenticity years or decades later in malpractice cases. Traditional RSA/ECDSA signatures could be forged by future quantum computers. PQ signatures provide long-term tamper evidence that remains cryptographically sound regardless of advances in quantum computing.

How to Build a Telehealth App in 2026

The telehealth market is projected to exceed $380 billion by 2030. COVID proved that patients will use video visits. Post-pandemic, the question shifted from "will patients adopt telehealth?" to "who will build the best telehealth experience?" The answer is not the incumbents. The legacy telehealth platforms built in 2020 were rushed to market and it shows: clunky UIs, no AI, no clinical documentation, and HIPAA compliance held together with duct tape.

The opportunity for healthcare founders in 2026 is to build telehealth applications that do more than video calls. Modern telehealth should automatically transcribe visits, generate structured clinical notes, produce action items for the care team, record visits with tamper-proof signatures for medicolegal protection, and integrate with EHR systems. That was a 12-18 month, $500K+ development project in 2022. In 2026, V100's API handles all of it.

This guide walks through building a telehealth application from scratch using V100. It covers HIPAA requirements (what actually matters vs. what is theater), the technical architecture, step-by-step MVP development, cost comparison, and the regulatory checklist you need before going live.

The Market: $380B+ and Growing

Telehealth is not a pandemic bubble. It is a structural shift in healthcare delivery. The market drivers are permanent: an aging population that struggles with in-person visits, a physician shortage that requires providers to see more patients per day, rural areas with no local specialists, employer demand for convenient healthcare benefits, and payer reimbursement policies that now cover telehealth visits at parity with in-person visits in most states.

The opportunity is in verticals. General telehealth is commoditized (Teladoc, Amwell, MDLive). Vertical telehealth is wide open: dermatology, behavioral health, physical therapy, speech therapy, chronic condition management, pediatrics, fertility, men's health, women's health, and post-surgical follow-up. Each vertical has specific workflow requirements that general platforms handle poorly. That is your wedge.

HIPAA Requirements: What Actually Matters

HIPAA compliance is the first thing every healthcare founder worries about and the most misunderstood. HIPAA is not a certification you buy. It is an ongoing organizational commitment with specific technical, administrative, and physical safeguard requirements. Here is what actually matters for a telehealth application.

HIPAA technical safeguards for telehealth

Encryption in transit and at rest

All PHI (protected health information) must be encrypted. Video streams, recordings, transcripts, and clinical notes must be encrypted in transit (TLS 1.3 minimum) and at rest (AES-256 or equivalent). V100 encrypts all data in transit and at rest by default. Post-quantum encryption adds an additional layer for long-term protection.

Audit logging

Every access to PHI must be logged: who accessed what, when, from where, and what they did. V100 provides comprehensive audit logs for all API calls, video sessions, recording access, and transcript views. You must also implement audit logging in your application layer for user authentication and data access.

Access controls

Role-based access control (RBAC) ensures providers see only their patients' data. V100's tenant isolation and session-level access controls handle the video infrastructure side. Your application handles provider-patient relationship mapping and role enforcement.

Business Associate Agreement (BAA)

Any vendor that handles PHI on your behalf must sign a BAA. This is a legal agreement, not a technical control. You need BAAs with V100 (video/transcription/recordings), your cloud provider (AWS/GCP/Azure), your auth provider, and any other service that touches patient data. V100 provides a BAA as part of its healthcare tier.

Automatic session timeout

Sessions must time out after a period of inactivity. This prevents unauthorized access if a provider leaves their workstation unlocked. Implement a 15-minute idle timeout in your application with re-authentication required to resume.

The common mistake: treating HIPAA compliance as a checkbox on your vendor's feature list. V100 provides the technical controls (encryption, audit logs, access controls, BAA). But HIPAA compliance also requires administrative safeguards (staff training, policies, incident response plans) and physical safeguards (workstation security, device management) that are your responsibility. No vendor can make you HIPAA compliant. Vendors provide tools. You provide the compliance program.

Architecture: Patient App, V100 API, Provider Dashboard

The telehealth architecture is straightforward. Your application has three components: a patient-facing interface (web or mobile), V100's API handling all video and AI processing, and a provider-facing dashboard for managing appointments and reviewing clinical notes.

System architecture

# Patient journey

Patient → Your App → Schedule visit (your scheduling)

→ Join video visit (V100 meeting API)

→ Real-time transcription (V100, 40+ languages)

→ AI clinical notes (V100, SOAP format)

→ PQ-signed recording (V100, Dilithium)

→ Follow-up actions (your workflow)

# Provider dashboard

Provider → Dashboard → View schedule (your DB)

→ Join video visit (V100 meeting API)

→ Review AI notes (V100 AI output)

→ Approve/edit notes → Push to EHR (FHIR API)

→ Access recordings (V100, audit-logged)

Step 1: Authentication and Patient Identity

Healthcare authentication has higher requirements than typical SaaS. You need to verify patient identity (not just email/password), enforce MFA for providers, and maintain audit trails for every login. Use a HIPAA-ready auth provider like Auth0 Healthcare or build your own with proper session management, MFA, and audit logging.

Patient-side authentication should be low-friction. Patients abandon telehealth apps that require too many steps to join a visit. The best pattern: patient receives an email/SMS with a unique visit link, enters their date of birth for identity verification, and joins the video visit. No app download required. No account creation required for the first visit.

create-visit.js

import { V100 } from 'v100-sdk';
const v100 = new V100({
  apiKey: process.env.V100_API_KEY,
  tenant: 'my-telehealth-app'
});

// Create a telehealth video visit
const visit = await v100.meetings.create({
  title: 'Dr. Martinez — Patient Follow-up',
  scheduledStart: '2026-03-28T14:00:00Z',
  duration: 30,  // minutes
  participants: [
    { role: 'host', email: 'dr.martinez@clinic.com' },
    { role: 'participant', email: 'patient@email.com' }
  ],
  recording: {
    enabled: true,
    pqSigned: true,  // Dilithium signature for tamper evidence
    retention: '7years'  // Medical record retention
  },
  transcription: {
    enabled: true,
    language: 'en',
    speakerDiarization: true  // Distinguish doctor vs patient
  },
  ai: {
    clinicalNotes: true,  // SOAP format
    actionItems: true,
    summary: true
  },
  hipaa: {
    encryption: 'aes-256-gcm',
    auditLog: true
  }
});

// Send visit link to patient (via your notification system)
await sendPatientNotification(visit.joinUrl, patient.email);

Step 2: Video Visit Experience

The video visit is the core of your telehealth app. V100's meeting API handles the WebRTC video infrastructure, SFU routing (supporting up to 200 participants for group therapy or multi-provider consultations), screen sharing (for reviewing lab results or imaging), and recording. The provider and patient each join via a browser — no app download, no plugin installation.

During the visit, V100 transcribes the conversation in real time with speaker diarization (distinguishing the provider's speech from the patient's). The transcript powers three AI features that run automatically: SOAP clinical notes, action item extraction, and visit summary generation. These appear on the provider's dashboard within seconds of the visit ending.

Video visit capabilities

• HD video: Adaptive quality up to 1080p based on connection. Automatic fallback to lower quality prevents dropouts on poor connections — critical for patients in rural areas.
• Screen sharing: Provider shares lab results, imaging, or educational materials during the visit. Patient can share their screen for troubleshooting device/app issues.
• Multi-party: Support up to 200 participants per session. Useful for group therapy, family consultations, or multi-provider case reviews.
• Real-time transcription: Live captions for hearing-impaired patients. Supports 40+ languages for non-English-speaking patients.
• Waiting room: Patient enters a virtual waiting room until the provider admits them. Prevents patients from joining before the provider is ready.
• Browser-based: No app download required. Patients join via a link in any modern browser. This alone reduces no-show rates by 15-25% compared to apps that require a download.

Step 3: AI Transcription and Clinical Notes

This is where V100's telehealth value proposition becomes clear. Physicians spend an average of 2 hours per day on clinical documentation — the leading cause of burnout. V100's AI transcribes the visit and generates structured SOAP notes automatically. The provider reviews, edits if needed, and approves. Documentation time drops from 10-15 minutes per visit to 2-3 minutes.

get-clinical-notes.js

// After visit ends, retrieve AI-generated clinical notes
const notes = await v100.meetings.getClinicalNotes(visit.id);

console.log(notes);
// Output:
// {
//   soap: {
//     subjective: "Patient reports persistent lower back pain for 3 weeks,
//                  rated 6/10, worsening with prolonged sitting...",
//     objective:  "Vitals within normal limits. Patient demonstrates
//                  limited range of motion in lumbar flexion...",
//     assessment: "Chronic lumbar strain, likely mechanical. No red flags
//                  for radiculopathy or cauda equina...",
//     plan:       "1. Physical therapy referral (2x/week, 6 weeks)
//                  2. NSAIDs PRN for pain management
//                  3. Follow-up in 4 weeks if no improvement..."
//   },
//   actionItems: [
//     "Send PT referral to HealthFirst Physical Therapy",
//     "Schedule 4-week follow-up appointment",
//     "Order lumbar X-ray if symptoms persist"
//   ],
//   medications: ["Ibuprofen 400mg PRN"],
//   summary: "30-minute follow-up for chronic lower back pain..."
// }

// Provider reviews and approves in dashboard
// Then push to EHR
await pushToEHR(notes, patientId);

Important: AI notes are drafts, not medical records

V100's AI clinical notes are drafts that require physician review and approval before becoming part of the medical record. The AI is good at capturing the conversation accurately but may miss nuances, misinterpret medical terminology in ambiguous contexts, or attribute statements to the wrong speaker. Always require a provider review step before any AI-generated note enters the patient chart. This is not a V100 limitation — it is a medical-legal necessity for any AI documentation tool.

Step 4: PQ-Signed Recordings for Medicolegal Protection

Recording telehealth visits serves two purposes: clinical review (providers can re-watch visits for details they missed) and medicolegal protection (tamper-proof evidence in case of malpractice claims). V100 records visits with post-quantum Dilithium digital signatures that provide cryptographic proof that the recording has not been altered.

Why post-quantum? Malpractice claims can surface years or even decades after treatment. Traditional RSA or ECDSA signatures could theoretically be forged by future quantum computers, which would undermine the evidentiary value of the recording. Dilithium signatures are quantum-resistant, meaning they remain cryptographically sound regardless of advances in quantum computing. For a recording that might be used in court in 2036, this matters.

V100 handles recording storage, encryption at rest, access logging, and configurable retention policies (1 year, 3 years, 7 years, or indefinite). You configure the retention period based on your state's medical record retention requirements and your malpractice insurance carrier's recommendations.

Step 5: EHR Integration via FHIR API

Telehealth visits that do not flow into the EHR are operationally useless. Providers will not use a system that requires them to manually re-enter visit notes into Epic, Cerner, or athenahealth after every video visit. FHIR (Fast Healthcare Interoperability Resources) is the standard API for EHR integration.

The integration flow: V100 generates structured clinical notes (SOAP) and action items from the visit. Your backend transforms these into FHIR resources (Encounter, DocumentReference, Task). You push these to the EHR via its FHIR API. The provider sees the visit note in the EHR alongside their other clinical documentation.

ehr-integration.js

// Transform V100 clinical notes to FHIR Encounter resource
const fhirEncounter = {
  resourceType: 'Encounter',
  status: 'finished',
  class: { code: 'VR', display: 'virtual' },
  period: {
    start: visit.startTime,
    end: visit.endTime
  },
  reasonCode: [{ text: notes.soap.subjective }],
  participant: [{
    individual: { reference: `Practitioner/${providerId}` }
  }],
  subject: { reference: `Patient/${patientId}` }
};

// Push to EHR via FHIR R4 API
await fetch(`${ehrBaseUrl}/Encounter`, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/fhir+json',
    'Authorization': `Bearer ${ehrToken}`
  },
  body: JSON.stringify(fhirEncounter)
});

EHR integration is the hardest part of building a telehealth app, and V100 does not solve it for you. V100 provides the structured data (transcripts, SOAP notes, action items). You build the FHIR transformation layer and manage the EHR API credentials. Each EHR vendor (Epic, Cerner, athenahealth) has its own FHIR API quirks, certification requirements, and approval processes. Budget 4-8 weeks for your first EHR integration.

Step 6: Multi-Language Support for Diverse Patient Populations

Over 67 million Americans speak a language other than English at home. For healthcare, language barriers are not just inconvenient — they lead to misdiagnosis, medication errors, and worse outcomes. V100's real-time transcription supports 40+ languages, enabling providers to see live captions in their language during a visit with a non-English-speaking patient.

This does not replace medical interpreters for complex cases. Live transcription and translation are best suited for routine follow-up visits, medication check-ins, and straightforward consultations. For sensitive conversations (mental health, end-of-life, informed consent for procedures), a certified medical interpreter remains the standard of care. V100's transcription is a tool, not a replacement for human judgment.

Cost: V100 vs. Multi-Vendor Stack

Component	Multi-Vendor	V100
Video (Twilio/Daily)	$3K-$8K/mo	Included in $2K-$3K/mo
Transcription (Deepgram)	$1K-$3K/mo
AI notes (custom or Abridge)	$2K-$5K/mo
HIPAA compliance layer	$1K-$3K/mo
Integration engineering	$20K-$50K/mo	1-2 developers
Time to MVP	4-6 months	2-4 weeks
Total monthly cost	$8K-$15K	$2K-$3K

Regulatory Checklist Before Launch

• BAA with V100: Execute a Business Associate Agreement covering video, transcription, recordings, and AI-generated notes.
• BAA with cloud provider: Execute BAA with AWS, GCP, or Azure for your application infrastructure.
• HIPAA Security Risk Assessment: Required annually. Document all systems that handle PHI, identify risks, and implement mitigations.
• State telehealth licensing: Providers must be licensed in the state where the patient is located. Research interstate compact agreements (IMLC for physicians, PSYPACT for psychologists).
• Informed consent: Patients must consent to telehealth visits, recording, and AI-assisted documentation. Build consent into your app onboarding flow.
• State recording laws: Recording consent requirements vary by state (one-party vs. two-party consent). Your app must capture explicit consent before recording begins.
• Incident response plan: Document what happens if PHI is breached. HIPAA requires notification within 60 days for breaches affecting 500+ individuals.
• Payer credentialing: If providers bill insurance, they need to be credentialed with payers for telehealth. This is a 60-120 day process.

What V100 Does Not Do

• EHR integration. V100 provides structured clinical data (transcripts, SOAP notes). You build the FHIR transformation and manage EHR API connections.
• Scheduling. V100 creates video sessions. Appointment scheduling (calendar management, availability, reminders) is your responsibility.
• Billing and claims. V100 does not handle CPT coding, insurance claims, or payment processing. Use a practice management system or billing service.
• Clinical validation of AI notes. AI-generated SOAP notes are drafts. They require physician review. V100 does not provide clinical quality assurance.
• HIPAA organizational compliance. V100 provides technical safeguards and a BAA. Administrative safeguards (policies, training, risk assessments) are your responsibility.

Timeline: Zero to MVP

Week 1: Foundation

Set up V100 account with healthcare tier. Implement authentication (provider + patient). Build scheduling UI. Create video visit page with V100 meeting embed.

Week 2: AI Integration

Connect transcription and AI clinical notes. Build provider dashboard for reviewing SOAP notes. Implement recording with PQ signatures. Set up webhook handlers for visit completion events.

Week 3: Compliance and Testing

Execute BAA with V100. Implement audit logging. Add consent capture flow. Test end-to-end with real providers. Conduct HIPAA security risk assessment.

Week 4: Pilot Launch

Launch with 5-10 providers for pilot. Gather feedback on AI note quality. Iterate on provider dashboard UX. Begin EHR integration work (parallel track, 4-8 weeks).

Ready to build your telehealth app?

Start with V100's healthcare tier. Create a video visit, test AI clinical notes, and verify PQ-signed recordings before committing to a paid plan. BAA available on request.

Start Free Trial Healthcare Solutions