Developing a Telemedicine Mobile App
Telemedicine on mobile isn't just a video call with a doctor. It's an intersection of several complex domains: HIPAA/GDPR compliance in medical data storage, WebRTC with adaptive bitrate for video consultations, EHR system integration, HL7 FHIR API, and often—App Store certification under Medical category. Each point is a source of separate complexities.
Video Consultation: WebRTC on Mobile
The core of a telemedicine app—real-time video. Three implementation variants:
WebRTC via custom media server. Mediasoup, Janus, or Jitsi as SFU (Selective Forwarding Unit). Client side on iOS—WebRTC.framework (Google WebRTC port), on Android—libwebrtc.aar. Allows full infrastructure control, storing consultation recordings on own servers—critical for compliance with regulations and medical confidentiality.
Vonage Video API (formerly TokBox) / Agora / Twilio Video. Ready-made SDKs with dashboard, cloud recording, adaptive bitrate. Quick start. Downside: data passes through provider servers—must verify compliance with regulations, BAA (Business Associate Agreement) for HIPAA.
Daily.co / 100ms. Newer players, good documentation, HIPAA-ready plans with BAA signing.
For most regional projects requiring data storage within the country—custom infrastructure with Mediasoup + TURN server (coturn) in local data center.
HealthKit and FHIR: Patient Data
HealthKit (iOS) and Health Connect (Android 14+)—access to device health data. Heart rate, blood oxygen saturation, ECG from Apple Watch, step count. For telemedicine this means: doctor sees patient data before consultation, tracks changes over time.
// iOS — requesting heart rate data from HealthKit
let heartRateType = HKQuantityType(.heartRate)
let query = HKSampleQuery(
sampleType: heartRateType,
predicate: HKQuery.predicateForSamples(
withStart: Date().addingTimeInterval(-7*24*3600),
end: Date()
),
limit: 100,
sortDescriptors: [NSSortDescriptor(key: HKSampleSortIdentifierEndDate, ascending: false)]
) { _, samples, error in
guard let samples = samples as? [HKQuantitySample] else { return }
let readings = samples.map { $0.quantity.doubleValue(for: .count().unitDivided(by: .minute())) }
}
healthStore.execute(query)
FHIR R4 API. HL7 FHIR—medical data exchange standard. Resources: Patient, Appointment, Observation, Condition, MedicationRequest. For integration with medical information systems—most have FHIR endpoint or SOAP API.
Electronic Prescriptions and Signatures
Qualified digital signature for doctors—regulatory requirement. On mobile: CryptoPro CSP / CryptoPro NGate, or back-end signing with hardware key. Direct integration on iOS without jailbreak—through signature services.
Compliance and Security
Medical data—special category of personal data. Requirements:
- Encryption at rest: AES-256 for local storage (iOS Keychain + Data Protection API, Android Keystore + EncryptedSharedPreferences)
- Encryption in transit: TLS 1.3, certificate pinning
- Two-factor authentication for doctors
- Audit log of all data access actions
- Data storage on servers within the country (localization)
App Store Medical category: app with medical data undergoes extended review. Prepare: Privacy Policy explicitly stating health data processing, target use documentation, refusal to use data for advertising.
Typical MVP Functional Scope
- Patient registration and verification
- Doctor scheduling and online booking
- Video consultation with chat and file exchange
- Patient card: medical history, documents, test results
- HealthKit/Health Connect integration
- Push notifications: appointment reminders, test result readiness
- Electronic prescriptions and referrals
Process and Timelines
Requirements audit → security architecture → UX design considering accessibility → iOS + Android development → device testing → compliance review → publication.
MVP with basic video consultation and scheduling: 6–10 weeks. Full-featured telemedicine platform with EHR integration, prescriptions, and doctor analytics: 3–6 months. Cost calculated individually after analyzing requirements.