Riyal Mobile App: HIPAA-Compliant Telehealth & Multi-Currency Payments
Telemedicine has revolutionized healthcare access, yet building cross-border clinical platforms remains complex. Developers must reconcile strict regulatory standards (such as HIPAA) with high payment friction in emerging markets. This case study details how Bhalli Software Solutions developed a cross-platform mobile application combining secure video consultations with multi-currency processing, leading to over $1.2 million processed in Q1 alone.
1. The Challenge: Compliance Friction & Cross-Border Payments
Riyal Healthcare sought to connect patients in the GCC and South Asia regions with specialized medical consultants worldwide.
To make this a reality, we had to address two critical technical problems:
- Regulatory Compliance (HIPAA/GDPR): Telehealth consultation sessions involve Protected Health Information (PHI). We could not transmit raw diagnostic streams over unencrypted networks or store call sessions on unencrypted hosting servers.
- Payment Gateway Fragmentation: Patients needed to pay in local currencies (SAR, AED, PKR) without experiencing heavy exchange conversion markup fees or payment drop-offs, while clinicians expected payouts in USD or GBP.
2. The Solution: End-to-End Encryption & Dynamic Stripe API Integration
Our team implemented a secure WebRTC video streaming system alongside a Stripe-powered regional payment gateway, ensuring full compliance and frictionless checkouts.
Secure Telemetry Encryption
We configured point-to-point WebRTC video calls with DTLS (Datagram Transport Layer Security) and SRTP (Secure Real-time Transport Protocol). For dynamic file attachments, we integrated an AWS KMS (Key Management Service) envelope-encryption system that encrypts patient records before uploading them to Amazon S3.
Below is an outline of the file upload security service:
// src/services/EncryptionService.ts
import { KMS } from 'aws-sdk';
import crypto from 'crypto';
const kms = new KMS({ region: 'us-east-1' });
export async function encryptPatientRecord(fileBuffer: Buffer, userKmsKeyId: string) {
// Generate a data key from AWS KMS
const dataKey = await kms.generateDataKey({
KeyId: userKmsKeyId,
KeySpec: 'AES_256',
}).promise();
if (!dataKey.CiphertextBlob || !dataKey.Plaintext) {
throw new Error('Failed to generate KMS data key.');
}
// Encrypt the record content locally using the data key
const cipher = crypto.createCipheriv(
'aes-256-gcm',
dataKey.Plaintext as Buffer,
crypto.randomBytes(12) // Initialization Vector
);
const encryptedContent = Buffer.concat([cipher.update(fileBuffer), cipher.final()]);
const authTag = cipher.getAuthTag();
return {
encryptedData: encryptedContent,
kmsEncryptedDataKey: dataKey.CiphertextBlob,
authTag,
};
}
Multi-Currency Stripe Integration
To reduce checkout drop-offs, we utilized Stripe's multi-currency payment intents. The app dynamically determines the user's localized currency, runs currency conversion at checkout using mid-market exchange rates, and distributes payouts directly to clinician accounts via Stripe Connect.
3. Results & Business Impact
The launch of the Riyal Mobile App was a major success:
- 100% HIPAA Compliance: Third-party security auditors verified that all patient medical charts, messaging histories, and video sessions complied with HIPAA guidelines.
- $1.2M Processed in Q1: Frictionless localized checkouts drove a 65% reduction in booking drop-offs, resulting in high transaction volume.
- Zero Data Leaks: Envelope encryption on S3 files successfully prevented unauthorized access to medical charts and diagnostics.
4. Let's Build Your Compliant B2B Platform
If you are building products in healthcare, fintech, or cybersecurity, security and regulatory compliance must be integrated from day one. Partner with a bhalli healthcare software expert to bring your secure product to market.
Book a Call with BhalliSoft to discuss security integrations, cloud compliance, and international payment gateways for your platform.
