DTLS-SRTP video encryption, zero session recording, HIPAA BAA storage, and tamper-evident audit logs. Here is exactly what we do to protect your data.
By Dr. Teja V. Surapaneni, MD, MS • Board-Certified Internal Medicine • May 2026
Privacy anxiety is one of the most common reasons patients delay telehealth care. Here is exactly what happens to your data at YourMD — technically, legally, and operationally.
YourMD uses Jitsi Meet for video visits — an open-source, peer-reviewed video platform used by health systems, governments, and enterprises worldwide. The video connection uses DTLS-SRTP encryption, the same standard used by secure banking and government communications. The connection is encrypted end-to-end between your device and your provider’s device.
Your session is not recorded. No video or audio recording is made of your telehealth visit. Your provider takes clinical notes (as they would in any medical encounter), but no A/V recording is stored anywhere in YourMD’s infrastructure.
Screen capture prevention. The session interface is designed to discourage screen capture. While we cannot technically block a hardware recording of a screen, no system-level screen capture permissions are requested and no cloud recording is enabled.
All health data — your intake responses, visit notes, prescriptions, lab orders, and uploaded documents — is stored in Microsoft Azure, under a signed Business Associate Agreement (BAA) with Azure that satisfies HIPAA requirements.
Specifically:
Access to patient records at YourMD follows the HIPAA minimum-necessary standard:
Every access to your records — by any user — is logged in a tamper-evident audit trail. This is not theoretical; it is implemented at the database level with HMAC chain verification.
YourMD uses bcrypt password hashing (cost factor 12) — the same standard used by major financial institutions. Your password is never stored in plain text and cannot be retrieved by any YourMD employee. Multi-factor authentication (TOTP authenticator app) is available and recommended for all accounts.
Failed login attempts trigger progressive rate limiting. After 5 failed attempts, the offending IP address is automatically blocked for 15 minutes. Suspicious login activity triggers a security alert to the administrative team.
As a YourMD patient, you have the following rights under HIPAA:
In the unlikely event of a data breach affecting your information, HIPAA requires us to notify you within 60 days of discovery. YourMD goes beyond this: our security monitoring is designed to detect breaches in real time, and we would notify affected patients as quickly as operationally possible — not on the last possible day.
YourMD has not had a reportable data breach.
Telehealth is not less private than in-person care. In many respects it is more private — no waiting room, no receptionist entering your information by hand, no paper chart in a file cabinet. Your data at YourMD is protected by HIPAA, Azure’s enterprise security infrastructure, and engineering decisions made specifically to minimize exposure of patient information. If you have specific security or privacy questions, email us at privacy@yourmd.online.
No. YourMD does not record video or audio from telehealth visits. Your provider takes clinical notes, but no A/V recording is stored anywhere in our infrastructure.
Yes. YourMD operates under a signed Business Associate Agreement with Microsoft Azure, uses encrypted storage and transmission for all patient data, and implements all required HIPAA technical safeguards.
Your treating provider, and administrative staff with a documented reason. Every access is logged in a tamper-evident audit trail. You have access to your complete records through your patient portal.
Video visits use DTLS-SRTP. Data at rest uses AES-256 (Azure) plus XChaCha20-Poly1305 application-layer encryption for files. Data in transit uses TLS 1.2/1.3.
This article is for informational purposes only and does not constitute medical advice. Always consult with a licensed physician before starting any medication.
No credit card required. Live MD consult included.