Sign the order.
Verify the face.
A remote encounter arrives as data. Telehealth security proves the two things that data can't vouch for itself: that the order is genuine, and that the person is live.
RankShieldMD signs every clinical order with an RFC 9421 message signature, so a forged or tampered order fails verification before it is filled. And inside its own signed consult channel it risk-scores liveness against voice clones and deepfakes — a signal a clinician can act on, never a verdict, and never a peek at a carrier call it has no right to see.
An order is just
data now.
In the room, a clinician's signature and presence vouched for an order. Remotely, a prescription or referral arrives as a message — and a message can be forged, altered in transit, or issued in someone else's name. When a pharmacy or nurse acts on it, they are trusting that it truly came from the named clinician, unchanged. Without proof, that trust is a guess. Telehealth security replaces the guess with non-repudiation: a verifiable receipt for each order, sealed the moment it is issued.
Tamper with it,
it fails.
Each order carries an RFC 9421 HTTP Message Signature over its fields — clinician identity, patient reference, medication, dose, timestamp. A verifier recomputes the signature against the order it received. Change a single character of the dose, swap the medication, or forge the sender, and verification returns false. The genuine order is non-repudiable; the clinician cannot disown it, and no one can forge one in their name.
Is the face
live?
Deepfakes and voice clones can now sit in a video consult. Inside its own signed channel — where it owns the audio and video — RankShieldMD produces a risk-scored liveness signal for voice-clone, deepfake, and presentation-attack indicators. It is a score, not a verdict: elevated risk prompts a clinician to step up verification. It attests the signal; the human keeps the decision.
Only our own
channel.
This is a boundary we state plainly: liveness works only inside the app's own signed VoIP channel. RankShieldMD cannot analyze a normal cellular call or a FaceTime call — iOS gives apps no access to live call audio, and Android blocks it too. Any product claiming to inspect a carrier call for deepfakes is describing something the platform does not permit. We only inspect audio we legitimately own.
Give every order
a signature.
Sign an order, tamper with it, and watch verification fail. Run a consult through the signed channel and read the liveness score. Non-repudiable, PHI-free, non-device.
What is telehealth security?
Telehealth security is the practice of proving that the two things a remote clinical encounter depends on are genuine: that a clinical order was issued by the clinician it names and reached its recipient unaltered, and that the person on a consult is a live human rather than a deepfake or voice clone. In person, physical presence and a wet signature quietly vouched for both. Once care moves to a screen, those cues vanish, and an order becomes a message that can be forged, altered in transit, or issued under a borrowed name — while the face on the video can, for the first time, be synthetic. RankShieldMD addresses both without ever touching patient data. It signs every clinical order with an RFC 9421 HTTP Message Signature, so a forged or tampered order fails verification before it is filled, and it risk-scores consult liveness for voice-clone and deepfake indicators inside its own signed channel, where it legitimately owns the audio and video. Two principles govern the design, and we hold to both honestly. Attest, don't decide: RankShieldMD proves that an order and a consult were genuine, and never makes the clinical or identity decision. And know where your reach ends: liveness runs only inside the app's own signed channel, never on a carrier or FaceTime call, because the mobile platforms give an app no access to that audio. What you get is verifiable evidence — a non-repudiable order and an honest liveness signal — not a claim to have solved the whole problem.
How do you verify a clinical order wasn't forged?
By signing the order at the moment it is issued and checking that signature when it is received, so tampering and impersonation both break the math rather than slipping through. When a clinician issues an order through RankShieldMD, the system computes an RFC 9421 HTTP Message Signature over the fields that matter — the clinician's verified identity, the patient reference, the medication or instruction, the dose, and the timestamp. That signature travels with the order. When a pharmacy, nurse, or downstream system receives it, a verifier recomputes the signature against the exact order it holds. If the two match, the order is provably from the named clinician and provably unchanged; if a single character of the dose was altered, the medication was swapped, the patient reference was substituted, or the sender was forged, the signatures diverge and verification returns false. This is what non-repudiation means in practice: a genuinely signed order cannot later be disowned by the clinician who issued it, and no attacker can manufacture one in that clinician's name. The order body itself is reduced to a digest and sealed to an externally-anchored, post-quantum-signed transparency log, so the record of what was ordered, and that it verified, is durable and tamper-evident. The medical content stays inside the clinical systems built to hold it; RankShieldMD holds only the cryptographic proof about the order. The result is that a forged or altered order is caught before it is ever filled, not reconstructed afterward from mutable logs during an incident review.
Can you detect a deepfake or voice clone on a telehealth call?
Yes, but only inside the app's own signed channel, where RankShieldMD owns the audio and video — and we are deliberate about that limit because it is the honest one. When a consult runs over RankShieldMD's own VoIP channel, the system analyzes the stream it legitimately holds and produces a risk-scored liveness signal: indicators for voice-cloning, video deepfakes, and presentation attacks, expressed as a confidence-weighted score rather than a yes-or-no verdict. Elevated risk prompts a clinician or the platform to step up verification with a second factor or a challenge; a low score is reassurance, not proof of identity. What RankShieldMD cannot do — and will never claim to do — is analyze a normal cellular phone call or a FaceTime call. Mobile operating systems deliberately deny apps access to live call audio: on iOS there is simply no API that hands an application the audio of a cellular or FaceTime call, and Android restricts call-audio capture in the same way. Any product that advertised deepfake detection on a carrier call would be describing a capability the platform does not permit. So the boundary is firm and stated up front: liveness scoring applies to the audio and video inside RankShieldMD's own signed channel, and nowhere else. Within that channel it is a genuine, useful signal; outside it, we tell you plainly that we cannot see the call. And in every case the score is a risk indicator for a human to weigh, never a diagnosis and never an automated decision about who a person is.
Why does non-repudiation matter for telehealth orders?
Because a telehealth order travels through hands that never met the clinician, and every one of them is being asked to act on trust that used to be earned in person. Non-repudiation replaces that trust with proof in two directions at once. In the first direction, it protects everyone downstream: a pharmacist filling a prescription, a nurse executing an instruction, or an insurer honoring a claim can confirm that the order genuinely came from the named clinician and arrived unchanged, rather than taking the message at face value. In the second direction, it protects the clinician: because only their verified signing identity can produce a valid signature, no one can forge an order in their name and attribute the consequences to them. That two-sided guarantee is exactly what a mutable audit log cannot provide — a log can be edited by whoever holds enough access, and it typically sits beside the very data it is meant to protect. A cryptographically signed order, sealed to an append-only transparency log at issue time, cannot be silently altered after the fact, and it contains no protected health information to steal. When an order is later questioned — in a safety review, a payment dispute, or litigation — the answer is checkable rather than assertable: this order, from this clinician, at this time, verified. Non-repudiation turns "we believe this order is legitimate" into "we can prove it," which is the difference between a system that asks for trust and one that earns it. It supports the prescribing and record-keeping obligations telehealth programs carry, without RankShieldMD ever making a medical claim or a decision.
How does this fit alongside our telehealth platform?
It sits beside your platform as an independent integrity and identity layer, never inside the clinical pathway that renders care. RankShieldMD does not replace your video stack, your EHR, or your e-prescribing engine; it attaches to them where genuineness needs to be proven. For orders, your clinicians issue as they do today, and RankShieldMD signs each order with an RFC 9421 signature and seals a digest of it to the transparency log — the order continues to your pharmacy or downstream system carrying proof it can verify with a published recipe. For consults, when you run the encounter over RankShieldMD's signed channel, it scores liveness on the audio and video it owns and hands the result to your clinician as a risk signal, leaving the identity and clinical decisions with the human. Nothing about the integration expands your protected-data footprint: orders are verified over their fields and stored as digests, liveness produces a score rather than a retained recording, and raw identifiers are rejected at the guard before anything is sealed. Because RankShieldMD attests rather than decides, it stays non-device — it gives you an independent trust signal for orders and consults without inheriting a medical-device regulatory burden or entering your platform's clinical logic. And because every attestation is sealed with composite post-quantum signatures to an externally-anchored log, the evidence you generate today stays verifiable by your auditors, a regulator, or opposing counsel for as long as the encounter matters. You keep your platform; you gain proof.
What we are careful never to claim.
What we won't claim: no analysis of carrier calls
Liveness works only inside the app's own signed channel. RankShieldMD cannot and does not inspect a cellular or FaceTime call — iOS and Android give apps no access to that audio. We never claim to analyze a carrier call.
Liveness is a score, not a verdict
The signal is a risk score for a clinician to weigh, not a diagnosis and not an automated identity decision. RankShieldMD attests the signal; the human keeps the decision.
It attests, it never decides
Signed orders and consult liveness prove genuineness; they never render the medicine. That keeps clinical judgment with clinicians and keeps RankShieldMD non-device, and it supports compliance rather than granting it.
Ask RankShieldMD about telehealth security.
What is telehealth security?
The practice of proving that the two things a remote clinical encounter depends on are genuine: that a clinical order was issued by the clinician it names and has not been altered, and that the person on a consult is a live human rather than a deepfake or voice clone. RankShieldMD signs each order with an RFC 9421 message signature and risk-scores consult liveness inside its own signed channel, so both can be verified rather than assumed.
Why do telehealth orders need signatures at all?
Because a remote order arrives as data, with none of the in-person cues that once vouched for it. Without a cryptographic signature, a pharmacy or nurse has no way to prove the order truly came from the named clinician and reached them unchanged. A signed order turns "we think this is from Dr. Rivera" into a fact anyone can check.
How do you verify a clinical order was not forged?
Every order carries an RFC 9421 HTTP Message Signature over its fields — clinician identity, patient reference, medication, dose, and timestamp. A verifier recomputes the signature against the order it received. If a single character changed, or the order was issued by someone other than the named clinician, verification returns false. Non-repudiation is the result: the clinician cannot later disown a genuinely signed order, and no one can forge one in their name.
What happens if someone tampers with a signed order?
The signature no longer matches the order body, and verification fails. A changed dose, a swapped medication, a substituted patient reference, or a forged sender all break the cryptographic check. The tamper is surfaced before the order is filled, not discovered afterward in an incident review.
Can you detect a deepfake or voice clone on a telehealth call?
Only inside the app's own signed channel, where RankShieldMD owns the audio and video. There it produces a risk-scored liveness signal for voice-clone, deepfake, and presentation-attack indicators. It cannot analyze a normal cellular phone call or a FaceTime call: iOS gives apps no access to live call audio, and Android blocks it too. We never claim to inspect a carrier call.
Is the liveness result a diagnosis or a decision?
No. It is a risk score, not a verdict and not a clinical judgment. RankShieldMD attests a liveness signal and its confidence; the clinician or platform decides what to do with it. It flags elevated deepfake or clone risk so a human can step up verification. It never diagnoses and never makes the clinical or identity decision for you.
Why can't an app check a regular phone or FaceTime call?
Mobile operating systems deliberately deny apps access to live call audio. On iOS there is no API that hands an app the audio of a cellular or FaceTime call; Android restricts call-audio capture the same way. Any product that claimed to analyze a carrier call for deepfakes would be describing something the platform does not permit. RankShieldMD only inspects audio it legitimately owns — the VoIP stream inside its own app.
What will RankShieldMD not claim about telehealth?
It will not claim to analyze carrier or FaceTime calls, it will not claim to diagnose patients, and it will not claim to make anyone compliant on its own. It attests and verifies — signed orders and in-channel liveness — and reports honestly where its reach ends. Anything beyond the app's own signed channel is outside what it can see.
Is this a medical device?
No. RankShieldMD attests identity and order integrity; it does not render, score, or drive a clinical decision. FDA classification turns on intended use, and its use is to prove an order or a consult was genuine, not to make or influence the medicine. That keeps clinical judgment with clinicians and keeps RankShieldMD non-device.
Does telehealth security see protected health information?
No. It is PHI-free by construction. Orders are verified by signature over their fields and sealed as digests; liveness produces a score, not a stored recording. Raw identifiers are rejected at the guard and never enter the ledger. Adopting it shrinks your PHI footprint rather than growing it.
Can our platform verify the proofs independently?
Yes. Signed orders verify against a published RFC 9421 recipe using standard tooling, and each attestation is sealed to an externally-anchored, post-quantum-signed transparency log. Your auditors or a regulator can recompute the chain and confirm the signed root without access to your systems and without trusting RankShieldMD.
How does this support telehealth compliance obligations?
Signed, non-repudiable orders and attested consult liveness produce the integrity evidence that prescribing, identity-proofing, and record-keeping obligations rely on. It supports compliance; it is not itself a clearance or a legal opinion, and it never makes a medical claim. Your overall posture remains your organization's responsibility.
Is it quantum-safe?
Yes. Attestations are sealed with composite post-quantum signatures — ML-DSA-65 paired with Ed25519 — so telehealth evidence stays unforgeable as cryptography evolves. It is quantum-safe, not quantum-proof: no quantum computer capable of breaking today's cryptography exists yet, and we never claim otherwise.
Turn "trust the order" into "verify the order."
Sign an order, tamper with it to watch it fail, and read a liveness score from a signed consult — all PHI-free.