Skip to content

ADR-0025: MSO Video Provider — Daily.co

Status: Accepted Date: 2026-05-05 (Decision recorded by SD) Session: 92

Context

ADR-0018 §"MSO Teleconsultation" specifies "Embedded video — first preference is in-platform (lightweight integration: Daily.co or 100ms). External link (Zoom/Meet) as fallback if embedded is infeasible for MVP."

The Phase 4 work in the MSO portal completion plan (PR #688) needs a concrete SDK choice before dispatch. Two leading SaaS providers were evaluated.

Decision

Daily.co. Replace the existing VideoRoomService stub at app/services/video_room_service.py with Daily.co integration via @daily-co/daily-react. Use Daily Prebuilt iframe for the embedded UX in the MSO portal + patient app + standalone consult.curaway.ai deep-link target.

Alternatives Considered

Daily.co (chosen)

  • Prebuilt embedded iframe + React SDK (@daily-co/daily-react)
  • Documented HIPAA add-on with standardized BAA
  • First-class enable_recording: false API option (simple, verifiable enforcement of ADR-0018's no-record requirement)
  • Time-to-first-call: 1-2 days
  • Pricing: per-participant-minute, HIPAA tier ~$200/mo + usage
  • Global edge presence

100ms

  • React SDK (@100mslive/react-sdk) — more primitives, more flexibility
  • HIPAA via enterprise-tier BAA (bespoke, not standardized)
  • Recording-disable requires more careful SDK config; CI assertion harder
  • Time-to-first-call: 2-4 days (custom UX work)
  • Pricing: similar tier
  • Strong in India + global edge — useful given Curaway's geo focus
  • Per ADR-0018 — "fallback if embedded infeasible for MVP"
  • Not chosen: Daily.co's embed is feasible
  • Patient sees an external link, leaves the Curaway app, breaks the conversational continuity with the MSO doctor handoff

Consequences

Positive

  • Faster MVP: prebuilt iframe handles browser permissions, mic-test lobby, leave-on-error, network-degradation fallback to phone-in — all the medical-UX hygiene without custom code
  • Recording-disable verifiable: Daily's enable_recording: false per room is a CI-assertable contract. ADR-0018 §"MSO Teleconsultation: No recording" becomes mechanically enforceable
  • Standardized HIPAA: Daily's BAA + DPA are off-the-shelf; legal review is faster
  • Less surface to maintain: Daily Prebuilt receives free improvements when their team ships features. Custom UX (the case for 100ms) means we own more code
  • No vendor risk concentration: Daily.co is independent of any other Curaway dependency

Negative

  • Custom-branded video deferred: if SD wants pixel-perfect Curaway-branded video rooms (Daily Prebuilt is configurable but not fully white-label), revisit and consider 100ms or Daily's headless SDK
  • Per-minute cost scales with consultation volume — at high MSO volume, custom infra (Jitsi self-hosted, LiveKit cloud) becomes cost-competitive. Re-evaluate at >5,000 consultation-minutes/month
  • Daily.co vendor lock: room-id format, recording APIs, participant-event hooks are Daily-specific. Migration off would require service-layer rewrite. Mitigated by isolating the integration in VideoRoomService

Neutral

  • Both providers offer comparable quality for 1:1 / small-group calls (the MSO use case is typically doctor + patient, occasionally + coordinator)
  • Both support iOS/Android mobile webviews
  • Both have comparable security postures for non-PHI metadata (TLS, room-id randomness)

Implementation Plan

Tracked under PR #688's Phase 4 (5-7 day effort):

  1. Track 4.1 — Backend VideoRoomService rewrite. Calls Daily.co API to create rooms on-demand at consultation-start time. Stores video_room_id + meeting_url on Consultation. Asserts enable_recording: false per room
  2. Track 4.2 — FE Daily Prebuilt iframe embed in MSO portal + patient app + standalone consult.curaway.ai page (per Decision Gate 4 in PR #688)
  3. Track 4.3 — Lifecycle hooks (room create T-15min before scheduled, destroy on both-leave or T+90min hard cap)
  4. Track 4.4consult.curaway.ai CNAME alias + thin standalone wrapper page

Required env / secrets

  • DAILY_API_KEY — Daily.co server-side API key (Railway env vars)
  • DAILY_DOMAINcuraway.daily.co or custom domain post-HIPAA-add-on
  • DAILY_HIPAA_TIER_ENABLED — config flag asserting we're on the BAA-covered plan before any room creation

Audit + telemetry

  • Every room creation emits a consultation.video_room_created event with consultation_id, daily_room_id, enable_recording: false echoed in payload (so audit log can prove recording was disabled)
  • CI assertion: integration test confirms recording_url on Consultation rows stays NULL after end-to-end test

Re-evaluation triggers

This decision should be revisited if:

  • MSO consultation volume exceeds 5,000 minutes/month sustained (cost re-evaluation)
  • SD requires fully white-label video UI (Daily Prebuilt's branding limits not acceptable)
  • Daily.co changes pricing materially (>2× current tier)
  • HIPAA compliance posture changes (e.g., Daily drops the BAA add-on)
  • A geographic compliance requirement appears that Daily can't meet (e.g., data residency in a specific region they don't serve)

References

  • ADR-0018 §"MSO Teleconsultation"
  • MSO portal completion plan: PR #688 (this ADR's parent context)
  • Daily.co HIPAA: https://www.daily.co/blog/hipaa-compliant-video-conferencing/ (verify current URL before legal review)
  • 100ms HIPAA: https://www.100ms.live/docs/security (verify current URL before legal review)
  • Memory: feedback_definition_of_done.md §"OBSERVABILITY" (alerting + Langfuse tracing for new external dependencies)