TeleVerify now signs every compliance determination with Ed25519 cryptography. Here's what that means in plain language — and why it matters for audits, insurers, and your practice.
Every compliance determination TeleVerify generates is now digitally signed using Ed25519 cryptography. This isn't a marketing claim — it's a specific technical mechanism that fundamentally changes what compliance documentation can prove. This post explains what that means, how it works, and why it matters.
In plain language: signing creates a mathematical proof that a document hasn't been changed since it was created. Think of it like a wax seal on a letter — if anyone opens and changes the letter, the seal is broken. Except a cryptographic signature is mathematically impossible to forge, and anyone can verify it.
More precisely: TeleVerify holds a private signing key. When a compliance check completes, the entire determination — patient location, provider licensure status, compact coverage, OIG screening result, timestamp, everything — is assembled into a canonical data packet. That packet is run through the Ed25519 signing algorithm with the private key, producing a signature. The corresponding public key is published openly. Anyone with the public key can verify that the signature matches the packet, proving two things: (1) the packet was created by TeleVerify (not fabricated by someone else), and (2) not a single byte has been altered since signing.
A cryptographic signature proves both authenticity (who created it) and integrity (that it hasn't been changed). This is what makes it fundamentally different from a timestamp or a log entry.
Ed25519 is an elliptic curve signature scheme designed for speed and security. It's the same algorithm used by SSH, Signal, and major cryptocurrency systems. Signing takes less than 1 millisecond. Key size is compact (32 bytes). It's resistant to timing attacks.
TeleVerify chose it specifically because compliance checks need to complete in under 2 seconds total — the signing step can't add perceptible latency to the telehealth session. Ed25519 provides cryptographic guarantees without the performance overhead that would impact clinical workflows.
The signing protects individual packets. The hash chain protects the sequence. Every audit log record includes a SHA-256 hash of the previous record. This creates a mathematical chain — altering, removing, or reordering any record changes its hash, which breaks the chain at that point. An integrity check walks the chain and can instantly detect if anything has been tampered with and exactly where.
Each record points cryptographically to the previous one. Remove a record in the middle, and the chain breaks. Add a record, and the sequence is mathematically evident. This isn't a log format — it's evidence.
The combination of individual packet signatures plus hash-chained records means that compliance documentation is protected at two levels: the check itself is signed, and the sequence of checks is tamper-evident.
The key word is independently. An insurer verifying a TeleVerify compliance packet doesn't need to trust TeleVerify. They don't need access to TeleVerify's systems. They don't need a login or an API key. The public verification key is published at a public endpoint.
TeleVerify provides working verification code in three languages (JavaScript, Python, curl+openssl) and a browser-based verification tool at /website/audit.html where anyone can paste a packet and verify it on the spot. This is the same trust model used in HTTPS certificates and code signing — the verifier doesn't need to trust the signer, only the math.
Independent verification flips the power dynamic. Instead of "trust our records," it becomes "verify our records yourself." The insurer, the licensing board, or the auditor can run verification without needing anything from TeleVerify except the signed packet.
The practical implications are significant:
For compliance teams and auditors, this eliminates a major pain point: the need to trust that TeleVerify's records are authentic. Now, the records speak for themselves. An insurer can verify a packet signed in January against today's key rotation schedule and know exactly when it was created and whether it's been modified.
Keys rotate quarterly. Old packets remain verifiable against the key that signed them. If a key were ever compromised, revocation is immediate — packets signed before the compromise remain valid, and a new key takes over. The rotation schedule, key identifiers, and full verification procedures are documented in public runbooks.
This means TeleVerify's compliance documentation doesn't become worthless if a key is ever lost or compromised. Packets signed with a legitimate key stay valid. The verification process checks which key was used at the time of signing and can immediately identify any documents signed after a revocation date.
Cryptographic signing isn't a feature you interact with. It's infrastructure that runs behind every compliance check, automatically. The provider never sees it. The patient never sees it. But when an auditor, an insurer, or a licensing board asks for proof — the proof is there, independently verifiable, and mathematically unforgeable. That's what forensic-grade compliance documentation looks like.
It's the difference between handing someone a document and handing them a document they can verify is real.