Across the United States, hospitals and other healthcare facilities are looking for ways to leverage technology to protect their staff, reduce their liability, and better serve their patients. Video surveillance is a critical component of your security plan that can contribute to these goals—but ensuring you remain compliant with HIPAA is crucial.
As healthcare workers know, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects patients’ personal health information—including identifiable photographs and video recordings of them—and specifies how that data must be handled. Not only do violations expose your patients’ data and harm your reputation; they come with steep penalties that can hurt your bottom line. To avoid this, let’s take a closer look at HIPAA and the use of surveillance video.
Indoor Video Camera Placement
The first step toward implementing HIPAA-compliant video surveillance in your healthcare facility is understanding where cameras may be placed and how they should be positioned.
HIPAA allows video recording in publicly accessible areas, including entrances and exits, waiting rooms, and hallways. These areas typically have the highest levels of foot traffic, and are thus the most crucial areas to monitor, allowing you to see who’s entered the facility, identify potential threats, and record footage of any incidents that occur.
However, HIPAA does not permit security cameras in bathrooms or changing rooms, so it’s important that any cameras placed in public areas are positioned to avoid capturing those areas. For instance, if there’s a restroom adjacent to your waiting room, will the security camera be able to “see” into it when the door is opened?
Outdoor Video Camera Placement
Video cameras are also highly valuable in your facility’s parking lots, parking garages, and other exterior spaces. Simply having visible cameras on and around the building can deter criminal activity, and they can provide an advance warning of potential security threats. And because they monitor staff, patient, and visitor vehicles, exterior video surveillance helps make your facility a safer place to work and visit.
Preventing PHI in Your Security Footage
In many healthcare settings, capturing protected health information (PHI) in your video footage is simply unavoidable. For example, cameras that monitor reception areas and nurse stations may have a view of computer screens where patient records are displayed. Because those records are considered PHI, your surveillance footage should also be treated as PHI.
With today’s powerful video surveillance software, there are options to keep your security system HIPAA-compliant. Privacy masking can be set up to permanently block out computer screens from your camera’s view. Dynamic masking can also be set up so that faces (or entire bodies) are automatically blurred to prevent identification. Depending on your needs, this process can happen during the video recording or during video playback.
In some cases, a hospital or clinic may use security cameras in patient rooms for monitoring purposes. To avoid capturing personally identifiable footage of the patient, thermal cameras may be used. From a central monitoring station, nurses can visually see where their patients are, whether they’ve fallen, and whether they have a fever. This reduces the number of in-room checks required, while recording footage without any identifiable images.
Limiting Access to Surveillance Video Footage
Regardless of the video surveillance technologies your facility may be using to remain HIPAA-compliant, you must take steps to keep the footage out of the wrong hands. This means all recordings should be encrypted, and access to your system must be restricted.
Foremost, any monitors your facility has in place for viewing footage or accessing the surveillance system should be placed in restricted areas without public access, positioned so that screens cannot be seen by any passersby.
ISG can integrate your video surveillance system with completely customizable access control. Footage can be available to certain authorized individuals, or to all users with a certain role. Permissions can also be assigned based on the region(s) where the footage was captured. Keeping an audit log of who accessed the system and when can help ensure that footage is viewed only as needed.
Of course, any staff members with access to video footage should receive thorough training on HIPAA policies as well as your facility’s own policies and procedures. Outline how, why, and when the security system may be accessed, monitored, and managed, and provide instructions for reporting any suspected violations of these rules.
In hospitals, clinics, doctors’ offices, and other healthcare settings, security cameras keep staff and patients safer while reducing the facility’s liability. To create a surveillance system that meets your needs while complying with federal regulations, you’ll need the expertise of security professionals—you’ll need ISG.