Security surveillance cameras are in many practices these days, offering patients and staff an added safety measure. But when it comes to healthcare, there are extra HIPAA considerations to be aware of if you opt to use these cameras.
Posted in Risk Management on Tuesday, October 12, 2021
Chances are, your practice has a security camera or two somewhere on the premises. When they're in public areas such as front and back entrances, they are generally accepted by patients and staff alike. Still, even these cameras should be accompanied by a highly visible notice that the areas are being monitored by video surveillance.
When using security cameras, it is vital that they don’t compromise patients’ protected health information (PHI). Keep in mind that PHI not only includes information in the clinical records, but also biometric identifiers such as voice prints and full-face photographic images.
Steps to Reduce Risk
Safe Camera Locations
To mitigate a HIPAA violation or allegation of a PHI breach, make sure that cameras are not installed in private areas such as exam rooms. You should also ensure that there is no possibility that the public could view any recorded footage or information.
Create a policy and procedure for your staff regarding the use of, management and disposal of the cameras/recordings. It also can be beneficial to identify:
- Who will have access to the recordings
- How long the recordings will be saved
- Where the recordings will be saved
- How the recordings will be disposed of (disposal must be consistent with disposing other PHI, if present)
- How recordings will be released (if there is a request) in a manner that prevents the unintentional release of other PHI
- How to prevent or minimize the potential for hacking
- What encryption is used if video is stored electronically
- When to obtain a business associate agreement If cameras will be monitored by a third party
- The necessary HIPAA training for staff who has access to PHI in the recordings
Risk Versus Reward
Although security cameras must be used with caution to avoid compromising patient privacy, they likely are here for the long haul. As you put security measures in place at your practice, make sure PHI confidentiality remains a priority.