HIPAA Compliance Info

In general, if the cameras don't record HIPAA sensitive information/ patient records, usually compliance is not an issue.

In a nutshell, HIPAA compliance really means that the "patient" health information (PHI) and the patient cannot be connected with a diagnosis.  So, if for instance you were at the mental health center and you saw your neighbor there being "treated" (i.e., given medication, or whatever treatment) that could possibly be considered a violation of privacy. The patient's illness and patient identity must remain private and out of public view.

Just remember, cameras should not be placed in areas that show patient information of any kind, where the public might be able to see the monitor and what is taking place with the patient or patient information.  The monitor has to be in a secure area away from the public eye so as to maintain the privacy of the patient and their treatment.  I would recommend visiting the

In reality, your biggest concern is who will have access to viewing the "live" feed of the cameras.  Let me reiterate, the monitor must not be seen or accessed by the public.  The facility should have policies in place that restrict access to the video and/or, viewing of by unauthorized persons.

I would be happy to discuss further if you want to leave your contact information.

I worked on a hospital project and they were told that visitors shouldn't see the video system monitors. Their security room was in the front on the main level by the ER and had large windows that you could see in and see the monitors if you really tried. They had been this way since the 90s and felt it was a deterrent to see they had a video system. They simply tinted the windows extremely dark. 

from my experience at a very large health care company's internal support desk back in the day,  HIPAA compliance generally requires strict access controls to 'patient data'.  Meaning it's how the data is protected and accessed that matters to them.

Protecting patient data from the public is one thing  - but protecting that data from inappropriate access by internal employees is just as regulated.   example:  employee accesses famous persons records out of general curiosity and is not care-related.  Simply accessing the patient data without cause got people fired there.

Because recorded video is queried for differently than patient records, I wonder how scrubbing around on a time-line looking for security-related information - and inadvertently seeing a famous person walking into an AIDS clinic - would be viewed by the HIPAA compliance people?