Does It Violate HIPAA to Have Security Cameras in the Dental Office?

We’ve addressed this support question regularly over the years when dental offices inquire whether their surveillance system violates HIPAA compliance and patient privacy. Let’s explore the topic balancing HIPAA compliance and job safety.

Benefits of Surveillance Cameras in Dental Offices

Surveillance cameras are beneficial for the security of the dental office. This may be part of the employer’s job safety plan.

Crimes in Healthcare Settings

According to the International Association for Healthcare Security and Safety (IAHSS) Foundation, the types of crimes reported in hospital settings include violent acts by criminals who entered the facility to commit robbery or another crime. Several years ago, IAHSS reported ten types of crimes in hospital settings:

• Murder
• Rape
• Robbery
• Aggravated Assault
• Simple Assault
• Burglary
• Theft
• Motor Vehicle Theft
• Vandalism
• Disorderly Conduct[1]

Crime Incidents in Dental Offices

Granted, hospitals and dental offices are different types of healthcare settings; however, take a look at recent violent crimes that occurred in dental offices.

• In February of this year, a young dentist was stabbed multiple times by a patient.
• In March of this year, we learned of a California dentist gunned down by a disgruntled patient.
  These incidents do not take into account other crimes occurring in dental practices such as theft and vandalism. Recently, I worked in a dental office that had a full-time security officer on duty.

Security Benefits vs. HIPAA Risks

Surveillance cameras can promote greater security of the dental office grounds. On the other hand, are the cameras a risk for patient privacy and a potential violation of HIPAA?

HIPAA Security Rule Safeguards

First, let’s consider the three main safeguards under the Security Rule. The basic compliance with the HIPAA Security Rule includes:

1. Administrative safeguards
2. Technical safeguards
3. Physical safeguards[2]

Physical Safeguards and Surveillance Cameras

As far as physical safeguards are concerned, having physical safeguards in place could be part of your HIPAA compliance. Physical safeguards involve limiting access to the facility to ensure only authorized access. For example, unauthorized persons should not be able to access the file server closet. Video surveillance can provide proof of who accessed these restricted areas.

Placement of Surveillance Cameras

However, there is a stark contrast between videoing public areas such as parking lots, parking garages, entrance and exit doorways, reception areas, and hallways where there is no reasonable expectation of privacy versus a treatment room where people expect privacy. Therefore, if you incorporate surveillance cameras, placement of the cameras is critical to avoid violating HIPAA.

Avoiding PHI Violations

Caution must be exercised to ensure that protected health information (PHI) is not recorded near or around the reception area without built-in security protections. For example:

• If the camera footage captures the front desk area, the computer monitors should not be visible.
• Audio being recorded, if any, should not capture PHI.

Triggering HIPAA Compliance

Any PHI that is captured triggers HIPAA compliance. This includes whether the patient consented to the camera footage, who can access the footage, and how the video data is stored.

Ensure Compliance

Ensure end-to-end encryption and incorporate evaluation of the surveillance systems as part of your HIPAA Security Risk Assessment to detect any system vulnerabilities.

Summary

In summary, if you are going to incorporate surveillance cameras, placement is critical to avoid violating a patient’s PHI. Work with a reputable HIPAA-compliant security professional who understands the parameters of compliance.

Want to learn more about our services?

References:
[1] IAHSS Healthcare Crime Survey, accessed on May 10, 2024
[2] HIPAA Security Rule Overview, accessed on May 10, 2024