Back to blog home

How to Protect PHI with Security Cameras & Integrated Access Control

Team Rhombus | Rhombus Blog
by Team Rhombus, on July 03, 2021
Industry Solutions
How to Protect PHI with Security Cameras & Integrated Access Control | Blog

For healthcare organizations and other companies that follow HIPAA regulations, protecting Personal Health Information (PHI) from unauthorized access is a major concern. In this era of smart devices and interconnectivity, there are many ways to secure PHI—and this means that a higher degree of vigilance is expected.

While many organizations use basic video surveillance for physical security, modern solutions like smart security cameras can take it a step further. Smart security cameras can be a powerful tool for protecting PHI according to HIPAA guidelines, especially when combined with integrated access control.

In this article, we’ll cover how you can protect PHI by using smart security cameras with integrated access control to:

  • Comply with the HIPAA Security Rule: Document access with auto-generated video
  • Improve badge-based access control: Identify when badges are misused, stolen, or missing
  • Crack down on tailgating: Automatically spot tailgating in PHI-restricted areas

For background on using security cameras to enhance HIPAA compliance, check out HIPAA Compliance and Video Security – What You Need to Know.

Comply with the HIPAA Security Rule

When it comes to protecting PHI, the primary guidelines you’ll be following are the HIPAA Security Rule and HIPAA Privacy Rule. Together, they lay out the standards that organizations must follow to protect sensitive patient information.

“The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.” - HHS.gov

These ‘physical safeguards’ that the Security Rule describes have two main goals:

  1. To restrict physical access to sensitive information, and
  2. To create a documented trail of who accesses sensitive information and when.

Video surveillance and access control help organizations accomplish these goals and thus comply with the Security Rule.

Video Documentation & Easy Investigation of PHI Access Events

Security footage creates a reliable documented trail of who had physical access to PHI and when. When integrated with an access control system, your organization receives automatically generated video clips of all access events. This creates a video record of whenever an individual enters an area that provides access to sensitive information complete with badge details.

This also provides an easy way for organizations to not just record entry activity, but investigate it as well. Integrated smart camera systems automatically mark all entry activity (authorized, unauthorized, and tailgating) within the video player, making it easy to review PHI access events. Investigations and audits become simpler and require less labor; with automatically categorized activity and AI-powered search filters, you can easily find the footage you’re looking for.

Automatically Control & Monitor Access to PHI

Access control systems are designed to automatically monitor, verify, and control access to restricted areas. In healthcare settings, this helps protect patients, employees, and sensitive patient information—making it a great tool to help comply with HIPAA Security Rule regulations.

However, access control systems have their limitations. Companies can greatly improve their access control—and their ability to meet regulations—by integrating it with smart security cameras. With 24/7 footage and AI analytic features, integrated smart cameras can help access control systems automatically verify badge credentials, prevent unauthorized access, and prevent tailgating.

rhombus-video-surveillance-access-control-badge-unauthorized-alert

When there's unexpected or suspicious entry activity at your facility, receive automatic alerts with video clips and badge details.

Improve Badge-Based Access Control—Identify When Credentials Are Misused, Stolen, or Missing

Many hospitals and other healthcare facilities use smart access control systems to manage employee badges and control individuals’ access to secure areas. This both improves hospital security and helps protect access to restricted areas that contain Personal Health Information, but has some shortcomings when used alone.

Potential Shortcomings of Badge-Based Access Control

Badge-based access control greatly improves security, but staff badges can be lost, misplaced, or stolen. Badges can be deactivated, but there’s a time gap between when a badge goes missing and when it’s reported as missing.

This can create security risks. Without an integrated video security system, access control systems can only verify the badge itself—they can’t check to make sure that the correct person is using the badge.

In other words, if Person A uses Person B’s badge to enter a secure location, there’s no way to tell. This creates two problems:

  • Person A may be unauthorized and accessing restricted areas and PHI.
  • The system will record Person B as accessing the restricted area/PHI, when it was actually Person A. This creates confusion in the case of an audit or investigation that will take extra work to unravel.

Enhancing Badge-Based Access Control

Using smart security cameras can go a long way to preventing these issues with badge-based entry—especially when they integrate with your access control system.

In fact, integrated smart cameras can protect your organization from stolen badges before you know they’re missing. The integrated system monitors for issues 24/7, and by leveraging facial recognition technology, it can automatically issue alerts when there’s a discrepancy whether or not a missing badge has been reported.

Once the smart camera + access control integration is set up, the systems will automatically monitor your entry points. When a person uses a badge or credential to enter, both systems will work seamlessy together.

The access control system verifies if the credential is from an authorized or unauthorized user.

  1. Once the credential has been verified, the smart camera system analyzes the individual’s face and uses facial recognition technology to determine if the person is using the correct credential. Tip: You can aid this feature by uploading employee headshots.
  2. If the badge ID and the person “seen” using the badge don’t match, the system can send a real-time alert with a video clip of the access event. From there, you can quickly determine if there’s a problem and take appropriate action.

The more effectively you can verify and enforce proper access control, the better you can protect PHI and meet HIPAA guidelines.

Crack Down on Tailgating

Tailgating can pose a serious security threat to healthcare facilities. Tailgaters can gain unauthorized access to restricted locations and equipment, putting PHI and patient safety at risk.

Due to the nature of tailgating, most credential-based access control systems can’t adequately address it alone. However, a smart video security system + integrated access control can provide additional protection against it.

Automatically Identify Tailgating

Smart video surveillance platforms can use AI analytics to automatically identify tailgating. Smart cameras can identify ‘human movement’ and recognize if multiple people enter an access point with just one badge entry.

Receive Custom Tailgating Alerts

You can set up custom alerts for when tailgating occurs. These alerts contain all badge information and corresponding video footage so that the person reviewing the events—such as a security guard—can make an educated decision on how to respond.

This puts control over tailgating in your hands with a minimal amount of work. Because monitoring and alerts happen automatically, you gain additional protection from tailgating without spending excess time and labor on it.

Takeaways

There are many ways to protect Personal Health Information in a way that complies with HIPAA regulations, and most healthcare organizations use many different protocols and systems to ensure compliance.

Separately, video security and access control systems both aid HIPAA compliance. But when combined in an integrated solution, these systems truly shine and provide a thorough and seamless layer of protection.

Poduim with two Rhombus cameras and a computer and phone showing the console

Try Rhombus for Free!

See why school districts, cities, and Fortune 500 companies use Rhombus

Start Trial