THOUGHT CENTER > Blog > Industries

HIPAA Compliance Structure for Hospital Security

February 28, 2022

In any medical facility, the safety and privacy of patients should be considered paramount. This is why the HIPAA (Healthcare Insurance Portability and Accountability Act) created guidelines covering IT and security equipment.

When assessing the IT and security equipment needs, hospitals can check HIPAA\s recommendations, which include the following critical considerations:

Protect Computers and Devices

In order to comply with HIPAA’s regulations, hospitals must take all steps necessary to keep protected health information (PHI) private. This means the devices and hardware that store PHI must be protected and subject to privacy and security best practices. These include:

  • All users of computers or devices must have their own account and secure passwords. This will improve visibility and allow administrators and management to monitor who is accessing the systems, and it will also limit access to authorized individuals.
  • Sensitive information must have off-site or secondary backups. Backups are already mandatory for firms and institutions, but HIPAA mandates off-site backups because it allows PHI to be restored in case something happens to the hospital itself, such as fire or any calamities.
  • Firewalls and anti-malware are mandatory for all computers. The IT team must ensure that all hardware in the site are kept safe from cyber-attacks, and must practice due vigilance.

Follow Proper Procedures for Surveillance Camera Placement

Installing surveillance camera systems in the hospital will help protect against or deter theft and violent behavior. Hospitals are generally allowed to install surveillance cameras in most areas in the hospital, except for areas with obvious privacy issues, such as bathrooms or directly in front of a computer screen.

This means the hospital can install security cameras in entrances and exits, fire escapes, elevators, storage closets, hallways, waiting rooms, and other public areas. While many hospitals choose to place a “video monitoring in progress” sign in their waiting rooms, this is not necessary because it is a public area and patients do not expect a reasonable amount of privacy. The only time a hospital will be in violation of HIPAA regulations is if they release the identity or medical information of the patients to third parties.

Enable Access Control

Under HIPAA’s regulations, hospitals need to implement access control in order to prevent unauthorized or unwanted parties from entering specific areas of the hospital or getting access to sensitive information. Systems could be put in place, particularly those that use biometrics/fingerprint scanners, proximity readers, ID systems, video monitors, CCTV surveillance systems, and others. To comply with these, hospitals may want to consult with a security vendor or their in-house IT department.

Take a look at Mammoth Security projects, for example, CCTV security cameras in New Britain CT.





I’m not just another sales guy. I’m a security expert ready to discuss your security strategy one-on-one.

Let’s discuss your security strategy and get you a tailored solution that will perfectly fit your security expectations.

Get your FREE copy of ‘Top 10 Questions to Ask Before Purchasing A Camera System’