CCTV in Healthcare

Whether we know it or not, almost every time we’re in a public place, we’re under surveillance by a CCTV camera. Usually, these cameras do not interfere with our privacy since we have no rights to privacy in public areas. However, their introduction into health care institutions such as hospitals, rehabilitation centers, and specialized nursing facilities can set up a facility for legal trouble.

Most medical care facilities are currently using CCTV cameras to monitor activity in the public sections of their buildings. Relatives of the patients have been continually seeking video surveillance in private patient care settings. Some relatives even have hidden cameras set up.

The use of CCTV in these environments poses a significant issue with the privacy of patients and staff. Congregated living facilities are governed by HIPAA (Health Insurance Portability and Accountability Act of 1996), and the medical information of the patient, including visual data, is secured. Permitting a patient to be recorded on video without their permission can infringe the HIPAA and result in penalties being imposed by the Civil Rights Office.

Whether the individual being filmed is in a position to give consent for CCTV surveillance is another concern for the health care institution. Although the individual may not be able to contribute on matters relating to their treatment and financial arrangements, a patient’s competence is not easy to establish. The patient may still be capable of deciding whether to use CCTV surveillance even though that person is not competent enough to make every one of his or her judgments.

A camera that was supposed to track one individual who has given consent to its use may also incidentally record another resident who hasn’t consented. Based on context, this could very easily lead to an invasion of privacy claim being filed.

Use of CCTV devices with the ability to capture audio may be considered as eavesdropping or wiretapping, based on the circumstances surrounding the recorded conversation. Most state laws permit recording a dialogue if one party involved in the conversation consents to the recording, but individual states require permission from both participants of the discussion before documenting. While the patient may have consented to the use of an audio capable CCTV surveillance device, the person who agrees may not always be a participant in every dialogue captured by the camera. More positively, specific clinicians will not have offered their permission to record their interactions and maybe the only ones involved in the conversation.

As the price of video surveillance technologies proceeds to decline, more and more hospitals are considering installing a camera in the patient rooms. Presently, only three states have passed laws that compel owners of nursing homes to install CCTV cameras in their private rooms. The hospital administration will still need to consider each request on an individual basis and carefully weigh the risk to the patients and their organization.

CCTV cameras in hospitals and private clinics may be useful in helping prevent or track crime in public areas, but knowing the privacy implications of having a surveillance system in place and the legal requirements is crucial.

Ethical guidance on disclosure of patient information

According to the FOIA (freedom of information act), private information may be revealed in the interest of the public, without permission, if the advantages of releasing the information outweigh both the public and the patient’s interest in keeping it private.

In general, consent should be sought unless it is not feasible to do so as it would subvert the reason for disclosure – for instance, by jeopardizing the prevention, detection, or prosecution of a serious offense.

For example, if a patient was captured on a CCTV video committing a serious assault in the waiting room of a clinic, it is doubtful that a practitioner will be blamed for abusing confidentiality and submitting the recording to the authorities (but the doctor should not provide information about their medical history or explanation for going to the hospital).

However, each decision to disclose such information should be considered on its own merits, and it’s advisable to check with the relevant authorities. Consider some of these learning points if you are planning to set up CCTV surveillance.

Things to consider before implementing CCTV program

• Identify the necessity for monitoring It is vital to understand whether it is justified to use Surveillance cameras. What is the objective, and is it a measure appropriate and proportionate to satisfy this need? Could more appropriate measures be put in place? For example:
  • Provision of improved lighting in a vandal-prone area;
  • Employing a receptionist so that waiting can be monitored more closely;
  • Purchase of a safe for sensitive files and documents;
  • Restricting access to some parts of the facility.
• Document your justifications for CCTV installation and ensure that they are reasonable and credible, such as crime prevention.
• The laws governing the use of CCTV are under continuous evaluation. As such, seek advice from your local state government about appropriate data protection measures, if necessary.
• Nominate one person within the institution, preferably the data controller, with the task of ensuring that your CCTV network follows relevant data protection regulations (e.g., GDPR, FOIA) and is in line with your obligation to keep patients safe.
• Seek expert guidance on the most suitable surveillance equipment, positioning of devices, facial recognition, time/date stamps, etc. As with any third-party provider, enter into a contract that provides assurances on topics such as protection and the confidentiality of patients while processing the footage.
• Install visible signs to make the public aware of the presence of CCTV cameras.
• Limit access to CCTV videos collected and show them only in a safe area. Data access should be restricted and permitted staff must be kept informed that abuse of the data is a crime. Audio and video redaction must be applied where appropriate to maintain privacy.
• Establish organizational policies to keep the details safely processed and managed. How long do you hold the records, for example? Retention intervals should be appropriate according to the reason for which they are to be used. Do not hold recordings any longer than needed, except when they are court evidence.
• Do not release patient images without permission, except in extraordinary cases when this may be in the interest of the public. When other civilians are captured on the same video, their faces should be blurred to protect their privacy.
• The privacy policy of your institution should address the deployment of cameras, secure video storage, redaction of innocent people’s faces, retention duration, police disclosure, and requests for access in compliance with FOIA.

There has been a rise in the number of inquiries from doctors and hospital management seeking guidance on the use of cameras in medical and dental facilities.

Typical questions arising from administrators thinking of installing surveillance gear include: “We suspect a staff member is pilfering our petty cash-can we mount CCTV to apprehend them?” and “We have received reports on a couple of allegedly abusive patients within the premises, and we’d like to add cameras in the reception area to discourage them.”

Organizations that have already set up CCTV devices more often call attorneys seeking guidance on whether or not to reveal details captured on camera. For example: “There was a bump in the parking lot -can we disclose CCTV footage to the involved party and/or authorities?” or “authorities are following up on a claim that a patient is unlawfully selling drugs in our waiting room and would like to see our recordings from last week.”

Consideration for implementing CCTV at a heath care facility

The choice to implement electronic surveillance within your health premises requires careful thought. Is the need to address the defined need appropriate and proportionate? How are the details being stored, obtained, analyzed, and by whom? Which video should be circulated, or must be shared? These are all key points that need to be addressed before installing security cameras, or you might be found in violation of data protection regulations.

It is mandatory to inform people that the CCTV is in operation, and for what reason, patients and staff must also be informed of their right to access the video featuring their faces. It is therefore advisable to use notices and social media posts with specifics on who to call for further inquiry.

There should be clear regulations put in place to respond to calls for access to recordings, even when a disclosure is determined to be acceptable and when it is not.

Note the interests of those persons involved, legal obligations, and public benefit before choosing to reveal videos that expose others. You may need to take specific steps to mask the identities of third parties caught in any recording, for instance, through the use of video and audio redaction software. When a video is revealed to an interested party, the disclosure date should be reported along with specifics of who was presented with the information (the identity of the individual and the agency they represent) and why it was sought.

Conclusion

Health service provision centers should make sure that the relevant state agencies have been informed that this type of information is being compiled and stored periodically. You must regularly examine the need and proportion of surveillance needed by the institution. They should review and ensure that relevant policies and regulations are in effect as outlined above and that adequate measures are in place to ensure adherence to privacy and security.

Thoroughly research the actual need for CCTV surveillance in the hospital and fully comply with data protection standards with both the installed and proposed CCTV deployments.