Main Nav


Seeking input and advice from anyone who may have embarked down this path, successfully or otherwise ;-)

An entity on our campus is looking to digitally video tape adolescent speech therapy patients in the clinical setting and make the session available to students in the program, faculty and other staff members both on and off campus.

This clearly (at least to me) seems to be a HIPAA covered activity as the kids are patients, they pay for the services etc.  I would presume then that all the attendant protections must be in place for encrypting and limiting access to the data even if the patients name and identifying information is stripped off the video file.

I can envision a scenario where a video of some child with a speech impediment makes its way to YouTube or social networking and despite the lack of name the patient is recognized.

Has anyone else set up this kind of activity and what safeguards were used?

Thanks, off line responses welcome.





Ed Hudson, CISM
Information Security Office
California State University, Chico
Office: (530) 898-6307