HIPAA COMPLIANCE STATEMENT

Our Commitment to Healthcare Security

INFINITECH understands the critical importance of protecting Protected Health Information (PHI) in healthcare environments. As a trusted provider of surveillance systems, access control, and network infrastructure for healthcare facilities, we are committed to supporting our clients' compliance with the Health Insurance Portability and Accountability Act (HIPAA) and related regulations.

This statement outlines how INFINITECH assists healthcare organizations in maintaining HIPAA compliance through secure technology solutions and professional installation practices.

Understanding Our Role

Business Associate Relationship

INFINITECH may act as a Business Associate under HIPAA when we provide services that involve potential access to PHI. In such cases, we enter into a Business Associate Agreement (BAA) with covered entities that:

• Defines permitted uses and disclosures of PHI
• Requires appropriate safeguards to prevent misuse of PHI
• Mandates reporting of security incidents and breaches
• Ensures PHI is returned or destroyed upon contract termination
• Allows for audits and compliance verification

Technology Provider vs. Data Controller

It is important to understand that INFINITECH provides security infrastructure but does not:

• Own or control surveillance footage or access logs
• Determine what PHI is collected or how it is used
• Have routine access to installed systems without authorization
• Store or retain PHI on our systems
• Make decisions about PHI retention or disclosure

HIPAA Security Rule Compliance

Our security solutions are designed to support compliance with HIPAA's Security Rule requirements:

Surveillance Systems in Healthcare

PHI Considerations

Surveillance cameras in healthcare facilities may capture PHI, including:

• Patient identities and movements
• Medical conditions visible on camera
• Treatment areas and procedures
• Visitor information and access patterns

Our HIPAA-Compliant Solutions Include:

• Encryption: Video streams and stored footage encrypted using AES-256 or higher
• Access Controls: Role-based access with multi-factor authentication
• Audit Trails: Comprehensive logging of all system access and video retrieval
• Secure Storage: On-premise or HIPAA-compliant cloud storage options
• Privacy Masking: Capability to blur or mask sensitive areas
• Automatic Deletion: Configurable retention policies with secure data disposal
• Network Segmentation: Isolated VLANs for surveillance infrastructure
• Tamper Detection: Alerts for unauthorized camera access or system modifications

Camera Placement Best Practices

We consult with healthcare clients on appropriate camera placement:

• Avoid direct views of patient treatment areas where reasonable
• Use privacy zones in exam rooms and bathrooms
• Focus on access points, corridors, and public areas
• Document all camera locations and fields of view
• Post appropriate signage notifying individuals of surveillance

Access Control Systems

Protecting Restricted Areas

Our access control solutions help healthcare organizations restrict access to areas containing PHI:

• Medical records rooms and file storage
• Server rooms and IT infrastructure
• Pharmacy and medication storage
• Laboratory and testing areas
• Executive offices and administrative areas

HIPAA-Compliant Features:

• User Authentication: Biometric, card, PIN, or multi-factor authentication
• Access Logging: Detailed audit trails of all entry attempts and access grants
• Time-Based Restrictions: Limit access by time of day, day of week, or role
• Emergency Override: Controlled emergency access with mandatory logging
• Automatic Lockdown: Triggered lockdown capabilities for security incidents
• Integration: Synchronization with HR systems for automatic credential revocation

Network Infrastructure Security

Our structured cabling and network solutions support HIPAA compliance by:

• Creating physically secure network infrastructure
• Enabling network segmentation and VLANs
• Supporting encryption for data in transit
• Providing redundancy for critical healthcare systems
• Using certified, tamper-evident cabling in sensitive areas
• Documenting complete network topology for risk assessments

Employee Training and Awareness

All INFINITECH employees who work on healthcare projects receive training on:

• HIPAA Privacy and Security Rules
• Recognizing and protecting PHI
• Confidentiality and non-disclosure obligations
• Incident reporting procedures
• Minimum necessary access principles
• Secure handling of equipment and documentation

Security Incident Response

INFINITECH maintains procedures for identifying and responding to security incidents:

• Immediate notification to client's security officer
• Incident documentation and investigation
• Mitigation of ongoing security risks
• Cooperation with breach notification requirements
• Post-incident analysis and remediation

We report any suspected security incidents involving PHI within 24 hours of discovery.

Client Responsibilities

While INFINITECH provides HIPAA-compliant technology, healthcare clients remain responsible for:

• Conducting privacy and security risk assessments
• Establishing policies for system use and PHI handling
• Training staff on proper system operation
• Managing user access and credential assignments
• Monitoring systems for unauthorized access
• Maintaining audit logs and conducting periodic reviews
• Ensuring compliance with state and federal privacy laws
• Posting required notices about surveillance and recording

Ongoing Compliance Support

INFINITECH supports our healthcare clients' ongoing compliance through:

• Regular security updates and firmware patches
• Annual security assessments and audits
• Technical support for compliance questions
• System configuration reviews
• Documentation updates and maintenance
• Consultation on evolving HIPAA requirements

Certifications and Standards

INFINITECH and our technology partners maintain certifications including:

• Manufacturer certifications for all installed equipment
• Industry-standard installation practices (BICSI, TIA/EIA)
• Regular security training and awareness programs
• Adherence to NIST Cybersecurity Framework

Questions and BAA Requests

For healthcare organizations interested in our HIPAA-compliant solutions or to request a Business Associate Agreement: