Skip to content
Lunarlink

Healthcare buyer's guide

Security buyer's guide — healthcare clinics & specialty practices

PHIPA-aware camera placement, privacy zoning, access control for clinical vs administrative areas, and audit-ready event logs.

8 minute read

Clinics have two security problems that don't appear in most commercial designs: clinical privacy and regulatory retention. The wrong camera in the wrong hallway is a PHIPA violation before it's a security feature.

Compliance at a glance

Four KPIs to benchmark.

Video retention
30–60 days
Access retention
7 years
Access zones
≥ 4
Privacy zones
On every clinical-adjacent camera

Priorities

What matters most, in order.

  1. 01Privacy zones in clinical areas

    Pixel-level masking over exam, treatment, and consult space.

  2. 02Zoned access control

    Clinical, pharmacy, admin, and records separated.

  3. 03Consent signage

    Placed and worded to PHIPA and IPC expectations.

  4. 04Searchable access logs

    Auditable by patient ID, staff ID, or date.

Where cameras go (and don't)

Lobbies, corridors, parking, loading, and supply rooms: cameras expected and defensible. Exam rooms, treatment areas, and anywhere a patient is being examined: no cameras, full stop.

Transition zones (corridors outside exam rooms, waiting areas visible from reception) need privacy zones masking any glimpse into clinical space. This is a configuration that any modern VMS supports — most installers simply don't enable it.

Access control zoning

Minimum four zones: public, clinical, pharmacy/records, and admin. Credentials should be role-based, not person-named, so a staff change doesn't require a global policy update.

Records-room access needs logged and retained audit trail. PHIPA requires the ability to produce access records for a given patient's file on demand — that means access control has to know what room holds which records.

Retention and audit

Retention windows are shorter than typical commercial (30–60 days for most areas) to minimize exposure, but every access event must be retained much longer (typically seven years) in alignment with CPSO and regulatory requirements.

Audit tools should be able to answer 'who accessed the records room between March 10 and March 15' in under a minute, with a clip of every entry.

RFP / vendor checklist

Use this to evaluate any quote.

  • PHIPA-compliant camera map

    Sign-off from clinic privacy officer. Privacy zones configured and tested.

  • Four-zone access control

    Public / clinical / pharmacy / admin separated with role-based credentials.

  • Records-room access logs

    Tied to patient-file retention schedule.

  • Consent signage

    Worded per IPC guidance. Visible at every entry.

  • Staff onboarding procedure

    Credential issuance tied to HR/HRIS. Revocation immediate on termination.

  • Data residency

    Canadian cloud region or on-prem. Cross-border storage prohibited for PHI-adjacent footage.

Red flags

Walk away if you see these.

  • Quote places cameras in or overlooking exam rooms.

  • No mention of privacy zones or PHIPA in the proposal.

  • Access control uses shared 'staff' credentials.

  • Vendor stores footage in US cloud without Canadian region option.

Want this guide applied to your site?

A site walk + written recommendation against this checklist, usually within a week.

Book an assessment See our healthcare page