PCI & HIPAA Compliance

Answered

John Griffin

June 14, 2023 07:46 Edited

I saw a similar post about this but the question was never fully answered so I'm creating a new post. I install the Hanwha Rebrand of Witness and it caused a PCI compliance assessment failure due to hole punching from the camera VLAN into the PCI protected network. This led us to having to remove wave from the systems and install specific viewing workstations instead.

This led to other questions I'm at a loss to answer. While the camera system itself doesn't process credit card data, the cameras aimed at Cash drawers can sometimes get full quality glimpses of Credit card numbers as they are being inserted into the EMV readers. The customer has asked weather PCI/DSS Security standards are built into NX/WAVE/Spectrum to keep those images safe from theft and so has my attorney as we have to ensure these are kept safe in compliance with out Business Association Agreement.

I have a similar request from a medical facility concerned that the high definition cameras can often catch Protected Health Information from patient charts or computer/tablet screens that can sometimes be visible from the cameras in corridors and around nurse stations.

The main concern here is how NX/Wave/Spectrum connects to cloud servers and what data is transferred and handled by servers outside of the protected facilities as well as weather or not sessions are end to end encrypted between server and clients.

0

• 

  Wendy Chuang

  • Network Optix team

  June 29, 2023 07:28

  Hi John Griffin,

  Your questions should be answered in the following articles: 
  - What is Cloud Connect?
  - How Secure is Nx Cloud?

  Please let me know if you have additional questions after reviewing them.
  Thank you.

  0

Post is closed for comments.