Most businesses treat physical security as a set-it-and-forget-it install. A camera DVR in the closet. Shared key fobs with no audit trail. A keypad code everyone knows.

That’s not a security system. And for healthcare practices under HIPAA, it’s a compliance gap waiting to become a breach.

JP Technical manages physical security the same way we manage your IT — as an ongoing, monitored, documented service. We deploy enterprise-grade camera surveillance and biometric access control entirely on your premises. No footage goes to the cloud. No access logs live on a vendor server. No subscription fees to a third party just to keep your doors working.

We also handle the compliance piece — generating the audit logs, access reports, and documentation your HIPAA assessor actually wants to see.

What We Deploy

📷 Camera Surveillance — Frigate NVR

• Runs on your on-site server or dedicated hardware
• Real-time AI object detection: people, vehicles, packages — no cloud processing required
• Optional facial recognition for known staff (fully local — no biometric data leaves your network)
• Footage stored on-site with configurable retention (30, 60, or 90 days)
• Motion-triggered alerts and clips; accessible via secure remote tunnel
• Integrates with most existing IP cameras using standard ONVIF/RTSP protocols

🔑 Physical Access Control — Suprema BioStar 2

• Enterprise access control used in hospitals and clinics worldwide
• Runs entirely on your server — no cloud account required for daily operation
• Supports every credential type: RFID cards/fobs, fingerprint, facial recognition, mobile (NFC/Bluetooth), and PIN
• Per-user, per-door, per-schedule rules — “Dr. Jones can enter the medication room weekdays 7am–8pm”
• Full access event logs: who, when, which door, granted or denied
• Tamper detection on all readers, encrypted communication (OSDP v2 — not legacy Wiegand)
• Immutable audit logs retained for HIPAA-required 6 years

⚙️ Integration & Automation

• Frigate camera events and BioStar 2 access events correlated in real time
• Unknown person detected at back door after hours → alert fires + door stays locked
• After-hours door open event → immediate notification to on-call staff
• Emergency lockdown procedures documented and tested

Why On-Premises Matters for HIPAA

HIPAA’s Physical Safeguards (45 CFR § 164.310) require documented, auditable, individual-level access control to any facility housing ePHI.

Most physical security vendors — Verkada, Kisi, Openpath, Brivo — are cloud-required. When you use them, your footage is on their servers, your access logs live in their database, and you need a Business Associate Agreement with every vendor. If their service goes down, your system may stop working.

With JP Technical’s on-premises stack:

• Footage never leaves your building
• Access logs stored on your hardware, retained 6 years per HIPAA requirements
• No BAA needed with your camera or access control vendor
• Works during internet outages — critical in Alaska
• Hardware you own, software you control

“Your current system can’t tell you who walked into your server room at 3am last Tuesday. Ours can — with a photo, a timestamp, and six years of log retention. None of it ever leaves your building.”

Who This Is For

• Medical and dental practices managing physical access to patient record areas, medication storage, and server rooms
• Behavioral health clinics where staff-only areas require documented access trails
• Healthcare practices on Compliancy Group who need physical safeguards documentation to match their digital compliance posture
• Any HIPAA-covered entity that wants physical security to actually satisfy an auditor — not just check a box

Frequently Asked Questions

Does my footage or access data ever leave my building? No. Both Frigate NVR and Suprema BioStar 2 run entirely on hardware in your facility. We manage them remotely via an encrypted tunnel — we never move your data to our servers or any third-party cloud.

What if my internet goes down? Your doors keep working. Your cameras keep recording. Access logs keep logging. The system is designed to function without internet connectivity — which matters in Alaska where outages happen. Remote management is temporarily unavailable, but nothing on-site is affected.

Can employees use their phones instead of a badge? Yes. Suprema BioStar 2 supports NFC and Bluetooth mobile credentials via their app. Employees can use phone, card/fob, fingerprint, or PIN — you choose which methods are allowed per door.

Do you require us to replace our existing cameras? Not necessarily. Frigate supports most IP cameras using standard ONVIF/RTSP protocols. In many cases we can integrate your existing cameras. We’ll assess compatibility during the initial consultation.

Is this a replacement for our IT service or an add-on? It’s an add-on. Physical security integrates with your existing JP Technical managed IT service. Existing clients get bundled compliance documentation — your physical and digital HIPAA posture under one managed service provider.

How does this help with our HIPAA audit? We generate the documentation your assessor needs: facility access control policy, access log exports, maintenance records, and a physical safeguards narrative aligned to 45 CFR § 164.310. This is the documentation most practices are missing when they get audited.

Ready to Make Your Physical Security Audit-Ready?

30-minute consultation — we’ll review your current setup and identify gaps. No obligation.

For existing JP Technical clients: ask your account manager to add Physical Security to your next review.