System design help needed

[Duncan345]

I'm trying to plan a camera system for my business and I could use some help. I need to have PTZ cameras in 3 rooms (1 camera per room). They all need to be controlled via a single control station in my office, preferably with a joystick. Each of the cameras also needs to be linked to a separate monitor which cannot be switched to the other cameras (for privacy/HIPAA reasons). The three individual monitors will all be in cubicles in another room within the office building.

How can I accomplish this? We are running Ubiquiti network gear and I have a QNAP TS-531X-2G already but have not yet purchased any other equipment. I could also use recommendations for cameras and the joystick. Thanks in advance!

 

[alastairstevenson]

I need to have PTZ cameras in 3 rooms (1 camera per room).

Level of zoom?
Coverage area / field of view range?
Day and night?

I have a QNAP TS-531X-2G alread

What are the storage and retention requirements?

 

[Duncan345]

I don't think we would need much zoom. Maybe 4x? These cameras would be mounted in the corner of an approximately 12'x12' room. Maybe it would be better to prioritize field of view over zoom. We only need to record during normal work hours. We would need to retain 30 days worth of video during work hours, so approximately 550 hours. It would be great if we could automatically save the video in 1 hour increments that are deleted after 30 days, unless we flag individual video files to be retained.

 

[Tizeye]

The HIPAA stipulation has me scratching my head as virtually anyone viewing/operating the PTZ would not be the provider of care, yet as a consultant within the extended care group, they would still have the same privacy/HIPAA requirements. You may want to run that by your legal team as exactly what is the camera operators status.
That aside, while absolute isolation to a specific patient would be separate machines dedicated to one camera and monitor. Using one machine, your office is going to meed to view all three cameras on one monitor, but for remote duplication of individual cameras, not certain. Essentially, you would be trying to keep a video feed whole on one monitor then split the same signal to three other monitors. Most arrangements like that - often seen as an array of monitors in stores - take a single signal and split portions between each monitor. This would also require a high end video card as I don't think the internal Intel video will handle more than two monitors. The other factor is - how far away are the cubicles and do they exceed HDMI distance limitations.

 

[Duncan345]

The HIPAA stipulation has me scratching my head as virtually anyone viewing/operating the PTZ would not be the provider of care, yet as a consultant within the extended care group, they would still have the same privacy/HIPAA requirements. You may want to run that by your legal team as exactly what is the camera operators status.
That aside, while absolute isolation to a specific patient would be separate machines dedicated to one camera and monitor. Using one machine, your office is going to meed to view all three cameras on one monitor, but for remote duplication of individual cameras, not certain. Essentially, you would be trying to keep a video feed whole on one monitor then split the same signal to three other monitors. Most arrangements like that - often seen as an array of monitors in stores - take a single signal and split portions between each monitor. This would also require a high end video card as I don't think the internal Intel video will handle more than two monitors. The other factor is - how far away are the cubicles and do they exceed HDMI distance limitations.

Thanks for the thoughtful reply! I was being vague before, but this setup is actually for my wife's clinic. She is a behavioral psychologist that works with kids with developmental disabilities. She will employ several behavioral technicians. She supervises the techs directly so her running the main camera terminal is not a HIPAA violation. Also, the fixed feed terminals are for the clients' parents to view privately in the cubicles. Again, not a HIPAA violation in this case. She already consulted her legal counsel (me!) on this.

The main problem I am having with planning this system is how to get the private terminals hooked up. Are there cameras available that have 2 outputs so I can run the 3 cameras to individual monitors while also running all 3 to the master terminal in my wife's office? Or is there a different way to accomplish this? The cubicles themselves are all in 1 room, well within HDMI reach from one another. The master terminal in my wife's office would be approximately a 40' run by the time you run up the wall, across the top of the ceiling down the hallway, and back down through the wall in the observation room.

 

[Mike A.]

The main problem I am having with planning this system is how to get the private terminals hooked up. Are there cameras available that have 2 outputs so I can run the 3 cameras to individual monitors while also running all 3 to the master terminal in my wife's office? Or is there a different way to accomplish this? The cubicles themselves are all in 1 room, well within HDMI reach from one another. The master terminal in my wife's office would be approximately a 40' run by the time you run up the wall, across the top of the ceiling down the hallway, and back down through the wall in the observation room.

Don't know HIPAA requirements specifically but I can't imagine that it would require actual physical segregation using separate outputs (otherwise it would be completely unreasonable to set up a standard IP network in such an environment to begin with forgetting cams). More likely you just need to restrict things on the same network in a way that provides whatever necessary level of security to ensure privacy. Again, not knowing HIPAA, I'm assuming that's done for your other computers/server access using passwords and/or possibly some virtual segregation within the network. That's all possible using passwords/accounts with different access levels on individual cams/the viewing computers, VLANs on the network side (which should be supported by your Ubiquiti gear), access controls on a central server like BI or NVR, etc. You just need to set up the proper restrictions however that specifically needs to be done in your case. A 40' run won't be a problem.

 

[Duncan345]

Hey Mike, I appreciate the response. Honestly I have no idea how to set this up so any help would be great. The only segregation required as far as HIPAA goes is that the "parent" terminals are all locked into a single video feed. I probably wasn't clear enough at first, so here goes: there are 3 therapy rooms. There will be a single camera in each therapy room. There will be an observation room with 3 private cubicles. Each of those cubicles will have a monitor that is permanently linked to its corresponding therapy room video feed. For example, if a parent brings in their kid for therapy and the kid is receiving treatment in therapy room 2, we want to be able to sit the parent down in cubicle #2 to view the feed in therapy room 2 without them being able to view other therapy rooms.

My wife, the clinic director, wants to be able to view all 3 of the video feeds in her office. She wants the ability to pan and zoom as required to view the therapy sessions. If she is panning around therapy room #1 she wants the parent monitor for therapy room #1 to mirror her screen.

I apologize if this is a dumb question but my only experience with cameras has been to set up a very basic, pre-packaged system at our house.

 

[Mike A.]

Not a dumb question at all. It's a typical real-world application. Problem is that there are lots of different ways that something like this could be done at various levels and lots of specifics involved so there's not really a simple "Do it this way" kind of answer without a lot more info (if then). Could be anything from a purely video-only system with hardware-based camera feed switching/control, or a networked system as I was describing above, or some possible variations in between depending on what you want and how you want/need to do it. Plus the HIPAA requirements on top that again I'm not up on so....

That said, as a general example what you *might* do in a similar circumstance would be set up networked cameras in each of the various therapy rooms. Those cams all would be connected to your office network (or possibly a separate network if necessary). Your wife also would be connected to that same network. Her machine would have full access to all cameras and full control over each (call it an admin or operator account) which can be implemented and enforced in various ways. In the cubicles you would have computers/other networked viewing devices (e.g., tablets, etc.) to view whatever networked camera feed. Could be either variable or fixed as far as which can see what at any given time depending on needs. Each would have more limited access rights to only a single cam at a time with limited functionality (e.g., no controls - call it a viewing only account). Again, that can be implemented/enforced in a variety of ways. So that's the basic general idea and relatively easily done at a high level.

Now how you implement that exactly and with the proper restrictions is where it gets more complicated and depends on a bunch of specifics. I started writing out some possible scenarios but it ends up being a book and too much for one post. Suffice to say for now that you could enforce access as simply as say passworded accounts on individual cams with different levels of access, to some central access control at a server level with BI or an NVR-type system, to separate VLANs, to harder physical network separation, or some various combinations. But bottom line it's all relatively standard stuff.

Are there certification requirements for hardware/software/design/cameras/recording equipment/etc. in a HIPAA environment? If so, then that obviously complicates things and limits your options.

 

[Tizeye]

Thanks for the additional info and can understand. I am an MSW with 17 years clinical experience (military and civilian) before I changed careers (wife also medical) so you can see why the initial confusion on HiPAA conflict. Adding to what Mike said, it is really quite simple and you can avoid the video cards and long HDMI runs. Wife's office a dedicated Blue Iris computer that controls all three. At the three viewing cubicles, dumb terminals running like SmartPSS on the same subnet as the BI machine. You will have to work with your IT person on this, but by setting up a separate subnet, it won't be viewable by other computers on the LAN, and likewise, the monitor stations wouldn't have access to other office data. Avoid IOS/android tablet as the app doesn't allow separating reception of all cameras. Technically, SmartPSS is the same as it will read all cameras on the LAN, but the non-desired cameras at each station can be deleted - staff instructed how is the cheapest way vs reprograming the software to limit the ip search range. But you IT person may be able to address those issues.

 

[Duncan345]

Okay, so it sounds like I can simply get three basic desktop computers for the viewing cubicles and then handle the privacy issues via network and software settings. For the master terminal in my wife's office, will the QNAP TS-531-X-2G be sufficient or will that only be useful as a NAS device to store the video files? It looks like Blue Iris requires a more robust system but this QNAP device has a built in camera control software. Also it looks like Blue Iris is Windows only and my wife is a die hard Mac user. Are there Mac options available or is she going to have to use a separate windows computer to manage the cameras?

I also need suggestions for cameras. I was looking at these: https://www.amazon.com/Reolink-Security-Megapixels-2560x1440-Optical/dp/B016UCNP08/ref=sr_1_1?s=electronics&ie=UTF8&qid=1504281345&sr=1-1&keywords=reolink+rlc-423

They seem to have a good enough zoom level for this indoor application. We have a PoE network so I would prefer PoE cameras.

 

[Mike A.]

Okay, so it sounds like I can simply get three basic desktop computers for the viewing cubicles and then handle the privacy issues via network and software settings. For the master terminal in my wife's office, will the QNAP TS-531-X-2G be sufficient or will that only be useful as a NAS device to store the video files? It looks like Blue Iris requires a more robust system but this QNAP device has a built in camera control software.

Something like an inexpensive all-in-one would probably work well (though some other disadvantages to them generally), or you could serve inexpensive terminals from a central server, or use tablets or whatever. You don't need much to just view things on the front end. On the back end, you don't need BI to do it. Though it's a good program and you might want to at some later point. If that version of the QNAP provides VMS-type functions it should do it.

At the most simple level you can work directly from the cameras themselves assuming that you go with reasonably functional cameras. Basically, it would go as follows:

- Set up an admin account on each of the therapy room cameras.
- Set up a viewing account on each camera (either one-to-one or multiple-to-one).
- On your wife's machine, set up whatever VMS that she'll use to access/control cameras and display things (single or 4-up tiled view or whatever).
- On the cubicle devices, set up some cam viewing program with just one of the cameras available or a browser pointing to a specific IP for a given camera(s) (or however you want to limit it or, alternately, make it more flexible any-to-any).

Done. In principle at least at a simple level. You'd need to harden things up on the client devices and network to restrict access as appropriate, for example, to keep someone from changing things on the device to view some other cam (don't know how supervised that may be), restrict access by others on your net as necessary, restrict Internet access in/out of the cams, etc., etc. How you want to do things beyond that like recording will affect how some of that needs to be done.