1 · Where nextdooh sits in your HIPAA stack
nextdooh is a digital-signage CMS. It takes media you upload — images, videos, web URLs, tickers — and distributes them to display devices (Android TV, BrightSign, Tizen, webOS, Windows, Linux). It is not an EHR, a clinical workflow tool, or a patient-identifying display surface.
The intended HIPAA-adjacent use cases are:
- Hospital and clinic waiting-room boards showing wayfinding, non-identifying queue numbers, education, and emergency alerts.
- Pharmacy service-counter screens showing menus, OTC information, promotions.
- Cafeteria, lobby, and visitor news boards in healthcare facilities.
2 · Why a BAA isn't required for the standard service
HHS guidance frames a Business Associate as an entity that creates, receives, maintains, or transmits PHI on behalf of a covered entity. Because nextdooh's content store contains only operator-uploaded marketing media, wayfinding, and non-identifying tickers, no PHI flows through the platform. A BAA is therefore not required for the standard nextdooh deployment.
If your team's procurement workflow still wants a BAA "for the paper trail" we'll sign one — write to [email protected] and we'll route it through legal.
3 · Data we do collect
None of these categories qualify as PHI:
- Operator account email + name (login, support).
- Device serial / fingerprint (pairing, audit).
- Media playback proof-of-play logs (advertiser audit).
- Web/API access logs — IP, user-agent, route (security; 30-day retention).
- Payment metadata — last 4 of card, brand (Stripe vault; we never see PAN).
4 · Technical safeguards
- Transport: TLS 1.2+ on every API and WebSocket; HSTS on the marketing surface.
- At rest: Database volume AES-256; media object storage server-side encrypted.
- Auth: Bcrypt password hashing (cost 12), JWT bearer tokens. Email-code MFA enforced on every superadmin login and on sensitive privilege-escalation operations; TOTP-based MFA is on the roadmap.
- RBAC: Nine account scopes enforced at route + repository layer; reseller tenants are isolated.
- Audit log: Append-only — actor, IP, user-agent, timestamp on every privileged action and login.
- Backups: Nightly encrypted Postgres dumps to geographically isolated cold storage; 30-day rolling plus 12 monthly snapshots.
5 · Administrative safeguards
- Workforce production access limited to two named operators; access reviewed on each role change and at minimum annually.
- Workforce briefed on PHI handling, phishing, and incident response on join; refresher cadence at minimum annual.
- Vendor change control — every release peer-reviewed, version-controlled, deployed via signed automation.
- Incident-response runbook covering detection, triage, containment, breach assessment, and the 60-day customer notification window required by §164.404.
6 · When PHI does need to be displayed (custom engagement)
Some signage use cases legitimately show PHI — surgical schedules on a doctors-only OR board, room-level care assignments on a nursing station screen. For these we offer a custom-scope engagement with:
- Signed Business Associate Agreement aligned to the HIPAA Omnibus rule.
- Dedicated single-tenant deployment in your chosen region (US or EU).
- VNet peering or VPN into your network, on request.
- Customer-controlled retention windows and on-demand purge of media + playback logs.
- Access review on demand against the audit-log table.
Scope a custom engagement via [email protected].
Contact
Privacy & security: [email protected]
Operator: Kryil Infotech Pvt. Ltd. (nextdooh), Workflow Ranka Junction, 3rd Floor, 224, KR Puram, Bangalore – 560016, Karnataka, India
Data Protection Officer: available on request.