Why medical and dental practices should never upload patient videos to cloud editors

April 2026 · 8 min read · Compliance

Every week, somewhere in a dental practice or outpatient clinic, a staff member needs to trim a short clip — a telehealth recording, a patient education video, a pre-op consultation captured on an iPad. They open a browser, search for a free video trimmer, and upload the file to Clideo or Kapwing. The task takes three minutes. The HIPAA violation takes longer to discover.

This article is not about malicious actors. It is about a structural mismatch: cloud video editors were not designed with healthcare in mind, and the default architecture of every mainstream online editor — upload, process, download — is incompatible with the HIPAA requirement to control where Protected Health Information travels.

What counts as PHI in video footage

Protected Health Information (PHI) under HIPAA is any information that can be used to identify an individual and that relates to their health condition, treatment, or payment for care. The definition is broader than most clinicians assume, and video footage crosses the threshold easily.

A video contains PHI if it includes any of the following:

The patient's face, voice, or other biometric identifiers
References to a diagnosis, treatment plan, medication, or procedure
Dates of service, appointment times, or scheduling information visible or audible in the recording
The name of the treating provider combined with any patient-identifiable content
Any incidental patient information captured in the background — a whiteboard, a monitor, a document on a desk

Under this definition, nearly every video recorded in a clinical setting qualifies as PHI. Telehealth session recordings are PHI. Pre-operative consultation recordings are PHI. Patient education walkthroughs that show the patient receiving instruction are PHI. Dental intraoral camera footage exported for a referral is PHI. Even a training video that shows a real patient in the background without obtaining proper authorisation is PHI.

The HHS Office for Civil Rights (OCR) has made clear in guidance that video, audio, and photographic content are subject to the same HIPAA protections as text-based medical records.

Why cloud video editors are a HIPAA problem

HIPAA's Privacy Rule and Security Rule restrict how covered entities — and their business associates — may use, store, and transmit PHI. The core requirement relevant here is simple: before you disclose PHI to a third party, that third party must be a Business Associate under a signed Business Associate Agreement (BAA), and they must maintain safeguards equivalent to those required of covered entities.

When you upload a patient video to a cloud video editor, you are disclosing PHI to a third party. That third party receives your file on their servers. Their employees, automated systems, and contractors may have access to it. Their security posture — encryption standards, access controls, breach notification procedures — becomes directly relevant to your compliance.

Most cloud video editors are not healthcare companies. They are consumer or prosumer software products with privacy policies written for general audiences. They are not prepared to sign BAAs, and most of them have never considered it.

The BAA requirement most practices miss

A Business Associate Agreement is a written contract in which the vendor agrees to:

Use PHI only for the purposes specified in the agreement
Implement appropriate administrative, physical, and technical safeguards
Report breaches to the covered entity within required timeframes
Return or destroy PHI at the end of the engagement
Ensure their own subcontractors comply with equivalent requirements

Without a signed BAA, a vendor cannot lawfully receive PHI from a covered entity under HIPAA, regardless of how good their security practices are. The BAA is a legal prerequisite, not a technicality.

Some large platforms do offer BAAs for healthcare customers. Google Workspace has a HIPAA-eligible tier with a signed BAA. Microsoft 365 offers a BAA. Zoom offers a Healthcare plan with a BAA. But these BAAs are plan-specific, account-specific, and require deliberate configuration. A clinician uploading a patient video to a personal Gmail-linked Google Drive is not operating under a Google BAA. A practice using a standard Zoom account is not operating under Zoom's healthcare BAA.

For consumer-grade video editors specifically: neither Clideo nor Kapwing publicly offers a Business Associate Agreement for healthcare customers. There is no healthcare tier, no compliance documentation, and no BAA process documented on either platform as of early 2026. Uploading PHI to either service is not HIPAA-permissible under any current configuration.

What actually happens when you upload to Clideo or Kapwing

It is worth being precise about the technical sequence, because the phrase "edit in your browser" creates a misleading impression of local processing.

When you upload a video to Clideo:

Your browser transmits the entire file — including any patient audio, faces, and metadata — to Clideo's servers over HTTPS
The file is stored on cloud infrastructure (typically AWS or equivalent) while processing occurs
Server-side software processes the file
The output is stored temporarily on Clideo's servers until you download it
The original and the output are scheduled for deletion after a retention window — typically a few hours

The same technical sequence applies to Kapwing and to the video processing functions of tools like EZGIF. The interface runs in your browser; the processing does not. Your patient's face, voice, and health context leave your device and reside on infrastructure you do not control, operated by a company that has not agreed to HIPAA obligations.

Clideo's and Kapwing's privacy policies are reasonable documents for consumer contexts. They describe standard security measures and limited retention windows. But reasonable consumer privacy practices are not the same as HIPAA compliance. The absence of a BAA means that from a regulatory standpoint, the upload is an impermissible disclosure of PHI, regardless of what happens to the file afterward.

Browser-only processing: how it eliminates the risk

The architectural alternative to cloud processing is local processing in the browser, using WebAssembly. This is not a new concept in computing, but its application to video editing has matured significantly in the past few years.

WebAssembly (Wasm) allows compiled C/C++ programs — like FFmpeg, the industry-standard video processing library — to run inside a browser tab at near-native speed. The browser's JavaScript engine executes the Wasm binary directly on your device's CPU. The video file is read from your disk into browser memory using the browser's File API. Processing happens entirely in that memory space. The output is written back to your disk via a download prompt.

At no point in this sequence does any data leave your device. There are no server requests carrying video content. There is no cloud infrastructure involved in the processing. The vendor's servers are not in the chain.

From a HIPAA perspective, this architecture eliminates the disclosure problem entirely. If the video never leaves the device, there is no third-party recipient, no BAA requirement, and no exposure to a vendor's security posture. The risk category disappears rather than being mitigated.

This is not a policy claim. It is an architectural fact verifiable with browser developer tools: open the Network tab in Chrome DevTools, load a video into a browser-side Wasm editor, and observe that no large outbound request occurs during processing.

How TrimPrivate works (no upload, no server, no BAA needed)

TrimPrivate is built on FFmpeg.wasm — a WebAssembly port of the full FFmpeg library compiled to run in the browser. When you open TrimPrivate and select a video file, the sequence is as follows:

The browser's File API reads your video into local browser memory. No network request is made.
FFmpeg.wasm processes the file inside the browser tab using your device's CPU. For trimming, the default mode is stream copy: the selected segment is extracted without re-encoding, completing in seconds regardless of file size.
The processed output is written to a temporary blob URL in browser memory.
You download the output. It transfers from browser memory directly to your device storage.
When you close the tab, browser memory is released. No copy of your video persists anywhere outside your device.

The only outbound network request TrimPrivate makes during an export is a small JSON payload used for rate limiting — a single event log containing no video data, no metadata about your file's contents, and no identifiable information about your patient. The video itself is never transmitted.

Because TrimPrivate never receives PHI — by architecture, not by policy — it is not a business associate under HIPAA. No BAA is required, and no BAA is offered, because there is nothing to agree to. The vendor is simply not in the data chain.

For practices that need documented assurance: you can verify this yourself by inspecting network traffic with browser developer tools during a processing session. The absence of large outbound requests is observable and auditable.

Practical use cases: dental, telehealth, patient education

Dental practices. Intraoral camera footage, smile analysis videos, and orthodontic progress recordings are routinely shared with patients, specialists, and insurance providers. Trimming these clips to the relevant segment — removing pre-procedure setup or post-procedure idle time — is a common administrative task. Because dental footage clearly identifies the patient and relates directly to treatment, it is unambiguously PHI. Browser-side trimming with TrimPrivate lets dental staff edit and export clips without moving footage outside the practice network.

Telehealth recordings. Many telehealth platforms allow session recording for documentation purposes. Practices may need to extract a specific segment — a consent acknowledgement, a symptom description, a prescription discussion — for the clinical record. These recordings are PHI by definition. Trimming them in a cloud editor would transfer the entire session recording, including all patient disclosures, to a third-party server. Browser-side trimming processes the file locally and exports only the relevant clip.

Patient education content. Some practices record custom education videos featuring their own patients — post-procedure instructions, physical therapy exercises, dietary guidance. When these recordings show identifiable patients, they are PHI. Even if the editing need is minor (removing a false start, trimming dead time at the end), using a cloud editor creates a compliance exposure. Browser-side trimming handles these edits with no external transmission.

Administrative and training footage. Security camera footage from clinical areas, staff training recordings that capture patient interactions in the background, and any internally recorded footage that shows patients or clinical workspaces may contain PHI. The safest default for any video recorded in or around a clinical environment is to treat it as PHI and edit accordingly.

Frequently asked questions

Is uploading a patient video to Google Drive a HIPAA violation?

It depends on your setup. Google does offer a HIPAA-compliant Workspace tier with a signed BAA, but even then you must enable specific security controls. If you are using a personal Google account or a standard Workspace plan without a BAA, uploading patient footage is a HIPAA violation. Most practices are not operating under a signed BAA with Google for Drive specifically.

Does Clideo or Kapwing offer a BAA for healthcare providers?

Neither Clideo nor Kapwing publicly offers a Business Associate Agreement for healthcare customers as of early 2026. Without a BAA, uploading PHI — including patient video footage — to these platforms is not permissible under HIPAA.

What is the penalty for uploading patient video to a non-HIPAA-compliant service?

Civil penalties range from $100 to $50,000 per violation, up to $1.9 million per violation category per year. If the disclosure is considered willful neglect, the minimum penalty is $10,000 per violation. OCR has levied multi-million dollar settlements over far less egregious incidents than third-party disclosures of video PHI.

Do I need a BAA to use TrimPrivate with patient footage?

No. Because TrimPrivate processes video entirely inside your browser using FFmpeg.wasm — and never transmits your file to any server — TrimPrivate does not handle PHI on your behalf. There is no third-party data processor in the chain, so no BAA is required or relevant.

Can TrimPrivate be used offline?

Yes. After the first visit, the FFmpeg.wasm binary and interface assets are cached by the browser. Subsequent sessions can run without an internet connection. Processing always happens locally regardless of network status.

Trim patient video without leaving your device

No upload. No server. No BAA required. Free tier: 3 exports/day, no account needed.

Try TrimPrivate free →