Embedded Video (Beta)

Freshpaint integrates with your Wistia and Vimeo embeds to prevent PHI from being exposed

Why Are Videos Important?

The Freshpaint Video Proxy is a service that can be used to comply with HIPAA when using embedded videos hosted by third parties such as Wistia or Vimeo.

Let's take Vimeo for example. With the out-of-the-box Vimeo embed, the end user’s computer will download the video directly from Vimeo's servers. This will expose the user’s IP address to Vimeo. If the user is viewing a video about a specific medical condition, Vimeo will have both an identifier (IP address) and health information about the user resulting in exposed PHI.

Supported Video Providers

  • Vimeo

  • Wistia

How Does the Video Proxy Work?

With the Freshpaint Video Proxy, you replace the out-of-the-box Wistia or Vimeo embed URL with a Freshpaint embed. Instead of downloading the video directly from the respective service, the Freshpaint embed will first route the video download request through Freshpaint’s servers. This will result in the user’s IP address only being exposed to Freshpaint. On Vimeo/Wisitia's end, all they will see is that a user fetched a video through the Freshpaint’s servers, but Vimeo/Wistia won’t be able to see any identifying info about the user.

Vimeo

In order to embed Vimeo videos via the Freshpaint Video Proxy, you must do the following:

Here is how you would swap out a Vimeo embedded video for a Freshpaint embed:

Your video embed tag should look like the following:

<iframe src="https://player.vimeo.com/video/884186872?badge=0&amp;autopause=0&amp;quality_selector=1&amp;player_id=0&amp;app_id=58479" ...></iframe>

Identify the following pieces of information:

  • freshpaint_video_proxy_domain which will be provided to you

  • video_id, which comes after the /video/ in the src attribute (in this case 884186872)

  • env_id, which is the Freshpaint environment ID used on your site. You can get it from the Server Side API section on the sources page of the Freshpaint app.

Please note that if you add additional Freshpaint environments, each individual environment ID must be added. Contact your account manager for details.

Then, replace the src attribute like so:

<iframe src="https://<freshpaint_video_proxy_domain>/vimeo/embed/<env_id>/<video_id>" ...></iframe>

Wistia

Swapping out Wistia embeds works similarly to Vimeo, with the additional requirement that your Wistia Account Owner must generate an access token for Freshpaint to use. Freshpaint requires access to "Read all project and video data".

Here is how you would swap out a Wistia embedded video for a Freshpaint embed if you have a Wistia embed that looks like either of the following:

<div class="wistia_responsive_padding" ...>
    <div class="wistia_responsive_wrapper" ...>
        <iframe src="https://fast.wistia.net/embed/iframe/ozabj902md?seo=false&videoFoam=true" ...></iframe>
    </div>
</div>
<script src="https://fast.wistia.net/assets/external/E-v1.js" async></script>

OR

<script src="https://fast.wistia.com/embed/medias/ozabj902md.jsonp" async></script>
<script src="https://fast.wistia.com/assets/external/E-v1.js" async></script>
<div class="wistia_responsive_padding" ...>
    <div class="wistia_responsive_wrapper" ...>
        <div class="wistia_embed" ...>
            <div class="wistia_swatch" ...>
                <img src="https://fast.wistia.com/embed/medias/ozabj902md/swatch" .../>
            </div>
        </div>
    </div>
</div>

Identify the following pieces of information:

  • freshpaint_video_proxy_domain which will be provided to you

  • video_id, which comes after the /embed/iframe/ in the src attribute of the iframe, or after the /embed/medias/ of the script tag (in this case ozabj902md)

  • env_id, which is the Freshpaint environment ID used on your site. You can get it from the Server Side API section on the sources page of the Freshpaint app.

Then, replace the src attribute and remove the <script> tag like so:

<iframe src="https://<freshpaint_video_proxy_domain>/wistia/embed/<env_id>/<video_id>" allowfullscreen ...></iframe>
<!-- delete this line <script src="https://fast.wistia.net/assets/external/E-v1.js" async></script> -->

Alternatively, your Wistia embed might look like the following

<iframe src="https://embed-ssl.wistia.com/deliveries/91fe38bd899bd7697c6047953854ceac3b8b4848.bin" ...></iframe>

In this case, replace the src attribute as follows:

<iframe src="https://<freshpaint_video_proxy_domain>/wistia/deliveries/91fe38bd899bd7697c6047953854ceac3b8b4848.bin" ...></iframe>

Verify your implementation

In order to be fully HIPAA compliant, you'll need to verify that the third party video provider has been completely removed from your site. Ensure that any additional tags such as video thumbnail tags or additional script tags have been removed. To check your work, you can open your browser's developer tools and look at the Network tab. If you see network requests being made to the third party, then you'll need to find the tag on your site that is initiating that request and remove the tag.

Questions?

For questions, please contact sales@freshpaint.io.

Last updated