As suggested, your best solution is to store the videos outside of the web directory. Store data about the videos in a database. I would store an id number (unique for each video), video name, video title, video length, video size, video owner, video file path (not to be seen by the public) and anything else that would enhance a search feature. In another table I would store permissions for each video. In that table I would store a row number (unique for each row), video id number (from first table), permission value (could be "yes" or "no"). I would also have a table for authentication. When a user tries to access a video within a private directory, you can check to see if they have access rights/permissions. If they do, pull the file path from the first table and use PHP to display the video in their browser. If they don't, direct them to a permissions denied page.
Also, I suggest a file tree like this (hope this aligns properly):
The whole Videos directory will be outside of the web path which prevents people from accessing the videos with a direct URL. There are other options for adding security to the institution directories as well.
Just my 2 cents,