HIPAA Compliance & Amazon Alexa

Amazon already is HIPAA compliant in relation to its cloud platform AWS and is eager see have voice recognition technology used more widely in the healthcare sector. However, before the true potential of Alexa can be garnered, Amazon must first make Alexa HIPAA compliant.

Alexa certainly has massive potential in healthcare. Alexa could be used by medics to transcribe medical notes or as a virtual assistant in physicians’ clinic. Alexa is, at present, used in around 30 million U.S. homes, and the technology could easily be used to remotely review patients. The technology could also help to keep patients more involved in their own healthcare.

Some healthcare groups have already started testing with Alexa. WebMD has developed an Alexa skill to deliver some of its web content to consumers via their Alexa devices at home. Beth Israel Deaconess Medical Center (BIDMC) has run a pilot scheme to test Alexa’s capabilities in an inpatient setting, although not using real patient data. That pilot produced highly promising results. BIDMC plans on using Alexa in a clinical setting, once appropriate safeguards have been incorporated and when Amazon is open to signing a business associate agreement (BAA).

Boston’s Children’s Hospital (BCH) is also testing the use of Alexa to provide information to its clinical workers, although, without a BAA, only with non-identifiable health information currently. BCH has also created an Alexa skill called KidsMD, which permits parents to ask about medical conditions and obtain guidance on basic health conditions.

Earlier this year, Merck asked developers to come up with new methods of using Alexa to assist patients with diabetes. The Alexa Diabetes Challenge, kicked off in April 2017, was developed to help improve the lives of patients diagnosed with type 2 diabetes – around 27.5 million people in the United States.

Effective treatments are available, and along with lifestyle alterations, patients can live long and healthy lifestyles. However, self-management of the condition can be difficult, especially for people who have recently been diagnosed with the disease. Amazon sought submissions of patient-centric solutions that use Alexa voice recognition technology to help patients. The winner of the challenge will be revealed later this month.

Last month, Oxana Pickeral, Global Segment Leader for Healthcare & Life Sciences at Amazon Web Services, admitted that HIPAA was an issue that needs to be addressed before Alexa could be widely used in the healthcare sector.  She said that the Diabetes Challenge has helped to demonstrate the power of the technology. Pickeral remarked, “While Alexa and Lex are not HIPAA-eligible, this [Diabetes Challenge] has provided us an opportunity to envision what is possible.” Amazon is now reviewing the requirements of HIPAA for Alexa, as it did with AWS.

As a result of the work it has completed on AWS, all the basics are all in place, but until Alexa, and the Lex platform on which it is based, incorporate proper safeguards to meet the requirements of the HIPAA Security Rule, the voice recognition technology cannot be implemented by HIPAA-covered entities in conjunction with protected health information.

Amazon is certainly shifting toward making Alexa HIPAA-compliant, but until it is willing to complete a BAA and abide by HIPAA Rules, Alexa cannot be used in a healthcare setting with any identifiable health data.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.