Can you Configure Amazon Alexa in a Entity to be HIPAA Compliant?

HIPAA compliance is already provided by Amazon for its cloud platform AWS and the group is aiming to increase the use of the Alexa voice recognition technology within the healthcare sector.

There is great potential for Alexa to make a lot of workflows much more streamlined in healthcare. The transcribing of medical notes by doctors or the configuration of a virtual assistant to help speed up admissions are just two examples of how it could be used. The most recent research indicates that Alexa has been introduced in approximately 30 million U.S. homes. In all of these home if might be a simple step to use the tech to remotely monitor patients and allow increase engagement from patients in relation to their own healthcare.

However, in order for the successful integration of the technology into this sector the first step that must be to ensure that it is HIPAA compliant.

The implementation of Alexa has already been initiated by groups including:

  • WebMD: to send a portion of its web content to consumers
  • Israel Deaconess Medical Center (BIDMC): To conduct a pilot scheme to test Alexa’s capabilities in an inpatient setting. Further integration is planned once Amzaon integrates more security controls and commits to signing a business associate agreement (BAA).
  • Boston’s Children’s Hospital (BCH): The group is using clinical staff to test Alexa fo r sharing information. As there is no a BAA the test only involves non-identifiable health information. There is also the development of an Alexa skill called KidsMD where parents can enquire regarding medical conditions.
  • Merck: The Alexa Diabetes Challenge was kicked off during April 2017 in a bid to enhance the lives of patients diagnosed with type 2 diabetes. Amazon encouraged entries detailinf patient-centric solutions that use Alexa voice recognition technology to help those being treated.

Speaking about the challenges faced in achieving HIPAA compliance for Amazon Alexa the Global Segment Leader for Healthcare & Life Sciences at Amazon Web Services Oxana Pickeral said, “While Alexa and Lex are not HIPAA-eligible, this [Diabetes Challenge] has provided us an opportunity to envision what is possible.”

The fundamental requirements exit for Alexa to be HIPAA compliant but until the Lex platform i srecongifured to allow adequate safeguards for compliance with the HIPAA Security Rule implementation is not possible when dealing with protected health information. It is clear that Amazon is trying to make Alexa HIPAA-compliant. However until it is willing to sign a BAA and adhere with HIPAA Rules, Alexa must not be deployed in a healthcare setting with any identifiable health information.